Native to Web SSO is now Generally Available

Description

Native to Web SSO enables seamless single sign-on from native mobile applications to web applications. Users authenticated in a native mobile app can now transition to web content without re-authenticating, providing a frictionless cross-platform experience.

What's New in GA

Building on the Early Access release, GA includes the following enhancements:

• Auth0 Dashboard Support: Configure Native to Web SSO directly from the Auth0 Dashboard, no longer limited to Management API configuration
• Refresh Token Metadata in Actions: Access parent refresh token metadata within Session Transfer Actions, enabling richer context for customization and security decisions during the session transfer flow
• Step-up Authentication Support: Trigger MFA challenges during the Native to Web SSO flow for enhanced security when accessing sensitive web content
• React Native SDK Support: Native to Web SSO is now available in the Auth0 React Native SDK, supporting both Hooks (useAuth0) and class-based approaches
• Organizations Support: Use Native to Web SSO with Auth0 Organizations to maintain organization context when transferring sessions from native to web
• Web SDK Integration Examples: New code examples for Auth0 SPA SDK (@auth0/auth0-spa-js) and Auth0 React SDK (@auth0/auth0-react) for receiving session transfer tokens in web applications
• Enhanced Monitoring & Troubleshooting: Comprehensive warning log events help developers troubleshoot session transfer validation failures

Core Features

• Session Transfer Tokens (STT): Native apps can request a secure, short-lived token to transfer the authenticated session to web applications
• Seamless Web Session Creation: Exchange STT for a web session without user interaction
• Cross-Platform SSO: Maintain authentication state when moving between native and web contexts
• Session Transfer Actions: Customize the session transfer flow with Auth0 Actions

How It Works

1. User authenticates in the native mobile app using Auth0
2. Native app requests a Session Transfer Token via the Authentication API
3. When opening web content (WebView or browser), the STT is included in the authorization request
4. Auth0 validates the STT and creates a web session
5. User is automatically authenticated in the web application

Benefits

• Improved User Experience: Eliminate re-authentication friction when moving from native to web
• Enhanced Security: STTs are short-lived, single-use, and bound to the original session
• Easy Integration: Works with existing Auth0 mobile SDKs (iOS, Android, React Native)

Getting Started

• Native to Web SSO Overview
• Configure and Implement Native to Web SSO
• Native to Web SSO and Sessions
• Mobile to Web Payment Flows Quickstart
• iOS SDK Documentation
• Android SDK Documentation
• React Native SDK Documentation
• Auth0 CLI
• Terraform Provider Documentation
• Deploy CLI Documentation

Availability

This feature is now generally available for all Auth0 Enterprise customers.