Automatically Authenticate with Web Application from Mobile App

[cshouts-tasc]

Category: Auth Service: Cognito

We would like to add a WebView to our iOS and Android apps that will open our web application and automatically authenticate without prompting the user for any credentials. All of the applications are using the same Cognito User Pool and the Amplify library for authentication.

Our initial idea was to pass the AccessToken, IdToken, RefreshToken, Username, Device Key, and Clock Drift from the mobile apps to the web application by executing JavaScript in the context of the WebView. Unfortunately we could not find a reliable way to access the Device Key and Clock Drift (aka Clock Skew) in the iOS and Android apps to provide them to the WebView.

We also considered utilizing a custom authentication flow but would prefer to avoid the time, expense, and ongoing maintenance associated with maintaining the custom authentication server-side code.

What is the best way to achieve our goal of seamless authentication from a mobile app into a web application using Cognito?

Note: Although we are using the Amplify library, we are not using the Amplify CLI or the Amplify Console because we adopted the Amplify library while using an existing User Pool.

[matamicen]

We are trying to do the same, any ideas?
@powerful23 @elorzafe @sammartinez Did you work on this solutions before?

Thanks!

@elorzafe @sammartinez

[sammartinez]

Thanks for this feedback, this isn't possible in our current design but I am marking this as a feature request to consider for future implementations.

[morris14]

Did anyone get anywhere with this? We are after the same solution.

[cesararevalo]

Looking for the same solution, is there an update on how to do this? or whether it is possible to do it from the current implementation?