Auth0 Home Blog Docs

Right way to integrate iOS and website login?

api
ios
swift
#1

Hi guys,

We have a website that stores user information, and a mobile app (iOS). We tried using native sign in on iOS which works and gives back a jwt. However, we need to be able to verify that this jwt is valid (dont want to blindly trust it), which we don’t seem to have a way. We had firebase previously that did token exchange, but I don’t see a way to do this with iOS sdk… where token was returned, upon login, we passed to our back end to generate jwt token. What’s the right flow here with Auth0?

Also registration is another issue. We run native ios SDK code, which does register, however our back end is not notified, which means we never know the user was created. Should we be doing something else? Or is it some sort of configuration setting in auth0 website?

Auth0
            .authentication()
            .login(
                usernameOrEmail: email,
                password: password,
                realm: "Username-Password-Authentication",
                scope: "openid profile email")
            .start { result in
                DispatchQueue.main.async {
                    switch result {
                    case .success(let credentials):
                        callback(credentials.accessToken, nil)
                    case .failure(let error):
                        callback(nil, error)
                    }
                }
        }


Auth0
            .authentication()
            .createUser(
                email: email,
                password: password,
                connection: "Username-Password-Authentication",
                userMetadata: ["first_name": first,
                               "last_name": last]
            )
            .start { result in
                DispatchQueue.main.async {
                    switch result {
                    case .success(let user):
                        callback(user.email, nil)
                    case .failure(let error):
                        callback(nil, error)
                    }
                }
        }
#3

Hey @ilikeprivacy, I would recommend leveraging Authorization Code Grant Flow with PKCE in your native app. The link I provide has a walk through to implement it into your app. This enables an OAuth 2.0 grant that native apps use in order to access an API. Please take a look and please let me know if you have any questions, thanks!

#4

Thank you very much James.

1 Like
#5

No problem, I’m happy we could help! Please let us know if you have any questions in the future!

closed #6

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.