Sharing active session between Native Mobile Apps and SPA

We have two applications which are

  1. Native Mobile App - API based authentication is implemented using custom login screen (not a browser based login).

  2. React based Single Page Web App - React based Okta SDK is used for authentication.

As mentioned above, both the apps have their own authentication. We have a requirement where the SPA is expected to be shown in a native mobile app. The end user will be authenticated in the mobile app and the session/id token is expected to be carried over to the web app, which is shown in a webview inside native mobile app. The user is not expected login again on the web app. We tried to implement this but couldn’t get it to working. Looking forward to your expert thoughts on this approach.

there shouldn’t be a need for re-authentication as long as both applications are able to access the okta session cookie that would be stored in the webview

while an okta session is active you can silently request tokens for your second app

let us know if the below guide is helpful in your scenario