Silent login is a method used to obtain a new authentication token without disturbing the user, typically when the user is already logged in and has an active session. It is particularly useful in Single Sign-On (SSO) scenarios and applications that need to maintain the user’s logged-in state.
When multiple applications share the same identity provider, silent login can maintain the login state as the user switches between applications without requiring each application to individually use a refresh token.
Session Restoration:
After the user closes the browser or tab, silent login can check and restore the user session when the application is reopened, eliminating the need for the user to manually log in again.
Token Refresh:
When the user’s access token expires but there is still an active session, silent login can transparently obtain a new access token without requiring the user to re-authenticate.
Dependent on Browser Session State: Silent login relies on the browser’s session state (e.g., cookies). If the session expires or is deleted, silent login will not function.
Example Silent Login Request URL
Copy
Ask AI
https://login.futureverse.dev/auth?response_type=code&client_id=YOUR_CLIENT_ID&redirect_uri=http://localhost:3000/callback&scope=openid&code_challenge=CODE_CHALLENGE&code_challenge_method=S256&state=STATE&nonce=NONCE&response_mode=query&prompt=none&login_hint=<the target eoa usually coming from current login>