After the excellent advice from @nicolas_sabena I implemented the Native flow in our iOS app when before we were using the Password grant type.
I have done so by opening an in-app browser and going to the API, I have NOT user the Auth0.Swift or Lock.Swift libraries. Instead I have implemented it in mostly C# with Unity and using the advice given here and in the RFC standard https://auth0.com/docs/flows/guides/mobile-login-flow/add-login-using-mobile-login-flow.
Facebook and Auth0 allow me to login fine
When I try Google login, I’m met with a 403 error: disallowed_useragent
Their documentation then goes on to suggest they do not approve of in-app browsers signing in with Google Id’s because it doesn’t take advantage of the native browsers cookies or other memory which might already have the user identity (from logging into another google service).
I’m not sure that’s actually true, from what I’ve seen on iOS, an in-app browser does essentially have access to the same native session data as the full Safari App, so I’m not sure what they’re talking about.
Anyway. I can see that your Auth0.Swift Sample does actually open an in-app browser, then even can login with Google!
How have you circumvented Googles disallowed_useragent error in the Swift sample? https://github.com/auth0/auth0-ios-swift-sample
I think this is pertinent information which should be added to your Native PKCE login flow documentation because I did not know the user agent would be particularly important for the PKCE flow.