For a native application, what is purpose of "App Package Name" and "Key Hashes"?

When I’m adding a native application, I see there’s an optional option in Advanced Settings -> Mobile Settings -> App Package Name/Key Hashes?

I’m not sure what are these settings for ? how they work ? I didn’t find any documents regarding this.

Same question for IOS(Team ID/App bundle identifier)


Hi @westwin

As far as I know, these are to provide further security usually when used with older (now deprecated) authentication methods (such as this).

Thanks for your response Charsleysa. According to the document you shared, looks like Google OAuth2 need the package name/Key Hashes ?

I’m not sure what do you mean by “further security”. Do you mean google will use the settings to check the application integrity(utilize the safetynet to perform a remote attestation ?

By “further security” I mean that it’s used to when extra checks to verify requests are needed such as when using older deprecated authentication methods.

If you are using Universal Login (which is recommended) you don’t need to enter in this information. There may be more uses for this information that are undocumented but I haven’t been required to enter this information to use Auth0 with the recommended Universal Login.