I am working on building single sign on for both a web app (ASP .NET) and a mobile app (Xamarin). Is there any reason that I cannot / should not share one Auth0 Native app between the two? I have been able to authenticate users for both the web app and the mobile app using a single Native app, but I want to make sure that is okay.
As far as I can tell the only difference between them is the use of PKCE which to me seems to be fine for both web apps and native mobile apps.
I believe this should be OK as long as they are the same logical app - You could also achieve this with 2 separate applications sharing the same connections as well. Typically, the major difference between a native app and web app is the fact that native apps are public clients where as web apps can be confidential - You definitely want to make sure credentials aren’t exposed in the native app. Some more on public vs. confidential clients here: