Silent login within embedded iframe

Hi Folks. I’ve got an untrivial issue here, but perhaps somebody faced it before, or at least you can point in the right direction. Please advice.
There’s a mobile app and a web app - both are powered by keycloak authentication set up for different clients. Let’s call them “react-native-client”, “web-app-client”.
The mobile app has a simple login process set up with a username/password.
At some point, a mobile app refers to some private page of a web app within an embedded iframe.
The issue is that to reach the web app page user has to log in within the iframe which makes poor user experience.
The aim is to provide a frameless experience when opening the iframe - so that the user would not have to log in again within the iframe.
Is there a way to receive tokens for another client within a different domain and initialize keycloak-js-adapter with these tokens? Or with sharing the same keycloak client between these apps? Or maybe there’s a totally different way doing this?

You need to utilize SSO feature. So “react-native-client” must initialize SSO session (e.g. OAuth 2.0 Authorization Code with PKCE Flow) first and then iframed web app “web-app-client” must initiliaze own auth flow (without user interaction, e.g. user click on login button for better user experience) against the same IDP (Keycloak). There is opened SSO session, so IDP will issue code (token) without asking for login/password.

BUT: browsers are very picky on the security these days and that embeded iframe is special case for the security, so you may need special IDP/app config (e.g. samesite for the cookies) and you need to test on different browsers, because it may work fine in one browser, but it may be blocked in another browser. I was doing this as POC with iframed Grafana and Azure IDP, but I wouldn’t recommend it - you may expects problems in the future, when browsers will have more strict sec. rules for this kind of hacking.