Native Login

Native mobile applications can use native or browser-based login flows.

In a browser-based login flow, the user is shown a web browser and redirected to the Auth0 login page for sign up or log in. For example: an iOS application opens a SafariViewController or an Android application opens a Custom Chrome Tab.

With a native login flow, the user signs up or enters their credentials directly into the app.

Regardless of which option you choose, Auth0 supports either.

Browser-based login

Native embedded login

If you prefer to embed your own login pages within your native/mobile app, you can implement our login widget, Lock, directly into your app with:

Examples of native apps with embedded login:


Embedded Passwordless Login in Native Applications


  • Phishing/security concerns: an unauthorized party could decompile or intercept traffic to/from your application to get the Client ID and authentication URL. With this information the unauthorized party could create a rogue application, upload it to an application store, and use it to phish for usernames, passwords, and Access Tokens.

  • SSO: users have to enter their credentials for each application.

    • Can implement SSO with native apps by storing refresh tokens on a shared keychain, but this is not compliant with the OAuth 2.0 specifications.

  • Takes more time to implement

  • No automatic improvements when Auth0 adds new features, have to update app code to take advantage of new features vs UL

  • Not compliant with OAuth 2.0 best practices

Native social login

You can add functionality to your native app letting users authenticate with social identity providers natively, within the application:

Facebook Login:

Sign In with Apple:

Rate limits

Limits are only applied to requests related to the Native Social Login flows, which are identified based on the body of the requests with the following initial criteria:

Request Type Body
grant_type urn:ietf:params:oauth:grant-type:token-exchange

Limits for production tenants of paying customers

Endpoint Path Limited By Rate Limit
Get Token /oauth/token Any native social login request 50 per minute with bursts up to 500 requests

Limits for non-production tenants of paying customers and all tenants of free customers

Endpoint Path Limited By Rate Limit
Get Token /oauth/token Native social login requests and IP 30 per minute