Authentication

public protocol Authentication : Loggable, Trackable

Client for the Auth0 Authentication API.

  • The Auth0 Client ID.

    Declaration

    Swift

    var clientId: String { get }
  • url

    The Auth0 Domain URL.

    Declaration

    Swift

    var url: URL { get }

Methods

  • login(email:code:audience:scope:) Default implementation

    Logs in a user using an email and an OTP code received via email. This is the last part of the passwordless login flow.

    Auth0
        .authentication(clientId: clientId, domain: "samples.auth0.com")
        .login(email: "support@auth0.com", code: "123456")
        .start { result in
            switch result {
            case .success(let credentials):
                print("Obtained credentials: \(credentials)")
            case .failure(let error):
                print("Failed with: \(error)")
            }
        }
    

    You can also specify audience and scope:

    Auth0
        .authentication(clientId: clientId, domain: "samples.auth0.com")
        .login(email: "support@auth0.com",
               code: "123456",
               audience: "https://myapi.com/api",
               scope: "openid profile email offline_access")
        .start { print($0) }
    

    Requires

    Passwordless OTP Grant http://auth0.com/oauth/grant-type/passwordless/otp. Check our documentation for more information.

    Default Implementation

    Declaration

    Swift

    func login(email: String, code: String, audience: String?, scope: String) -> Request<Credentials, AuthenticationError>

    Parameters

    email

    Email the user used to start the passwordless login flow.

    code

    One-time password (OTP) code the user received via email.

    audience

    API Identifier that your application is requesting access to. Defaults to nil.

    scope

    Space-separated list of requested scope values. Defaults to openid profile email.

    Return Value

    Request that will yield Auth0 user’s credentials.

  • Logs in a user using a phone number and an OTP code received via SMS. This is the last part of the passwordless login flow.

    Auth0
        .authentication(clientId: clientId, domain: "samples.auth0.com")
        .login(phoneNumber: "+12025550135", code: "123456")
        .start { result in
            switch result {
            case .success(let credentials):
                print("Obtained credentials: \(credentials)")
            case .failure(let error):
                print("Failed with: \(error)")
            }
        }
    

    You can also specify audience and scope:

    Auth0
        .authentication(clientId: clientId, domain: "samples.auth0.com")
        .login(phoneNumber: "+12025550135",
               code: "123456",
               audience: "https://myapi.com/api",
               scope: "openid profile email offline_access")
        .start { print($0) }
    

    Requires

    Passwordless OTP Grant http://auth0.com/oauth/grant-type/passwordless/otp. Check our documentation for more information.

    Default Implementation

    Declaration

    Swift

    func login(phoneNumber: String, code: String, audience: String?, scope: String) -> Request<Credentials, AuthenticationError>

    Parameters

    phoneNumber

    Phone number the user used to start the passwordless login flow.

    code

    One-time password (OTP) code the user received via SMS.

    audience

    API Identifier that your application is requesting access to. Defaults to nil.

    scope

    Space-separated list of requested scope values. Defaults to openid profile email.

    Return Value

    Request that will yield Auth0 user’s credentials.

  • Logs in a user using a username and password with a realm or connection.

    Auth0
        .authentication(clientId: clientId, domain: "samples.auth0.com")
        .login(usernameOrEmail: "support@auth0.com",
               password: "secret password",
               realmOrConnection: "mydatabase")
        .start { result in
            switch result {
            case .success(let credentials):
                print("Obtained credentials: \(credentials)")
            case .failure(let error):
                print("Failed with: \(error)")
            }
        }
    

    You can also specify audience and scope:

    Auth0
        .authentication(clientId: clientId, domain: "samples.auth0.com")
        .login(usernameOrEmail: "support@auth0.com",
               password: "secret password",
               realmOrConnection: "mydatabase",
               audience: "https://myapi.com/api",
               scope: "openid profile email offline_access")
        .start { print($0) }
    

    Requires

    The http://auth0.com/oauth/grant-type/password-realm grant. Check our documentation for more information.

    Default Implementation

    Declaration

    Swift

    func login(usernameOrEmail username: String, password: String, realmOrConnection realm: String, audience: String?, scope: String) -> Request<Credentials, AuthenticationError>

    Parameters

    usernameOrEmail

    Username or email of the user.

    password

    Password of the user.

    realmOrConnection

    Domain of the realm or connection name.

    audience

    API Identifier that your application is requesting access to.

    scope

    Space-separated list of requested scope values.

    Return Value

    Request that will yield Auth0 user’s credentials.

  • Verifies multi-factor authentication (MFA) using a one-time password (OTP).

    Auth0
        .authentication(clientId: clientId, domain: "samples.auth0.com")
        .login(withOTP: "123456", mfaToken: "mfa token")
        .start { result in
            switch result {
            case .success(let credentials):
                print("Obtained credentials: \(credentials)")
            case .failure(let error):
                print("Failed with: \(error)")
            }
        }
    

    Requires

    The http://auth0.com/oauth/grant-type/mfa-otp grant. Check our documentation for more information.

    Declaration

    Swift

    func login(withOTP otp: String, mfaToken: String) -> Request<Credentials, AuthenticationError>

    Parameters

    otp

    One-time password supplied by a MFA authenticator.

    mfaToken

    Token returned when authentication fails with an isMultifactorRequired error due to MFA requirement.

    Return Value

    A request that will yield Auth0 user’s credentials.

  • Verifies multi-factor authentication (MFA) using an out-of-band (OOB) challenge (either push notification, SMS or voice).

    Auth0
        .authentication(clientId: clientId, domain: "samples.auth0.com")
        .login(withOOBCode: "123456", mfaToken: "mfa token")
        .start { result in
            switch result {
            case .success(let credentials):
                print("Obtained credentials: \(credentials)")
            case .failure(let error):
                print("Failed with: \(error)")
            }
        }
    

    Requires

    The http://auth0.com/oauth/grant-type/mfa-oob grant. Check our documentation for more information.

    Default Implementation

    Declaration

    Swift

    func login(withOOBCode oobCode: String, mfaToken: String, bindingCode: String?) -> Request<Credentials, AuthenticationError>

    Parameters

    oobCode

    The OOB code received from the challenge request.

    mfaToken

    Token returned when authentication fails with an isMultifactorRequired error due to MFA requirement.

    bindingCode

    A code used to bind the side channel (used to deliver the challenge) with the main channel you are using to authenticate. This is usually an OTP-like code delivered as part of the challenge message.

    Return Value

    A request that will yield Auth0 user’s credentials.

  • Verifies multi-factor authentication (MFA) using a recovery code. Some multi-factor authentication (MFA) providers support using a recovery code to login. Use this method to authenticate when the user’s enrolled device is unavailable, or the user cannot receive the challenge or accept it due to connectivity issues.

    Auth0
        .authentication(clientId: clientId, domain: "samples.auth0.com")
        .login(withRecoveryCode: "recovery code", mfaToken: "mfa token")
        .start { result in
            switch result {
            case .success(let credentials):
                print("Obtained credentials: \(credentials)")
            case .failure(let error):
                print("Failed with: \(error)")
            }
        }
    

    Requires

    The http://auth0.com/oauth/grant-type/mfa-recovery-code grant. Check our documentation for more information.

    Declaration

    Swift

    func login(withRecoveryCode recoveryCode: String, mfaToken: String) -> Request<Credentials, AuthenticationError>

    Parameters

    recoveryCode

    Recovery code provided by the user.

    mfaToken

    Token returned when authentication fails with an isMultifactorRequired error due to MFA requirement.

    Return Value

    A request that will yield Auth0 user’s credentials. Might include a recovery code, which the application must display to the user to be stored securely for future use.

  • Requests a challenge for multi-factor authentication (MFA) based on the challenge types supported by the application and user.

    The type is how the user will get the challenge and prove possession. Supported challenge types include:

    • otp: for one-time password (OTP)
    • oob: for SMS/voice messages or out-of-band (OOB)
    Auth0
        .authentication(clientId: clientId, domain: "samples.auth0.com")
        .multifactorChallenge(mfaToken: "mfa token", types: ["otp"])
        .start { result in
            switch result {
            case .success(let challenge):
                print("Obtained challenge: \(challenge)")
            case .failure(let error):
                print("Failed with: \(error)")
            }
        }
    

    Default Implementation

    Declaration

    Swift

    func multifactorChallenge(mfaToken: String, types: [String]?, authenticatorId: String?) -> Request<Challenge, AuthenticationError>

    Parameters

    mfaToken

    Token returned when authentication fails with an isMultifactorRequired error due to MFA requirement.

    types

    A list of the challenges types accepted by your application. Accepted challenge types are oob or otp. Excluding this parameter means that your application accepts all supported challenge types.

    authenticatorId

    The ID of the authenticator to challenge. You can get the ID by querying the list of available authenticators for the user.

    Return Value

    A request that will yield a multi-factor challenge.

  • Authenticates a user with their Sign In with Apple authorization code.

    Auth0
        .authentication(clientId: clientId, domain: "samples.auth0.com")
        .login(appleAuthorizationCode: "auth code")
        .start { result in
            switch result {
            case .success(let credentials):
                print("Obtained credentials: \(credentials)")
            case .failure(let error):
                print("Failed with: \(error)")
            }
        }
    

    You can also specify audience and scope:

    Auth0
        .authentication(clientId: clientId, domain: "samples.auth0.com")
        .login(appleAuthorizationCode: "auth code",
               fullName: credentials.fullName,
               audience: "https://myapi.com/api",
               scope: "openid profile email offline_access")
        .start { print($0) }
    

    Default Implementation

    Declaration

    Swift

    func login(appleAuthorizationCode authorizationCode: String, fullName: PersonNameComponents?, profile: [String : Any]?, audience: String?, scope: String) -> Request<Credentials, AuthenticationError>

    Parameters

    authorizationCode

    Authorization Code retrieved from Apple Authorization.

    fullName

    The full name property returned with the Apple ID Credentials.

    profile

    Additional user profile data returned with the Apple ID Credentials.

    audience

    API Identifier that your application is requesting access to.

    scope

    Space-separated list of requested scope values. Defaults to openid profile email.

    Return Value

    A request that will yield Auth0 user’s credentials.

  • Authenticates a user with their Facebook Session Info Access Token and profile data.

    Auth0
        .authentication(clientId: clientId, domain: "samples.auth0.com")
        .login(facebookSessionAccessToken: "session info access token",
               profile: ["key": "value"])
        .start { result in
            switch result {
            case .success(let credentials):
                print("Obtained credentials: \(credentials)")
            case .failure(let error):
                print("Failed with: \(error)")
            }
        }
    

    You can also specify audience and scope:

    Auth0
        .authentication(clientId: clientId, domain: "samples.auth0.com")
        .login(facebookSessionAccessToken: "session info access token",
               profile: ["key": "value"],
               audience: "https://myapi.com/api",
               scope: "openid profile email offline_access")
        .start { print($0) }
    

    Default Implementation

    Declaration

    Swift

    func login(facebookSessionAccessToken sessionAccessToken: String, profile: [String : Any], audience: String?, scope: String) -> Request<Credentials, AuthenticationError>

    Parameters

    sessionAccessToken

    Session Info Access Token retrieved from Facebook.

    profile

    The user profile data retrieved from Facebook.

    audience

    API Identifier that your application is requesting access to.

    scope

    Space-separated list of requested scope values. Defaults to openid profile email.

    Return Value

    A request that will yield Auth0 user’s credentials.

  • Logs in a user using a username and password in the default directory.

    Auth0
        .authentication(clientId: clientId, domain: "samples.auth0.com")
        .loginDefaultDirectory(withUsername: "support@auth0.com",
                               password: "secret password")
        .start { result in
            switch result {
            case .success(let credentials):
                print("Obtained credentials: \(credentials)")
            case .failure(let error):
                print("Failed with: \(error)")
            }
        }
    

    You can also specify audience and scope:

    Auth0
        .authentication(clientId: clientId, domain: "samples.auth0.com")
        .loginDefaultDirectory(withUsername: "support@auth0.com",
                               password: "secret password",
                               audience: "https://myapi.com/api",
                               scope: "openid profile email offline_access")
        .start { print($0) }
    

    Default Implementation

    Declaration

    Swift

    func loginDefaultDirectory(withUsername username: String, password: String, audience: String?, scope: String) -> Request<Credentials, AuthenticationError>

    Parameters

    username

    Username or email of the user.

    password

    Password of the user.

    audience

    API Identifier that your application is requesting access to.

    scope

    Space-separated list of requested scope values.

    Return Value

    A request that will yield Auth0 user’s credentials.

  • Creates a user in a database connection.

    Auth0
        .authentication(clientId: clientId, domain: "samples.auth0.com")
        .signup(email: "support@auth0.com",
                password: "secret password",
                connection: "Username-Password-Authentication")
        .start { result in
            switch result {
            case .success(let user):
                print("User signed up: \(user)")
            case .failure(let error):
                print("Failed with: \(error)")
            }
        }
    

    You can also add additional metadata when creating the user:

    Auth0
        .authentication(clientId: clientId, domain: "samples.auth0.com")
        .signup(email: "support@auth0.com",
                password: "secret password",
                connection: "Username-Password-Authentication",
                userMetadata: ["first_name": "John", "last_name": "Appleseed"])
        .start { print($0) }
    

    If the database connection requires a username:

    Auth0
        .authentication(clientId, domain: "samples.auth0.com")
        .signup(email: "support@auth0.com",
                username: "support",
                password: "secret password",
                connection: "Username-Password-Authentication")
        .start { print($0) }
    

    Default Implementation

    Declaration

    Swift

    func signup(email: String, username: String?, password: String, connection: String, userMetadata: [String : Any]?, rootAttributes: [String : Any]?) -> Request<DatabaseUser, AuthenticationError>

    Parameters

    email

    Email for the new user.

    username

    Username for the new user (if the connection requires a username). Defaults to nil.

    password

    Password for the new user.

    connection

    Name of the connection where the user will be created (database connection).

    userMetadata

    Additional user metadata parameters that will be added to the newly created user.

    rootAttributes

    Root attributes that will be added to the newly created user. These will not overwrite existing parameters. See https://auth0.com/docs/api/authentication#signup for the full list of supported attributes.

    Return Value

    A request that will yield a newly created database user (just the email, username, and email verified flag).

  • Resets the password of a database user.

    Auth0
        .authentication(clientId: clientId, domain: "samples.auth0.com")
        .resetPassword(email: "support@auth0.com",
                       connection: "Username-Password-Authentication")
        .start { print($0) }
    

    Declaration

    Swift

    func resetPassword(email: String, connection: String) -> Request<Void, AuthenticationError>

    Parameters

    email

    Email of the database user.

    connection

    Name of the database connection.

    Return Value

    A request for resetting the password.

  • Starts passwordless authentication by sending an email with an OTP code. This is the first part of the passwordless login flow.

    Auth0
        .authentication(clientId: clientId, domain: "samples.auth0.com")
        .startPasswordless(email: "support@auth0.com")
        .start { print($0) }
    

    If you have configured iOS Universal Links:

    Auth0
        .authentication(clientId: clientId, domain: "samples.auth0.com")
        .startPasswordless(email: "support@auth0.com", type: .iOSLink)
        .start { print($0) }
    

    Requires

    Passwordless OTP Grant http://auth0.com/oauth/grant-type/passwordless/otp. Check our documentation for more information.

    Default Implementation

    Declaration

    Swift

    func startPasswordless(email: String, type: PasswordlessType, connection: String) -> Request<Void, AuthenticationError>

    Parameters

    email

    Email where to send the code or link.

    type

    Type of passwordless authentication. Defaults to ‘code’.

    connection

    Name of the passwordless connection. Defaults to ‘email’.

    Return Value

    A request for starting the passwordless flow.

  • Starts passwordless authentication by sending an SMS with an OTP code. This is the first part of the passwordless login flow.

    Auth0
        .authentication(clientId: clientId, domain: "samples.auth0.com")
        .startPasswordless(phoneNumber: "+12025550135")
        .start { print($0) }
    

    If you have configured iOS Universal Links:

    Auth0
        .authentication(clientId: clientId, domain: "samples.auth0.com")
        .startPasswordless(phoneNumber: "+12025550135", type: .iOSLink)
        .start { print($0) }
    

    Requires

    Passwordless OTP Grant http://auth0.com/oauth/grant-type/passwordless/otp. Check our documentation for more information.

    Default Implementation

    Declaration

    Swift

    func startPasswordless(phoneNumber: String, type: PasswordlessType, connection: String) -> Request<Void, AuthenticationError>

    Parameters

    phoneNumber

    Phone number where to send the SMS with the code or link.

    type

    Type of passwordless authentication. Defaults to ‘code’.

    connection

    Name of the passwordless connection. Defaults to ‘sms’.

    Return Value

    A request for starting the passwordless flow.

  • Returns OIDC standard claims information by performing a request to the /userinfo endpoint.

    Auth0
        .authentication(clientId, domain: "samples.auth0.com")
        .userInfo(withAccessToken: credentials.accessToken)
        .start { result in
            switch result {
            case .success(let user):
                print("Obtained user: \(user)")
            case .failure(let error):
                print("Failed with: \(error)")
            }
        }
    

    Declaration

    Swift

    func userInfo(withAccessToken accessToken: String) -> Request<UserInfo, AuthenticationError>

    Parameters

    accessToken

    Access Token obtained by authenticating the user.

    Return Value

    A request that will yield user information.

  • Performs the last step of Proof Key for Code Exchange (PKCE). This will request the user’s token using the code and its verifier after a request to /oauth/authorize.

    Auth0
        .authentication(clientId: clientId, domain: "samples.auth0.com")
        .codeExchange(withCode: "code",
                      codeVerifier: "code verifier",
                      redirectURI: "https://samples.auth0.com/callback")
        .start { result in
            switch result {
            case .success(let credentials):
                print("Obtained credentials: \(credentials)")
            case .failure(let error):
                print("Failed with: \(error)")
            }
        }
    

    See

    RFC 7636

    Declaration

    Swift

    func codeExchange(withCode code: String, codeVerifier: String, redirectURI: String) -> Request<Credentials, AuthenticationError>

    Parameters

    code

    Code returned after a request to /oauth/authorize.

    codeVerifier

    Verifier used to generate the challenge sent in the request to /oauth/authorize.

    redirectURI

    Redirect URI sent in the request to /oauth/authorize.

    Return Value

    A request that will yield Auth0 user’s credentials.

  • renew(withRefreshToken:scope:) Default implementation

    Renews the user’s credentials using a Refresh Token.

    Auth0
        .renew(withRefreshToken: credentials.refreshToken)
        .start { result in
            switch result {
            case .success(let credentials):
                print("Obtained new credentials: \(credentials)")
            case .failure(let error):
                print("Failed with: \(error)")
            }
        }
    

    You can get a downscoped Access Token by requesting fewer scopes than were requested on login:

    Auth0
        .renew(withRefreshToken: credentials.refreshToken,
               scope: "openid offline_access")
        .start { print($0) }
    

    Default Implementation

    Declaration

    Swift

    func renew(withRefreshToken refreshToken: String, scope: String?) -> Request<Credentials, AuthenticationError>

    Parameters

    refreshToken

    The Refresh Token.

    scope

    Space-separated list of scope values to request. Defaults to nil, which will ask for the same scopes that were requested on login.

    Return Value

    A request that will yield Auth0 user’s credentials.

  • Revokes a user’s Refresh Token by performing a request to the /oauth/revoke endpoint.

    Auth0
        .authentication(clientId: clientId, domain: "samples.auth0.com")
        .revoke(refreshToken: credentials.refreshToken)
        .start { print($0) }
    

    Declaration

    Swift

    func revoke(refreshToken: String) -> Request<Void, AuthenticationError>

    Parameters

    refreshToken

    The Refresh Token to revoke.

    Return Value

    A request for revoking the Refresh Token.

  • Returns JSON Web Key Set (JWKS) information from the /.well-known/jwks.json endpoint.

    Auth0
        .authentication(clientId: clientId, domain: "samples.auth0.com")
        .jwks()
        .start { result in
            switch result {
            case .success(let jwks):
                print("Obtained JWKS: \(jwks)")
            case .failure(let error):
                print("Failed with: \(error)")
            }
        }
    

    Declaration

    Swift

    func jwks() -> Request<JWKS, AuthenticationError>

    Return Value

    A request that will yield JWKS information.