Skip to content
  • Auth and access
  • Manage authentication

Authenticated sessions across multiple applications

Kinde supports shared authenticated sessions across applications. For example, in a scenario where you have multiple apps running on separate subdomains, and you want to share a session between apps without prompting the user to sign in again.

Session cookies

Link to this section

On the first sign in, Kinde creates an SSO cookie for the authenticated user. Until this cookie expires or you request that the user signs in again (using the prompt parameter), all your apps can initiate sign in requests without prompting.

Offline scopes and refresh tokens

Link to this section

If you include an offline scope in your request, you can maintain long-running sessions via refresh tokens. This works both in back-end apps and in web apps.

Kinde supports short-lived refresh and refresh token rotation for increased security of browser-based and mobile apps. In this case, on page reload, the SDK will resume the session via the refresh token exchange.

About refresh tokens

See also multi-domain authentication.

Set up overview

Link to this section
  1. Create two or more Kinde apps.
  2. Enable the same authentication method for both apps.
  3. In each app, create a link to the other app using the applicable login method. You might do this using an application switcher, for example.
  4. Sign in to one app.
  5. Select a link to sign in to the second app. You should be signed in to the second app without re-authentication.

Say you are signed into your Admin app and want to switch to the Employee app. Here’s how it might look.

As long as an authenticated session exists, users should be able to move seamlessly between applications.