How can we make a user logged in a Mobile App also sign in to a Web app. I have a partner's mobile app that has a link to a dashboard in our web app. When consumer click on the "dashboard" link on Mobile App, I can pass user id through a query string, but I am wondering how can I make them sign in to our Web app without going through another Login screen. I have read a bit about SSO, is that right direction I am thinking towards? I see that SSO is used for multiple Web apps, but I don't know if I can leverage that concept for Mobile App and Web App scenario. If you came across any article/post describing more on this specific behavior, please share.
To achieve SSO there are prerequisites on how login is implemented. The 2 factors are identity provider session cookies and cookie jars.
LOGIN FLOWS
The general login flow is App to Authorization Server (AS) to Identity Provider (IDP). To enable SSO, users must login via the same IDP, though they can use a different AS.
ANDROID
Typically an Android app implements login using a Chrome Custom Tab. Whereas a web app is invoked in the Chrome browser. These share the same cookies.
IOS
Typically an iOS app implements login using an ASWebAuthenticationSession window. Whereas a web app is invoked in the Safari browser. These do not share the same cookies.
ADVANCED OPTIONS
An advanced option is for the source mobile application to issue a nonce at the target application's AS, then pass the nonce to the web app. My previous answer has some details on that.