User16082213330416850025 (Customer) asked a question.
Hello,
We have several web apps and several mobile apps that all use Okta. We are trying to consolidate it down to a single mobile application.
I am creating a proof of concept that will create a single native app and it will allow the user to load the relevant web view of whatever they are trying to access. E.g. the user could select payments, this will load the payments app in a payments web view.
Currently, whenever I load a web view, I see a login screen. This is happening because the native app sign-in is not creating an Okta session that is available within the web view. When we make a call to authorize within the web view, there is no Okta session to authenticate against and the user is kicked back to the login screen.
I am struggling to understand my options here. The idea I am toying with is the native app could store the user's credentials on the key chain with a biometric check. When the user selects a feature, the native app would generate an access token for that app using the stored credentials. I think I can then inject the token into the web view's session storage and maybe that would work. The native app would manage the session, periodically updating the token within the web view's session storage. I am not sure if this is a good idea or a terrible one.
Is there a better approach to this problem?
Hi, @User16082213330416850025 (Customer)
Thank you for posting on our Community page!
Here is a previously answered post related to your use case: https://devforum.okta.com/t/sharing-active-session-between-native-mobile-apps-and-spa/12587
Furthermore, I would suggest opening a Support case to have our colleagues take a deeper look into the exact architecture.
Earn Today: New Okta Community Badges Have Arrived
Community members help others by clicking Like or Select as Best on responses. Try it today.
_____________________________________________________________________________