Native Mobile App and Web SSO Integration Feasibility with OKTA -
We have a Native mobile app using OKTA SDK using Open OIDC Authentication approach where as our Company Web Site uses OKTA API based authentication.
In the Native Mobile Application we would like to enable SSO feature where in from the Native app , if any web site deep link opened in context of In App browser or External browser should enable Single Sign feature for the user.
Following are my queries -
Does Okta support SSO mechanism between an Native Mobile Application and Web Site application (Device browser) ?
What is the recommend SSO implementation approach between Native app and Web based application ? Any supporting example or documentation reference would help.
Can you provide any pointers or any documentation link which provide details on similar use case was addressed ? Looking forward for reply from Okta Team and Dev community.
I think the short answer is “it depends”. This is unfortunately not something that Okta can really support OOTB as there are certain mobile-specific limitations - I have however seen some successful implementations in various scenarios. Is there a specific mobile framework you are looking into? I’d be happy to share some of the information I’ve come across.
Hi tyty, thanks for the reply. Our web apps for iOS and Android are native apps which both use their respective Okta SDKs with OpenID Connect (authcode with pkce). Our web apps tend to be React SPAs which could use the Okta JS SDK.
In the first instance, we’d like a Customer to be able to click on a link in the app. This should pop a browser window and takes them to a SPA, single signing them in.
I was looking at Overview | Okta Developer using this, but suspect our session token will have expired for most users as we’re relying on longer lived refresh tokens and shorter access tokens.
Hey @gpushp, Unfortunatley not. However there’s a new early access feature Configure SSO for Native apps | Okta Developer which may do this which uses a new grant type of “urn:ietf:params:oauth:grant-type:token-exchange”. We’ll probably poke around with this but are unlikely to run it in production.
I have however seen some successful implementations in various scenarios.
Hi @tyty I’ve got a client interested in doing this at the moment, so this topic has become hot again for me. The client would like to enable SSO between iOS / Android native apps (not hybrid) and a more traditional web app, likely already using OpenID with Okta.
Could you please share some of those successful implementation scenarios?
Extend the duration of the Okta proprietary session cookie and inject this into the webview to access the web app (not preferred due to security reasons - we don’t want long lived sessions hanging around)