Mobile login to seperate API silently

Hi.
We have a native app (on iOS) that already logs in to our existing backend using Auth0 (And the Auth0.swift SDK). The call to WebAuth launces a browser, the user logs in and we get the needed tokens back.

Now we have a new API (that we also control) that is registered to our Auth0 account. The audience value is different than the first API.

How can we get a token that will talk to the new API without showing the user a new login screen?

We have tried calling WebAuth with the new audience (and parameter ["prompt": "none"]) to a second call to WebAuth, but that just fails with “Login required”. (Infact calling WebAuth on exactly the same audience also returns “Login required” with ["prompt": "none"] which makes us think that WebAuth has no idea of what active sessions, or credentials are available.)

Any help around this would be appreciated.

Thanks

Hello there @diederik and welcome to the community!

As far as I’m aware this isn’t possible regardless of platform - If the audience needs to be changed, then users will need to re-auth.

With a native app in general, you should consider looking into using refresh tokens if you haven’t already. Some more on managing credentials in Auth0.swift here:

OK thanks, we suspected so. We were looking for a getTokenSilently for mobile, but it doesn’t seem possible from what we have seen.

We ended up mergeing our API to a logical one as described here.

1 Like

Great! Thanks for following up with the community :slight_smile: