We are developing a native mobile app (android an iOS versions) integrated with okta. The apps are for internal use of the employees of the company an the business requirements are quite simple:
1.- Login with OKTA
2.- PUSH notification (firebase)
3.- API REST service to list company statements
4.- Links to the different corporate applications (embebed in web views)
The main problem we are facing is the Single Sign On. We are not able to maintain session after login when switching from one vebview (ie intranet) to another (trainning application).
We have been told to try with hybrid development, but we have found the same problems with React native and Ionic.
We are using in both, android and iOS developments, okta’s OIDC SDK: https://github.com/okta/okta-oidc-android
What we need to clarify, since the library apparently does not provide any method to get a webview with a session cookie established, is how to maintain sessions, or handle session storage.
What we have done so far:
We do not have access to the internal webview provided by the library unless we modify it so, in order to maintain the sesssion, we set up our own webview (with okta authentication) in sigleton mode and shared datStore. We do that to try not to lose the cookies and allow them to be shared between webviews.
We log-in through the Chrome Custom Tab provided by the library. As with iOS, we would have to modify the library to keep the webview instance where we open the applications, being the logic of sharing cookies similar. Regards,
Is SSO possible in this scenario? How?
Any help would be really appreciated.