Our client uses Auth0 and has ID token expiration time set to 1 week. Users sign in to our application using its Auth0.
What we want
When ID token expires, we want to verify that the user still has an active session in Auth0. Silent authentication sounds like a perfect solution for doing that seamlessly, in the background.
We don’t know how to do it on mobile devices. Browsers keep sessions, so it’s easy to do it there. But mobile devices have no way of knowing if user is still signed in in Auth0. Our users can sign in on their mobile devices using authorization code flow, but this works only because it requires user’s interaction, which gives as
code as a result. After that how can a mobile device know that there is still an active session in Auth0?