I was wondering is there is a solution for getting Webviews in a React native app to work using the same SSO session started by Authsession (which uses Webbrowser).
It seems that Webbrowser and Webview don’t share context. We are building an app that uses Auth0 for logging in and in the app itself there are several embedded Webviews that are also using the same SSO provider.
One solution I came across described here [WebView should use same cookies as fetch
This tries to inject Javascript into the Webview and recreate a cookie, but this seems like a hack and Apple will probably reject this if this even works with SSO cookies.
Any thoughts on this are appreciated.
This doesn’t seem all that hacky IMO. I don’t get why they’re putting it in an event handler. I would just set the cookie directly in the injected JavaScript. I don’t see a reason for Apple to reject this. WebView’s cookie jar is isolated to the app. Apple doesn’t let you authenticate via a WebView (so you can’t hijack credentials you shouldn’t have access to), but your app is allowed to interact with your session token/ cookie and is allowed to use it within the app for subsequent requests.
UPDATE: Scott P. on Slack noted that the injected javascript runs after the page loads, so you need to trigger a reload in order to get your cookie update to take effect on all future requests.
Sorry to pull up a 2 year old post, but I thought I had a plan until reading it. 
WebView’s cookie jar is isolated to the app. Apple doesn’t let you authenticate via a WebView (so you can’t hijack credentials you shouldn’t have access to)
Is this really the case? (Apple will reject if auth is done in a WebView).
Basically we have a collection of Web applications which users are auth’d for via SSO (OAuth/OIDC). While the majority of the mobile app won’t be WebViews, letting the user sign in via one seems like the cleanest route to be able to pull in miscellaneous views across the applications and/or pull data back from their various APIs (via fetch) seamlessly – as the cookies are available in the WebViews and Fetch after login, and things “just work”.
If we have to bounce off the auth server using a AuthSession/WebBrowser call with its user acceptance prompt and modal browser popup, and then inject things, initially each time a different application is needed that feels pretty clunky.
I hope I’m missing something here. I wouldn’t mind a one-time AuthSession/WebBrowser login, but for SSO across multiple (different) applications I don’t see how that’s possible.
I’m brand new to RN & Expo, so any advice or thoughts would be appreciated!
-James