Is it possible to have my own Unity login widgets and use PKCE flow?

Hi,

I am writing a Unity ios Application and want to have my own native Screen using Unity UITK (things like a username edit field, password edit field, login button, reset password link, etc.) in the native screen.

What I do is I follow the PKCE flow with requests, then fill the forms and POST the form. But I always get an error message from Auth0 as if it detected that the form was filled out of a browser. I do use the State value and everything, but I am wondering if this is not something that the PKCE flow would support?

I also see the urls for the forgot passowrd, or signup and try to access those using the State also, but those also return me the error page from Auth0.

I could use any help to try to achieve this “native” look instead of popping a web form every time…

Regards,

Paolo

Hi,

Authorization Code with PKCE is considered a browser-based redirect flow.
Handling the login embedded in the application is not considered a good security practice.

IDPs such as Google for example will try to detect embedded login and reject the authentication request when it is not initiated from within the browser.

We have embedded login security risks documented here: Centralized Universal Login vs. Embedded Login