Hello João!
I have a question regarding the login process for the mobile apps.
When I use the desktop IdP component, after a first successfull login, I don't need to re-authenticate everytime, as it's expected. I believe there is some Azure token that is automatically refreshed/renewed from time to time.
But in the mobile pass, I'm not experiencing the same behaviour. Every time my session expires, I need to go through the whole login process again, what in my case includes not only my credentials, but also an MFA tool, what is not good in a UX point of view.
Did I miss some configuration in the component? Or is this the expected behaviour in a mobile app?
I'd appreciate your help.
Thanks in advance.
On desktop, IdP uses browser cookies and Azure AD silent token renewal, so user stays logged in without re-authentication.
On mobile, it behaves differently because WebViews do not share cookies with system browser and silent renewal does not work. Once the token expires, full login is required including MFA. This is expected behavior for mobile apps using IdP with Azure AD unless refresh token flow is implemented.
What we can do here to improve UX, enable OAuth 2.0 refresh tokens in Azure AD, store refresh token securely on the device (Keychain/Keystore), and use it to renew the session without full login.