We have a react native app that uses react-native-auth0. When a user clicks “log in”, they are taken to the web auth screen, where they can log in as usual. Once they log in, they are redirected to the app and the access token retrieved from that callback is used to authenticate the user.
Our app hasn’t reached full maturity which means that we still rely on a lot of web pages that we link out to. These websites also use auth0 and are on the same domain. Single sign on is enabled for this domain. On the web, an SSO session is created which means that when the user logs in on the app via web auth, and they go onto the externally linked web page, their experience will be seamless. They will not have to log in again.
On our app, we use refresh tokens and token rotation. This means that once a user logs in, as long as they visit the app every so often, the tokens will rotate and they’ll be logged into the app forever.
The problem is when the SSO session on the web expires but the user is still logged into the app due to the refresh token and token rotation. This means that the user will have to log in again when they link out to the web app.
Is there any solution to this?