iOS Objective-C Authorization

Sample Project

Download a sample project specific to this tutorial configured with your Auth0 API Keys.

System Requirements
  • CocoaPods 1.2.1
  • Version 8.3.2 (8E2002)
  • iPhone 7 - iOS 10.3 (14E269)
Show requirements

Many identity providers supply access claims which contain, for example, user roles or groups. You can request the access claims in your token with scope: openid roles or scope: openid groups.

If an identity provider does not supply this information, you can create a rule for assigning roles to users.

Create a Rule to Assign Roles

Create a rule that assigns the following access roles to your user:

  • An admin role
  • A regular user role

To assign roles, go to the New rule page. In the Access Control section, select the Set roles to a user template.

Edit the following line from the default script to match the conditions that fit your needs:

if ('') > -1)

The rule is checked every time a user attempts to authenticate.

  • If the user has a valid email and the domain is, the user gets the admin role.
  • If the email contains anything else, the user gets the regular user role.

Depending on your needs, you can define roles other than admin and user. Read about the names you give your claims in the Rules documentation.

Test the Rule in Your Project

Import the Swift wrapper and Auth0 library:

#import "Auth0Sample-Swift.h"
@import Auth0;
// ProfileViewController.m

NSString *userId = ... // the id of the user, available in profile.sub
HybridAuth *auth = [[HybridAuth alloc] init];
[auth userProfileWithIdToken:idToken userId:userId callback:^(NSError * _Nullable error, NSDictionary<NSString *, id> * _Nullable user) {
  if (error) {
    // Handle error
  } else {
     NSDictionary *metaData = [user objectForKey:@"app_metadata"];
     NSArray *roles = [metaData objectForKey:@"roles"];
     if (![roles containsObject:@"admin"]) {
        // Not an admin user, access denied.
     } else {
        // Admin user, grant access
        [self performSegueWithIdentifier:@"AdminSegue" sender:nil];

Restrict Content Based on Access Level

Now you can recognize the users with different roles in your app. You can use this information to give and restrict access to selected features in your app to users with different roles.

In the sample project, the user with the admin role can access the admin panel.

Previous Tutorial
4. Calling APIs
Was this article helpful?
Use Auth0 for FREECreate free Account