Native mobile applications can use native or browser-based login flows. In a browser-based login flow, the user is shown a web browser and redirected to the Auth0 login page for sign up or log in. For example: an iOS application opens a SafariViewController or an Android application opens a Custom Chrome Tab. With a native login flow, the user signs up or enters their credentials directly into the app. Regardless of which option you choose, Auth0 supports either.

Browser-based login

Native embedded login

If you prefer to embed your own login pages within your native/mobile app, you can implement our login widget, Lock, directly into your app with: Examples of native apps with embedded login:

Passwordless

Embedded Passwordless Login in Native Applications

Considerations

  • Phishing/security concerns: an unauthorized party could decompile or intercept traffic to/from your application to get the and authentication URL. With this information the unauthorized party could create a rogue application, upload it to an application store, and use it to phish for usernames, passwords, and .
  • : users have to enter their credentials for each application.
    • Can implement SSO with native apps by storing refresh tokens on a shared keychain, but this is not compliant with the OAuth 2.0 specifications.
  • Takes more time to implement
  • No automatic improvements when Auth0 adds new features, have to update app code to take advantage of new features vs UL
  • Not compliant with best practices

Native social login

You can add functionality to your native app letting users authenticate with social natively, within the application: Facebook Login: Sign In with Apple:

Rate limits

Limits are only applied to requests related to the Native Social Login flows, which are identified based on the body of the requests with the following initial criteria:
Request TypeBody
grant_typeurn:ietf:params:oauth:grant-type:token-exchange
subject_token_typehttp://auth0.com/oauth/token-type/apple-authz-code

Limits for production tenants of paying customers

EndpointPathLimited ByRate Limit
Get Token/oauth/tokenAny native social login request50 per minute with bursts up to 500 requests

Limits for non-production tenants of paying customers and all tenants of free customers

EndpointPathLimited ByRate Limit
Get Token/oauth/tokenNative social login requests and IP30 per minute