Skip to main content

Documentation Index

Fetch the complete documentation index at: https://auth0.com/llms.txt

Use this file to discover all available pages before exploring further.

Auth0 Universal Components for iOS allow you to build a self-service account security UI within your native iOS application. With the MyAccountAuthMethodsView component, users can manage their own authentication methods — multi-factor authentication (MFA) factors, passkeys, and recovery codes — directly inside your native application, without leaving for a web browser or contacting support.

How it works

The MyAccountAuthMethodsView component uses Auth0 My Account API’s authentication methods to render an authentication methods management UI inside your application.
The My Account API currently enforces low rate limits, especially on free-tier tenants. This may cause errors while using these components.
When an authenticated user opens their account settings screen, the Auth0.swift SDK retrieves an access token scoped to the My Account API audience. The MyAccountAuthMethodsView component uses the access token to call the My Account API /me/v1/authentication-methods endpoints as the logged-in user, so each user can only modify their own authentication methods.
  • The MyAccountAuthMethodsView component creates end-user self-service interfaces. End users can enroll, list, and remove every authentication method on their account: email OTP, SMS OTP, TOTP (authenticator application), push via Auth0 Guardian, passkeys, and recovery codes.
  • For delegated admin interfaces in which a user manages an Auth0 Organization, read Build a Delegated Admin Interface.

Prerequisites

Enable Auth0 My Account API

  1. Navigate to Dashboard > Applications > APIs.
  2. Select Activate My Account API to enable it for your tenant.

Create the application and configure My Account API permissions

  1. Navigate to Dashboard > Applications.
  2. Select Create Application.
  3. Select Native.
  4. Select the Settings tab to add the following callback URLs in the Allowed Callback URLs: 
    https://YOUR_AUTH0_DOMAIN/ios/YOUR_BUNDLE_ID/callback, YOUR_BUNDLE_ID://YOUR_AUTH0_DOMAIN/ios/YOUR_BUNDLE_ID/callback
  5. Add the same URls for the Allowed Logout URLs. 
    https://YOUR_AUTH0_DOMAIN/ios/YOUR_BUNDLE_ID/callback, YOUR_BUNDLE_ID://YOUR_AUTH0_DOMAIN/ios/YOUR_BUNDLE_ID/callback
  6. Select the API Access tab.
  7. Select Edit for the Auth0 My Account API to add the User-delegated Access permissions: create:me:authentication_methods read:me:authentication_methods update:me:authentication_methods delete:me:authentication_methods
  8. Select Save to save the permissions.
  • The user’s access token only includes permissions that were granted during login.
  • Request all four scopes to allow users to enroll, review, and remove authentication methods.

Install the SDK

Use the Swift Package Manager or Carthage to install the Auth0UniversalComponents package. To learn more about installation details and requirements, read Auth0 Universal Components for iOS.

Initialize the SDK

To initialize the SDK, call the Auth0UniversalComponentsSDKInitializer.initialize(...) method once at application start, typically in your application struct’s init. If your application already uses Auth0.plist to configure Auth0.swift, add ClientId, Domain, and Audience keys and call:
App.swift
import SwiftUI
import Auth0
import Auth0UniversalComponents

@main
struct MyApp: App {
    init() {
        Auth0UniversalComponentsSDKInitializer.initialize(
            tokenProvider: CredentialsManager(authentication: Auth0.authentication())
        )
    }

    var body: some Scene {
        WindowGroup { ContentView() }
    }
}
Or pass the values directly in code:
App.swift
Auth0UniversalComponentsSDKInitializer.initialize(
    domain: "YOUR_AUTH0_DOMAIN",
    clientId: "YOUR_CLIENT_ID",
    audience: "https://YOUR_AUTH0_DOMAIN/me/",
    tokenProvider: CredentialsManager(authentication: Auth0.authentication())
)

Configure the token provider

Use the TokenProvider, which wraps the Auth0.swift CredentialsManager, to request credentials from your application.
Auth0 recommends using the Auth0.swift’s CredentialsManager for production integrations. Implement a custom TokenProvider only if the Auth0.swift SDK does not meet your storage requirements.
To manage credentials outside the Auth0.iOS SDK’s CredentialsManager, implement the interface directly: 
struct AppTokenProvider: TokenProvider {
    func fetchCredentials() async throws -> Credentials {
        // Return the user's login credentials.
    }
    func storeCredentials(credentials: Credentials) {
        // Persist new or refreshed credentials.
    }
    func store(apiCredentials: APICredentials, for audience: String) {
        // Persist My Account API credentials keyed by audience.
    }
    func fetchAPICredentials(audience: String, scope: String) async throws -> APICredentials {
        // Return cached My Account API credentials, refreshing if expired.
    }
}
Users must be authenticated before you render any component. After the SDK is initialized and your TokenProvider protocol is wired up, add the MyAccountAuthMethodsView component to your settings screen to give users full MFA, passkey, and recovery-code self-service.

Learn more

Auth Methods Management

Review the MyAccountAuthMethodsView component reference, supported factors, and embedded-navigation examples.

Customize style and themes

Override colors, typography, spacing, radius, and size tokens using the Auth0 design-token system.