Silent authentication issue

[DorianSaboBM]

Hi,

I'm using this plugin for login/registration and step-up (2FA) authentication, and until now everything works fine :) I'm using the refresh token rotation so the user is always logged in (in theory). The problem is when the user needs to complete the 2FA authentication, the APP -> AUTH session is lost. As I understood the best way to avoid this is to use Silent authentication .

This is the code I use for the silent authentication and it works fine, but the problem is that the plugin will open a webview for a second and close it, and on iOS it will ask for permission to open the webview.

    final AuthorizationTokenResponse response = await appAuth0.authorizeAndExchangeCode(
      AuthorizationTokenRequest(
        AppConfigStrings.auth0ClientID,
        AppConfigStrings.auth0CallbackURI,
        promptValues: ["none"],
        issuer: AppConfigStrings.auth0Issuer,
        scopes: ['openid', 'email', 'profile', 'full-access'],
      ),
    );

How can I avoid the opening of the webview browser if that is even possible? Is there a way to do a silent authentication the same way as the token refreshing works (refresh the token in the background without the need to open the webview browser)?

[MaikuB]

A browser is always involved. This isn't to do with how the plugin works (i.e. this is not an issue with the plugin) but how OAuth 2 flow works. You could find more detailed answers elsewhere given it's not specific to this plugin e.g. https://community.auth0.com/t/silent-authentication-using-the-auth0-sdk-to-obtain-access-tokens-for-multiple-apis/21299