Silent authentication on mobile devices

kacper · April 21, 2020, 2:48pm

Hi!

Context
Our client uses Auth0 and has ID token expiration time set to 1 week. Users sign in to our application using its Auth0.

What we want
When ID token expires, we want to verify that the user still has an active session in Auth0. Silent authentication sounds like a perfect solution for doing that seamlessly, in the background.

Problem
We don’t know how to do it on mobile devices. Browsers keep sessions, so it’s easy to do it there. But mobile devices have no way of knowing if user is still signed in in Auth0. Our users can sign in on their mobile devices using authorization code flow, but this works only because it requires user’s interaction, which gives as code as a result. After that how can a mobile device know that there is still an active session in Auth0?

dan.woda · April 27, 2020, 9:01pm

Hi @kacper,

Silent authentication is typically used in browser apps, like SPAs. We usually implement refresh tokens in native apps. This allows an app to get new tokens without prompting for credentials.

Let me know if this is what you’re looking for.

https://auth0.com/docs/flows/guides/device-auth/includes/refresh-tokens

system · July 13, 2020, 10:19pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Use refresh token to keep auth0 session alive Help sessions , authentication-sessions	4	826	April 23, 2024
Session life time - extend for developer plan? Help auth0 , api	7	2801	March 21, 2020
Refresh token - Allow silent authentication Help login-experience , new-universal-login-experience	2	1268	September 27, 2023
Keeping a session alive Help sessions , authentication-sessions	0	294	March 26, 2024
Renewal of tokens in a SPA Help spa , refresh-tokens , tokens	3	7124	March 2, 2018

Silent authentication on mobile devices

Related Topics