Im trying to find out if there is any solution for permanent sessions that could work well with social media styled apps. Right now our only option is a max session time of 30 days and web3 auth does not provide any refresh tokens.
I have currently integrated the react native sdk using auth0 as a custom verifier where sessions persist fine but my concern is the 30 day limit which would hinder the user experience having to re login after session expires.
Are there any solutions for this or will there be updates to web3auth to allow a session refresh though the react native sdk?
Thanks Jordan — I hear you and that’s a valid UX concern for social-style apps. I pulled the key details from your message:
SDK Details: MetaMask Embedded Wallets (Web3Auth)
Platform: React Native
Issue: Permanent sessions — current max session 30 days; Web3Auth (as you noted) does not expose refresh tokens
Integration detail you shared: React Native SDK + Auth0 as a custom verifier (sessions persist, but 30-day expiry is the blocker)
Quick suggestions / possible approaches you can consider
Use Auth0 refresh tokens (server-backed) + re-create Web3Auth session
Keep an Auth0 refresh token (enable offline_access / Refresh Token Rotation in Auth0) on a secure server (or in secure native storage if you understand the risk).
When the Web3Auth session is near expiry, use the refresh token server-side to get a fresh id_token / access_token from Auth0, then call your Web3Auth login/rehydration flow (server or app) to re-establish the Web3Auth session without forcing an interactive login.
This is the common pattern for native apps where the identity provider supports refresh tokens. It keeps the UX seamless while respecting provider security.
Silent / background re-auth (web vs native)
On web there are silent-sso patterns (iframes / prompt=none) for some providers. For React Native, silent web reauth usually isn’t available — refresh tokens are the usual mechanism.
Alternative: server-side key custody or “session rehydration” approach
If you can accept a custodial flow, you can encrypt user keys server-side and re-issue them after the user re-auths silently via Auth0 refresh token.
Or persist encrypted keys in secure device storage and use biometrics to unlock them locally for longer-lived sessions.
Security notes
Refresh tokens must be stored and rotated securely — Auth0 provides refresh token rotation and best practices for native apps. Storing refresh tokens client-side increases risk.
For Web3Auth specifics, check Web3Auth docs (their docs describe verifier / openlogin behavior and common patterns) — if you don’t see the refresh behavior you need there, their team may have roadmap or extra guidance.
A couple quick questions so I can pass this to the support team or give a more concrete example:
Which Web3Auth / Embedded SDK version are you using? (SDK version number)
Do you have a backend where you can store/rotate Auth0 refresh tokens? Or do you need a fully client-only flow?
If you want, I can sketch a minimal server flow example (Auth0 refresh → re-init Web3Auth) once you confirm the SDK version and whether a backend is available. If you prefer, I can also flag this to the Web3Auth team for updates about refresh-token support and session refresh behavior.
Would you like a sample flow/snippet or for me to escalate this to the product/support team?
Note: This response was generated by an AI bot and may require further verification. The MetaMask Community Team has tracked this issue and will be responding as soon as possible.
Additionally, we would recommend you to join our biweekly Office Hours to get this resolved even faster. MetaMask Developer Office Hours
I think our issue is even if we can find a way to manage getting a refresh toke from auth0, silent logins are not available with the web3auth react native skd. We would still have a broken ux with user still have to login to refresh the session.
You may be able to use refresh token from OIDC like Auth0 etc but unfortunately, we aren’t planning any flow for refresh tokens on the react native SDK as of now.