Auth0 Home Blog Docs

Web and mobile authentication combined

react-native
mobile
web

#1

I have an implementation of web auth with Lock on my web application.
However I have a mobile app as well that provides additional services. It uses the same user base as the web. Users register on the web only before they get to interact with the mobile app.

What would be the best and maybe easiest way to implement authentication on the mobile side? I am not so happy with providing the web window option on the mobile side, prefer it to be in-app integration.
Is there some SMS based authentication, assuming I already registered the user and have his phone number?
Looking for a good approach that would also be simple enough to implement.

For example, I am less happy to fully implement all 3 customized options separately for login via username/password, Google, Facebook.

We use React-Native on the mobile ap part.


#2

The recommended approach would indeed be to opt-out for a centralized login approach which would mean mobile uses using a system user-agent instead of directly authenticating in the mobile application. There even is passwordless authentication based on SMS which could be of use for you mobile scenario which coupled with account linking would mean end-users could register/authenticate in web application with a wide range of authentication options and then have a passwordless identity linked to their account so that they could authenticate in mobile just using a code received through SMS. However, this approach would mean the use of centralized login.

In conclusion, although it could be possible and somewhat linear to implement authentication embedded in the mobile application for database connections, any other authentication mechanism will likely imply a need for centralized login.


#3

Thanks for the detailed answer. Trying to clear all you have wrote for myself.
What is the exact definition of centralized login?
As a bottom line, I understand you recommend to go with this approach. I do like the passwordless suggestion which I will dive more into it.
Regards,
Arie


#4

Thanks for the detailed answer. Trying to clear all you have wrote for myself.
What is the exact definition of centralized login?
As a bottom line, I understand you recommend to go with this approach. I do like the passwordless suggestion which I will dive more into it.
Regards,
Arie


#5

The centralized login means that independently of the client application the login happens at a central place; so multiple applications just delegate/redirect to this central place when they need user authentication. You can read more about it in this blog post: https://auth0.com/blog/authentication-provider-best-practices-centralized-login/


#6