How to login directly in Auth0 without redirect universal login page?

Help
1

I’m working on Auth0 integration, i successfully integrated Auth0 SDK in my Swift project, but i want to implement direct login from my app with out redirect into Auth0 universal login page.

I studied mobile login flow here (Authorization Code Flow with Proof Key for Code Exchange (PKCE) ).

I implemented Auth0 login in iOS Swift it’s working. But i want direct login.

See my screens

When we click login in my app it shows pop up.

59%20PM
59%20PM694×1358 41.3 KB

Click continue it will open Auth0.com page (I don’t want this page, i want direct login with out this page How?)

37%20PM
37%20PM654×1080 101 KB

I don’t want this page, i want direct login with out this page through mu app login page, How?.

Is it possible?.

For this i followed this link https://auth0.com/docs/flows/guides/mobile-login-flow/add-login-using-mobile-login-flow and implemented code_verifier and code_challage. But when i implement Authorize the User it’s given html response .

My code is:

func codeVerifier() {
    var buffer = [UInt8](repeating: 0, count: 32)
    _ = SecRandomCopyBytes(kSecRandomDefault, buffer.count, &buffer)
    let verifier = Data(bytes: buffer).base64EncodedString()
        .replacingOccurrences(of: "+", with: "-")
        .replacingOccurrences(of: "/", with: "$_")
        .replacingOccurrences(of: "=", with: "")
        .trimmingCharacters(in: .whitespaces)

    print("Code_Verifier : \(verifier)")

    codeChallenger(verifier: verifier)
}

func codeChallenger(verifier:String) {
    // Dependency: Apple Common Crypto library
    // http://opensource.apple.com//source/CommonCrypto
    guard let data = verifier.data(using: .utf8) else {

        return
    }

    var buffer = [UInt8](repeating: 0,  count: Int(CC_SHA256_DIGEST_LENGTH))
    data.withUnsafeBytes {
        _ = CC_SHA256($0, CC_LONG(data.count), &buffer)
    }
    let hash = Data(bytes: buffer)
    let challenge = hash.base64EncodedString()
        .replacingOccurrences(of: "+", with: "-")
        .replacingOccurrences(of: "/", with: "$_")
        .replacingOccurrences(of: "=", with: "")
        .trimmingCharacters(in: .whitespaces)

    print("Code_Challenger : \(challenge)")

    authorizwTheUser(code_challange: challenge)
}

func authorizwTheUser(code_challange:String) {

    let url = "https://domain.auth0.com/authorize?"

    var request = URLRequest(url: URL(string: url)!)

            request.setValue("application/json", forHTTPHeaderField: "Content-Type")
            request.httpMethod = "GET"

            print("URL : \(request)")

    let parameters = "response_type=token&code_challenge=\(code_challange)&code_challenge_method=S256&client_id=&redirect_uri=com.myappname.Auth0DemoSwift://domainname.auth0.com/ios/com.domainname.Auth0DemoSwift/callback&scope=openid profile&state=xyzABC123x"

    request.httpBody = parameters.data(using: .utf8)

    print(parameters)

            let task = URLSession.shared.dataTask(with: request) { data, response, error in guard let data = data, error == nil else { // check for fundamental networking error
                print("error=\(String(describing: error))")
                return
                }

                if let httpStatus = response as? HTTPURLResponse, httpStatus.statusCode != 200 { // check for http errors
                    print("statusCode should be 200, but is \(httpStatus.statusCode)")
                    print("response = \(String(describing: response))")
                }

                                            // If Response is in String formate
                                            let responseString = String(data: data, encoding: .utf8)
                                            let dictionary = data
                                            print("dictionary = \(dictionary)")
                                            print("responseString = \(String(describing: responseString!))")

                do {
                    let response = try JSONSerialization.jsonObject(with: data, options: .allowFragments) as? [String: AnyObject]
                    print(response!)

                    let res = response!["Response"]
                    let status = res!["status"] as! String

                    if status == "SUCCESS" {

                    } else {

                    }

                } catch let error as NSError {
                    print(error)
                }
            }

            task.resume()

}
3

Hey there @nareshv!

As far as I know there is no way to do it. That is because that is actually the core part of assuring that best security is there. We give people possibility to customize this screen according to their personal needs so that it looks the closest to what you really require your UI to be in your app.

I’ll discuss it with the team whether there is some way to achieve it directly without having to redirect user to browser on mobile and will circle back with the update in a few hours!

4

Thank you “Konrad.sopala” Is it possible for web app?

5

I’ll provide you with a general overview on all types once I’m sure all scenarios

6

Which means these is no option right now to implement this option for web or mobile , am i right? konrad.sopala, Actually here if user not having any social networking login, thay must register Auth0 to continue this process. am I right?

8

So after a quick discussion there are actually two ways to do it:

1. Auth0.swift and Auth0.android, which redirect to the hosted login page through an external browser if you use the .authorize() method

2. Lock.swift, Lock.android and the .login() method from Auth0.android and Auth0.swift that try to login without the browser redirection

The first one is the recommended way. The first one is more secure as for example keyloggers cannot be used.

Example

Here are the pros and cons for each:

There is a Mobile Apps & Security section that’s helpful in your specific case

9

https://domain.auth0.com/authorize? already I tried with this API but it’s sending HTML page. Actually there is no tutorial for direct login. Can you send me any link. Thank you.

10

You need to go to the Authentication API (iOS / macOS / tvOS) in the example I provided. Relinking it once more here:

11

Ok, thank you Konrad.sopala…Thank you very much.

12

No worries! Let me know down the road if that helps!

13

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.