Auth0.swift

Swift toolkit for Auth0 API

auth0
180
158
Swift

Auth0.swift

Version
Build Status
Coverage Status
License

📚 Documentation • 🚀 Getting Started • 📃 Support Policy • 💬 Feedback

Migrating from v1? Check the Migration Guide.

Documentation

Getting Started

Requirements

  • iOS 13.0+ / macOS 11.0+ / tvOS 13.0+ / watchOS 7.0+
  • Xcode 14.x / 15.x
  • Swift 5.7+

[!IMPORTANT]
Check the Support Policy to learn when dropping Xcode, Swift, and platform versions will not be considered a breaking change.

Installation

Using the Swift Package Manager

Open the following menu item in Xcode:

File > Add Package Dependencies…

In the Search or Enter Package URL search box enter this URL:

https://github.com/auth0/Auth0.swift

Then, select the dependency rule and press Add Package.

Using Cocoapods

Add the following line to your Podfile:

pod 'Auth0', '~> 2.7'

Then, run pod install.

Using Carthage

Add the following line to your Cartfile:

github "auth0/Auth0.swift" ~> 2.7

Then, run carthage bootstrap --use-xcframeworks.

Configure the SDK

Head to the Auth0 Dashboard and create a new Native application.

Auth0.swift needs the Client ID and Domain of the Auth0 application to communicate with Auth0. You can find these details in the settings page of your Auth0 application. If you have a custom domain, use your custom domain instead of the value from the settings page.

[!IMPORTANT]
Make sure that the Auth0 application type is Native. Otherwise, you might run into errors due to the different configuration of other application types.

Configure the Client ID and Domain with a plist

Create a plist file named Auth0.plist in your app bundle with the following content:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>ClientId</key>
    <string>YOUR_AUTH0_CLIENT_ID</string>
    <key>Domain</key>
    <string>YOUR_AUTH0_DOMAIN</string>
</dict>
</plist>

Configure the Client ID and Domain programmatically

For Web Auth 
Auth0
    .webAuth(clientId: "YOUR_AUTH0_CLIENT_ID", domain: "YOUR_AUTH0_DOMAIN")
    // ...
For the Authentication API client 
Auth0
    .authentication(clientId: "YOUR_AUTH0_CLIENT_ID", domain: "YOUR_AUTH0_DOMAIN")
    // ...
For the Management API client (Users) 
Auth0
    .users(token: credentials.accessToken, domain: "YOUR_AUTH0_DOMAIN")
    // ...

Configure Web Auth (iOS / macOS)

Configure the callback and logout URLs

The callback and logout URLs are the URLs that Auth0 invokes to redirect back to your app. Auth0 invokes the callback URL after authenticating the user, and the logout URL after removing the session cookie.

Since callback and logout URLs can be manipulated, you will need to add your URLs to the Allowed Callback URLs and Allowed Logout URLs fields in the settings page of your Auth0 application. This will enable Auth0 to recognize these URLs as valid. If the callback and logout URLs are not set, users will be unable to log in and out of the app and will get an error.

Go to the settings page of your Auth0 application and add the corresponding URLs to Allowed Callback URLs and Allowed Logout URLs, according to the platform of your app. If you have a custom domain, replace YOUR_AUTH0_DOMAIN with your custom domain instead of the value from the settings page.

[!NOTE]
On iOS 17.4+ and macOS 14.4+ it is possible to use Universal Links as callback and logout URLs. When enabled, Auth0.swift will fall back to using a custom URL scheme on older iOS / macOS versions.

This feature requires Xcode 15.3+ and a paid Apple Developer account.

iOS
https://YOUR_AUTH0_DOMAIN/ios/YOUR_BUNDLE_IDENTIFIER/callback,
YOUR_BUNDLE_IDENTIFIER://YOUR_AUTH0_DOMAIN/ios/YOUR_BUNDLE_IDENTIFIER/callback
macOS
https://YOUR_AUTH0_DOMAIN/macos/YOUR_BUNDLE_IDENTIFIER/callback,
YOUR_BUNDLE_IDENTIFIER://YOUR_AUTH0_DOMAIN/macos/YOUR_BUNDLE_IDENTIFIER/callback
Example

If your iOS bundle identifier were com.example.MyApp and your Auth0 Domain were example.us.auth0.com, then this value would be:

https://example.us.auth0.com/ios/com.example.MyApp/callback,
com.example.MyApp://example.us.auth0.com/ios/com.example.MyApp/callback

Configure an associated domain

[!IMPORTANT]
This step requires a paid Apple Developer account. It is needed to use Universal Links as callback and logout URLs.
Skip this step to use a custom URL scheme instead.

Configure the Team ID and bundle identifier

Scroll to the end of the settings page of your Auth0 application and open Advanced Settings > Device Settings. In the iOS section, set Team ID to your Apple Team ID, and App ID to your app’s bundle identifier.

Screenshot of the iOS section inside the Auth0 application settings page

This will add your app to your Auth0 tenant’s apple-app-site-association file.

Add the associated domain capability

In Xcode, go to the Signing and Capabilities tab of your app’s target settings, and press the + Capability button. Then select Associated Domains.

Screenshot of the capabilities library inside Xcode

Next, add the following entry under Associated Domains:

webcredentials:YOUR_AUTH0_DOMAIN
Example

If your Auth0 Domain were example.us.auth0.com, then this value would be:

webcredentials:example.us.auth0.com

If you have a custom domain, replace YOUR_AUTH0_DOMAIN with your custom domain.

[!NOTE]
For the associated domain to work, your app must be signed with your team certificate even when building for the iOS simulator. Make sure you are using the Apple Team whose Team ID is configured in the settings page of your Auth0 application.

Web Auth login (iOS / macOS)

Import the Auth0 module in the file where you want to present the login page.

import Auth0

Then, present the Universal Login page in the action of your Login button.

Auth0
    .webAuth()
    .useHTTPS() // Use a Universal Link callback URL on iOS 17.4+ / macOS 14.4+
    .start { result in
        switch result {
        case .success(let credentials):
            print("Obtained credentials: \(credentials)")
        case .failure(let error):
            print("Failed with: \(error)")
        }
    }
Using async/await 
do {
    let credentials = try await Auth0.webAuth().useHTTPS().start()
    print("Obtained credentials: \(credentials)")
} catch {
    print("Failed with: \(error)")
}
Using Combine 
Auth0
    .webAuth()
    .useHTTPS() // Use a Universal Link callback URL on iOS 17.4+ / macOS 14.4+
    .start()
    .sink(receiveCompletion: { completion in
        if case .failure(let error) = completion {
            print("Failed with: \(error)")
        }
    }, receiveValue: { credentials in
        print("Obtained credentials: \(credentials)")
    })
    .store(in: &cancellables)

Web Auth logout (iOS / macOS)

Logging the user out involves clearing the Universal Login session cookie and then deleting the user’s credentials from your app.

Call the clearSession() method in the action of your Logout button. Once the session cookie has been cleared, delete the user’s credentials.

Auth0
    .webAuth()
    .useHTTPS() // Use a Universal Link logout URL on iOS 17.4+ / macOS 14.4+
    .clearSession { result in
        switch result {
        case .success:
            print("Session cookie cleared")
            // Delete credentials
        case .failure(let error):
            print("Failed with: \(error)")
        }
    }
Using async/await 
do {
    try await Auth0.webAuth().useHTTPS().clearSession()
    print("Session cookie cleared")
    // Delete credentials
} catch {
    print("Failed with: \(error)")
}
Using Combine 
Auth0
    .webAuth()
    .useHTTPS() // Use a Universal Link logout URL on iOS 17.4+ / macOS 14.4+
    .clearSession()
    .sink(receiveCompletion: { completion in
        switch completion {
        case .finished:
            print("Session cookie cleared")
            // Delete credentials
        case .failure(let error):
            print("Failed with: \(error)")
        }
    }, receiveValue: {})
    .store(in: &cancellables)

SSO alert box (iOS / macOS)

Screenshot of the SSO alert box

Check the FAQ for more information about the alert box that pops up by default when using Web Auth.

[!NOTE]
See also this blog post for a detailed overview of single sign-on (SSO) on iOS.

Next steps

Learn about most features in Examples ↗

Support Policy

This Policy defines the extent of the support for Xcode, Swift, and platform (iOS, macOS, tvOS, and watchOS) versions in Auth0.swift.

Xcode

The only supported versions of Xcode are those that can be currently used to submit apps to the App Store. Once a Xcode version becomes unsupported, dropping it from Auth0.swift will not be considered a breaking change, and will be done in a minor release.

Swift

The minimum supported Swift minor version is the one released with the oldest-supported Xcode version. Once a Swift minor becomes unsupported, dropping it from Auth0.swift will not be considered a breaking change, and will be done in a minor release.

Platforms

Once a platform version becomes unsupported, dropping it from Auth0.swift will not be considered a breaking change, and will be done in a minor release. For example, iOS 13 will cease to be supported when iOS 17 gets released, and Auth0.swift will be able to drop it in a minor release.

In the case of macOS, the yearly named releases are considered a major platform version for the purposes of this Policy, regardless of the actual version numbers.

Feedback

Contributing

We appreciate feedback and contribution to this repo! Before you get started, please see the following:

Raise an issue

To provide feedback or report a bug, please raise an issue on our issue tracker.

Vulnerability reporting

Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.

Auth0 Logo

Auth0 is an easy-to-implement, adaptable authentication and authorization platform. To learn more check out Why Auth0?

This project is licensed under the MIT license. See the LICENSE file for more info.