Call API Using Authorization Code Flow with PKCE

Lock v2 for iOS


This reference guide will show you how to implement the Refresh TokensLock user interface, and give you the details on configuring and customizing Lock in order to use it as the UI for your authentication needs. However, if you'd like to learn how to do more with Auth0 and Swift, such as how to save, call and refresh Single Sign-on (SSO)Access Tokens, get user profile info, and more, check out the Auth0.Swift SDK. Or, take a look at the Swift QuickStart to walk through complete examples and see options, both for using Lock as the interface, and for using a custom interface.

Check out the Lock.swift repository on GitHub.



  • iOS 9 or later
  • Xcode 8
  • Swift 3.0



Create a Code Verifier


If you are using Carthage, add the following lines to your Cartfile:

Then run carthage bootstrap.

For more information about Carthage usage, check their official documentation.

Create a Code Challenge


If you are using Cocoapods, add these lines to your Podfile:

Then, run pod install.

For further reference on Cocoapods, check their official documentation.

Authorize the User


Example authorization URL

Integrate with your Application

Lock needs to be notified when the application is asked to open a URL. You can do this in the AppDelegate file.


Import Lock

Import Lock wherever you'll need it


Auth0 Credentials

In order to use Lock you need to provide your Auth0 Client Id and Domain, which can be found in your Auth0 Dashboard, under your Application's settings.

In your application bundle you can add a plist file named Auth0.plist that will include your credentials with the following format.

Request Tokens

Implementation of Lock Classic

Lock Classic handles authentication using Database, Social, and Enterprise connections.

Example POST to token URL

OIDC Conformant Mode

It is strongly encouraged that this SDK be used in OIDC Conformant mode. When this mode is enabled, it will force the SDK to use Auth0's current authentication pipeline and will prevent it from reaching legacy endpoints. By default this is false

For more information, please see our Introduction to OIDC Conformant Authentication and the OIDC adoption guide.

To show Lock, add the following snippet in your UIViewController.


Use Auth0.Swift Library to access user profile

To access user profile information, you will need to use the Auth0.Swift library:

Check out the Auth0.Swift Library Documentation for more information about its uses.


Specify Connections

Lock will automatically load the connections configured for your application. If you wish to override the default behavior, you can manually specify which connections it should display to users as authentication options. This can be done by calling the method and supplying a closure that can specify the connection(s).

Adding a database connection:

Adding multiple social connections:

Call your API

Styling and Customization

Lock provides many styling options to help you apply your own brand identity to Lock using withStyle. For example, changing the primary color and header text of your Lock widget:

Refresh Tokens

Customize your title, logo, and primary color

You can see the complete set of styling options to alter the appearance of Lock for your app in the Customization Guide.

Example POST to token URL

Configuration Options

There are numerous options to configure Lock's behavior. Below is an example of Lock configured to allow it to be closable, to limit it to only usernames (and not emails), and to only show the Login and Reset Password screens.

You can see the complete set of behavior configuration options to alter the way Lock works for your app in the Configuration Guide.


Password Manager Support

By default, password manager support using 1Password is enabled for database connections. 1Password support will still require the user to have the 1Password app installed for the option to be visible in the login and signup screens. You can disable 1Password support using the enabled property of the passwordManager.

By default the appIdentifier will be set to the app's bundle identifier and the displayName will be set to the app's display name. You can customize these as follows:

You will need to add the following to your app's info.plist:


Next Steps