iOS Swift Authorization

Sample Project

Download a sample project specific to this tutorial configured with your Auth0 API Keys.

System Requirements
  • CocoaPods 1.2.1
  • Version 8.3.2 (8E2002)
  • iPhone 7 - iOS 10.3 (14E269)
Show requirements

Many identity providers will supply access claims, like roles or groups, with the user. You can request these in your token by setting scope: openid roles or scope: openid groups. However, not every identity provider provides this type of information. Fortunately, Auth0 has an alternative to it, which is creating a rule for assigning different roles to different users.

Create a Rule to Assign Roles

To create a rule, just go to the new rule page. You can create it from scratch or use an existing template. These templates are written by Auth0 team to assist you complete common tasks.

First, you will create a rule that assigns your users either an admin role, or a single user role. To do so, go to the new rule page and select the "Set Roles To A User" template, under Access Control. Then, replace this line from the default script:

if (user.email.indexOf('@example.com') > -1)

You can set roles other than admin and user or customize the rule as needed.

By default, it says that if a user email contains @example.com, that user will be given an admin role, otherwise a regular user role.

Test the Rule

import Auth0
// SessionManager.swift

Auth0
    .users(token: idToken)
    .get(profile.sub, fields: ["app_metadata"], include: true)
    .start { result in
        switch result {
        case .success(let user):
            guard
              let appMetadata = user["app_metadata"] as? [String: Any],
              let roles = appMetadata["roles"] as? [String]
            else {
              // Test failed, make sure you've configured your rule properly (check step 1 thoroughly)
              return
            }
            if roles == "admin" {
                // User has admin access, grant them the power.
            } else {
                // Not an admin, deny the user.
            }
        case .failure(let error):
            // Handler error
        }
}

Use the Rule

At this point, you are able to distinguish the users' roles in your app to authorize or deny access to a certain feature.

Previous Tutorial
4. Calling APIs
Use Auth0 for FREECreate free Account