I have a scenario where multiple mobile applications (app1 and app2) are using the same database connection as the user store. If a user is actively authenticated through app1 and then navigates to app2 on the same mobile device, can the second app leverage that active session without prompting the user to re-authenticate? Please let me know. Thank you.
Welcome to the Auth0 Community!
I have to check this internally, but it should be possible if both mobile applications are installed on the same device and use the same database connection for user authentication.
This can be done by utilizing shared session storage or by using the same authentication provider configuration.
Here are some mechanisms that can allow this:
- Silent Authentication: When app2 is launched, it can make a silent authentication request to Auth0. If the user is already authenticated on app1, and if the session is still valid, Auth0 can respond with a token without requiring user interaction. Configure Silent Authentication
- Token Sharing: Rather than sharing tokens, I think SSO would do what you want here. Single Sign-On
- Same Cookie or Session: If app1 and app2 share the same web domain and are leveraging browser-based authentication with cookies, the session cookie from app1 could allow app2 to recognize the logged-in state when making requests. Cookies
Sharing authentication state poses risks, so ensure that the use cases are well-defined, that you validate users correctly, and that your apps maintain secure storage practices for tokens and session data.
Some reference information:
- Native Mobile App Creation for iOS and Android
- Sharing Auth0 session between native app and web views
Thanks,
Timotei
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.