Greetings
In our company we are currently running about 4 web apps and 2 native aps(and growing) for iOS(Swift) and Android(kotlin)
Each application has its own application setup on the tenant and is also divided by technology example app1-web app1-ios app1-android
So far so good we have managed to enable SSO between them all (also using universal login) however we are facing an issue on native android and iOS due to the nature of the cookies used for SSO
We understand these are only generated when the login prompt is instanced wether it has or not been set to prompt none and therein lies our issue with UX having to ask the user confirmation if we want to renew these cookies…
The goal product has is that if you login in an app and your session is valid you should be able to be automatically logged in on our other apps
So here are some questions
-
Is there any non-intrusive(no popus no sheets) way to update this cookie?, if not is there any way we can use valid session tokens in order to force the login to recognize our tokens as they would a cookie?
-
What is the maximum lifetime that can be set for a cookie? asuming the question above cannot be achieved we would have to set up a cookie lasting for about 1-3years so we can as said… have a single sign on
-
Lets supose both of the above cant be achieved… how bad of an idea would it be to have our native applications store their tokens in a shared keychain so that we only keep a set of tokens and both applications run on those
Thanks for reading and any help you can provide