Auth0 Home Blog Docs

Is it possible to implement getting Authorization Code using PKCE with custom login form in iOS/Android?

pkce

#1

I’ve already implemented getting Authorization Code using PKCE in iOS app, but it requires app to redirect the user to browser and login via Auth0 login form. Just wonder if it’s possible to get Authorization Code using PKCE via some custom login form?


#2

Currently, Authorization Code using PKCE needs a redirect to the browser. You can, however, configure the login form displayed in the browser by using the [Hosted Login Page] (https://auth0.com/docs/hosted-pages/login).

By using this browser based authentication we are following the recommendations of the Internet Engineering Task Force (IETF), who has recently release a [Best Current Practices (BCP) when using OAuth 2.0 with native mobile applications] (https://www.rfc-editor.org/rfc/rfc8252.txt) where it states that OAuth 2.0 authorization requests from native apps should only be made through external user-agents, primarily the user's browser..

You can read more about this recommendation here:
https://auth0.com/blog/oauth-2-best-practices-for-native-apps/
https://www.rfc-editor.org/rfc/rfc8252.txt
https://auth0.com/docs/design/browser-based-vs-native-experience-on-mobile