Kinde supports shared authenticated sessions across applications. For example, in a scenario where you have multiple apps running on separate subdomains, and you want to share a session between apps without prompting the user to sign in again.
On the first sign in, Kinde creates an SSO cookie for the authenticated user. Until this cookie expires or you request that the user signs in again (using the prompt parameter), all your apps can initiate sign in requests without prompting.
If you include an offline scope in your request, you can maintain long-running sessions via refresh tokens. This works both in back-end apps and in web apps.
Kinde supports short-lived refresh and refresh token rotation for increased security of browser-based and mobile apps. In this case, on page reload, the SDK will resume the session via the refresh token exchange.
See also multi-domain authentication.
- Create two or more Kinde apps.
- Enable the same authentication method for both apps.
- In each app, create a link to the other app using the applicable
loginmethod. You might do this using an application switcher, for example. - Sign in to one app.
- Select a link to sign in to the second app. You should be signed in to the second app without re-authentication.
Say you are signed into your Admin app and want to switch to the Employee app. Here’s how it might look.
As long as an authenticated session exists, users should be able to move seamlessly between applications.
Authentication and access