iOS Objective-C Authorization

Sample Project

Download a sample project specific to this tutorial configured with your Auth0 API Keys.

System Requirements
  • CocoaPods 1.2.1
  • Version 8.3.2 (8E2002)
  • iPhone 7 - iOS 10.3 (14E269)
Show requirements

Many identity providers will supply access claims, like roles or groups, with the user. You can request these in your token by setting scope: openid roles or scope: openid groups. However, not every identity provider provides this type of information. Fortunately, Auth0 has an alternative to it, which is creating a rule for assigning different roles to different users.

Create a Rule to Assign Roles

To create a rule, just go to the new rule page. You can create it from scratch or use an existing template. These templates are written by Auth0 team to assist you complete common tasks.

First, you will create a rule that assigns your users either an admin role, or a single user role. To do so, go to the new rule page and select the "Set Roles To A User" template, under Access Control.

Then, replace this line from the default script:

if ('') > -1)

You can set roles other than admin and user or customize the rule as needed.

By default, it says that if a user email contains, that user will be given an admin role, otherwise a regular user role.

Test the Rule

Import the Swift wrapper and Auth0 library:

#import "Auth0Sample-Swift.h"
@import Auth0;
// ProfileViewController.m

NSString *userId = ... // the id of the user, available in profile.sub
HybridAuth *auth = [[HybridAuth alloc] init];
[auth userProfileWithIdToken:idToken userId:userId callback:^(NSError * _Nullable error, NSDictionary<NSString *, id> * _Nullable user) {
  if (error) {
    // Handle error
  } else {
     NSDictionary *metaData = [user objectForKey:@"app_metadata"];
     NSArray *roles = [metaData objectForKey:@"roles"];
     if (![roles containsObject:@"admin"]) {
        // Not an admin user, access denied.
     } else {
        // Admin user, grant access
        [self performSegueWithIdentifier:@"AdminSegue" sender:nil];

Use the Rule

At this point, you are able to distinguish the users' roles in your app to authorize or deny access to a certain feature.

Previous Tutorial
4. Calling APIs
Use Auth0 for FREECreate free Account