We have a use case where we want to able to add Okta authenticated webview inside of our native iOS app. When using the AppAuth for iOS the user is redirected to login via a SafariView. We are not using the SafariWebView in our embedded webview since the SafariWebView has all of the navigation components in it and therefore does not have a seamless experience for the user. We are therefore using a webview which does not share a cookie store with Safari. So it requires the user to have to login again when they bring up the webview.
We could pass the access token from the Native App to the webview through messaging but then is no way for the web app to refresh the token and it is coming from the client id of the Native App (less than ideal).
Another approach is to do something similar to above but use the device code flow and pass the device code instead. In this way the web app is able to get an access token using its own client id.
How have others solved this problem? Do you see problems on using the device code flow for this?