Lock for Android

Lock for Android can integrate into your native Android apps to provide a beautiful way to log your users in and to sign them up in your app. It provides support for social identity providers such as Facebook, Google, or Twitter, as well as enterprise providers such as Active Directory. You can also use Lock for Android to provide Passwordless authentication using email or SMS.

Get started using Lock for Android below, or if you're looking for a specific document, try the listing of additional documents related to Lock for Android.


To use Lock's UI or your own UI via the Auth0.Android library the minimum required Android API level is 15+.


Lock is available both in Maven Central and JCenter. To start using Lock add these lines to your build.gradle dependencies file:

compile 'com.auth0.android:lock:2.3.0'

You can check for the latest version on the repository Releases tab, in Maven, or in JCenter.

After adding your Gradle dependency, make sure to remember to sync your project with Gradle files.

Dashboard settings

You need to fill in a few settings in your Auth0 Dashboard before you get started.

Callback URL

Head over to your Auth0 Dashboard and go to the client's settings. Add the following URL to the client's "Allowed Callback URLs"


Be sure to change the URL to add your Auth0 domain and your app package name!

Keystores and key hashes

You will need a Keystore for signing your Android app. If you already have one, you can continue and skip the instructions about acquiring one.

During development, you can use the default "android debug keystore" to sign your application. For instructions on how to generate the key hashes using this keystore, use our Android Keystores and Key Hashes Guide.

For a release keystore, replace the file, alias, store password and key password with your own values.

Implementing Lock (Social, Database, Enterprise)

The following instructions discuss implementing Lock for Android. If you specifically are looking to implement Passwordless lock for Android, read the Passwordless Authentication with Lock for Android page.

Configuring AndroidManifest.xml

Add the android.permission.INTERNET permission to the Manifest to allow Lock to make requests to the Auth0 API.

<uses-permission android:name="android.permission.INTERNET" />

Add LockActivity to your Manifest, replacing the host attribute with your YOUR_AUTH0_DOMAIN domain and the {YOUR_APP_PACKAGE_NAME} in the pathPrefix attribute with your application's package name. This filter allows Android OS to notify your application when an URL with that format is hit. For Lock, this means receiving the authentication result.

      <action android:name="android.intent.action.VIEW" />

      <category android:name="android.intent.category.DEFAULT" />
      <category android:name="android.intent.category.BROWSABLE" />

        android:scheme="https" />

Some restrictions

  • Make sure the Activity's launchMode is declared as singleTask or the result won't come back after the authentication.
  • Also note that for the time being, LockActivity can't be launched by calling startActivityForResult.


Create an Auth0 instance to hold your account details, which are the AUTH0_CLIENT_ID and the AUTH0_DOMAIN.

Auth0 auth0 = new Auth0('YOUR_CLIENT_ID','YOUR_AUTH0_DOMAIN');

Authentication callback

You'll also need a LockCallback implementation. Here is an example which will notify you about Authentication events (logins).

private LockCallback callback = new AuthenticationCallback() {
     public void onAuthentication(Credentials credentials) {

     public void onCanceled() {
        //User pressed back

     public void onError(LockException error)
        //Exception occurred

Note: The results of the AuthenticationCallback are in a credentials object. This object contains the tokens that you will require for authentication related operations in your app; see the Tokens documentation for more specifics.


To create a new Lock instance and configure it, use the Lock.Builder class. Call the static method Lock.newBuilder(Auth0, LockCallback), passing the account details and the callback implementation, and start configuring the Options as you need. After you're done, build the Lock instance and use it to start the LockActivity.

This is an example of what your Activity should look:

public class MainActivity extends Activity {
  private Lock lock;

  protected void onCreate(@Nullable Bundle savedInstanceState) {
    // Your own Activity code
    Auth0 auth0 = new Auth0('YOUR_CLIENT_ID','YOUR_AUTH0_DOMAIN');
    lock = Lock.newBuilder(auth0, callback)
      // ... Options

  public void onDestroy() {
    // Your own Activity code
    lock = null;

  private LockCallback callback = new AuthenticationCallback() {
       public void onAuthentication(Credentials credentials) {

       public void onCanceled() {
          //User pressed back

       public void onError(LockException error) {
          //Exception occurred

Remember to notify the Lock when your activity calls the OnDestroy method, as it helps to keep the Lock state.

Then, start Lock from inside your activity.


That's it! Lock will handle the rest for you.

Implementing Passwordless authentication with Lock for Android

For instructions on how to implement Passwordless authentication with Lock for Android, please see the Passwordless Guide.


The proguard rules should be applied automatically if your application is using minifyEnabled = true. If you want to include them manually check the proguard directory. By default you should at least use the following files:

By default you should at least use the following files:

  • proguard-gson.pro
  • proguard-otto.pro
  • proguard-lock-2.pro

As this library depends on Auth0.Android, you should keep the files up to date with the proguard rules defined in that repository.

Lock configuration

For a full list of Lock's configuration options, check out the Lock for Android Configuration Reference. Also, for users of v1 migrating to v2, read the Migration Guide to see what options have changed.

Error messages

For descriptions of common error messages, check out the Error Messages page. Also, if your callback receives an AuthenticationException you can check source to learn how to identify each error scenario.

Additional documents