I work in an app that has a companion Apple Watch app.
Previously, we used a token for authenticate request that didn't really expire, now we are fixing this and using an OAuth provider for the authentication token.
Now, with the username/password of the user we get an OAuth token for the iOS app. We can refresh the OAuth token only once, after that, the refresh token gets invalidated. That's not a problem for the iOS app as we get a new access/refresh token.
In the case of the watch app. I'm curious which kinds of strategies do people use to authenticate the user in the watch app.
Previously, we just shared the non-expiring token via watch connectivity and that was good enough. Now we won't be able to do that with the iOS app's OAuth token, as we can only use the refresh token once. So sharing that token between 2 apps doesn't work.
I wonder what people use in this situation? specially for users that are already logged in, so we cannot get an independent token for the watch app with the username/password combination.
- how do you use OAuth between the iOS and watchOS apps?
- which oauth flows do you use in your apps?
- how would you solve this case?
thanks!