Transferring Auth0 Login Session from Android/IOS application context to webview opened within application

Here is my scenario: I am working on a mobile application that relies on webviews for some functionality. I would like to be able “transfer” the auth0 session from the mobile app context to the webview. The web app that is loaded in the webview is configured with ‘localStorage’ as the cache location. My initial instict is to attempt to inject a localStorage entry into the webview before loading the web app.

I am wondering if this is a terrible idea and/or if there are best practices for dealing with a situation like this.

Thanks,
Paul

bumping my question – hopefully someone else has dealt with a scenario like this.

I am facing this exact same usecase described here : How to enable SSO login from ios native app to a webview - #6 by romain.billot

Can’t find real good solution.

Hey there @romain.billot and @paulsevere!

I’m curious to know where you’ve landed on this - Unfortunately, as you’ve noticed, there really isn’t a good solution with regards to sharing a session between native apps and a webview/web app.

I will say that after a bit of internal research, the consensus seems to be that the “safest solution” might be to simply maintain entirely separate sessions. 1 at the Native app, and 1 at the web app where the web app has a an extended session to begin with (3 days for example). Once the user’s session expires at the web app they will need to re-authenticate, so this doesn’t make for an entirely seamless solution, but it at least cuts down on the number of times a user has to enter credentials. This basically boils down to no collaboration between the webview and mobile app.

This is a longstanding issue for which there is no real solution - Unfortunately the risk associated with attempting to share sessions in this context really limits what’s possible.

Wish I could be of more help!

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.