We have a native app (on iOS) that already logs in to our existing backend using Auth0 (And the Auth0.swift SDK). The call to WebAuth launces a browser, the user logs in and we get the needed tokens back.
Now we have a new API (that we also control) that is registered to our Auth0 account. The audience value is different than the first API.
How can we get a token that will talk to the new API without showing the user a new login screen?
We have tried calling WebAuth with the new audience (and parameter
["prompt": "none"]) to a second call to WebAuth, but that just fails with “Login required”. (Infact calling WebAuth on exactly the same audience also returns “Login required” with
["prompt": "none"] which makes us think that WebAuth has no idea of what active sessions, or credentials are available.)
Any help around this would be appreciated.