Silent authentication on mobile devices

Hi!

Context
Our client uses Auth0 and has ID token expiration time set to 1 week. Users sign in to our application using its Auth0.

What we want
When ID token expires, we want to verify that the user still has an active session in Auth0. Silent authentication sounds like a perfect solution for doing that seamlessly, in the background.

Problem
We don’t know how to do it on mobile devices. Browsers keep sessions, so it’s easy to do it there. But mobile devices have no way of knowing if user is still signed in in Auth0. Our users can sign in on their mobile devices using authorization code flow, but this works only because it requires user’s interaction, which gives as code as a result. After that how can a mobile device know that there is still an active session in Auth0?

Hi @kacper,

Silent authentication is typically used in browser apps, like SPAs. We usually implement refresh tokens in native apps. This allows an app to get new tokens without prompting for credentials.

Let me know if this is what you’re looking for.