Native SSO: Desktop and Mobile Apps Single Sign-On

This is more of a platform capability question. Here is a quick answer on iOS. There are two ways to display web content in iOS:

  • UIWebView or WKWebView: you can share cookie between the native app and the web container, e.g., through NSHTTPCookieStorage. So you can pass device_secret from native app to the web container, and launch a javascript in the web container to read the device_secret cookie and exchange it for tokens.

  • SFSafariViewController or ASWebAuthenticationSession: these are designed as isolated embedded browsers, which do not share anything with the native app, so you cannot share device_secret through cookies. There might be other ways to pass device_secret that I am not aware of yet.

1 Like