Overview
This article explains whether to use a single or separate Auth0 application for iOS and Android when building a React Native app.
Applies To
- React Native
- iOS & Android
- Auth0 Native Applications
Solution
For a React Native application that serves both iOS and Android, the recommended best practice is to use a single Auth0 application in the Auth0 dashboard.
It is not necessary to create separate Auth0 applications for iOS and Android. A single Native app can handle both platforms, which simplifies development and maintenance.
When using a single Auth0 application, configure callback URLs for both platforms. Add multiple callback URLs to the Auth0 application settings, one for iOS and one for Android. For example:
- iOS:
BUNDLE_IDENTIFIER.auth0://AUTH0_NAMESPACE/ios/BUNDLE_IDENTIFIER/callback
- Android:
PACKAGE_NAME.auth0://AUTH0_NAMESPACE/android/PACKAGE_NAME/callback
Regarding client secrets, for mobile applications, it’s recommended to use the Authorization Code Flow with Proof Key for Code Exchange (PKCE) instead of using a client secret. This is more secure for public clients like mobile apps.
For platform-specific configurations, these are handled with the React Native code using platform-specific files or conditional logic based on the platform. This allows minor differences in the implementation to be addressed while still using a single Auth0 application.