Authentication
Client for the Auth0 Authentication API.
-
The Auth0 Client ID.
Declaration
Swift
var clientId: String { get }
-
The Auth0 Domain URL.
Declaration
Swift
var url: URL { get }
-
login(email:
Default implementationcode: audience: scope: ) Logs in a user using an email and an OTP code received via email. This is the last part of the passwordless login flow.
Auth0 .authentication(clientId: clientId, domain: "samples.auth0.com") .login(email: "support@auth0.com", code: "123456") .start { result in switch result { case .success(let credentials): print("Obtained credentials: \(credentials)") case .failure(let error): print("Failed with: \(error)") } }
You can also specify audience and scope:
Auth0 .authentication(clientId: clientId, domain: "samples.auth0.com") .login(email: "support@auth0.com", code: "123456", audience: "https://myapi.com/api", scope: "openid profile email offline_access") .start { print($0) }
Requires
Passwordless OTP Granthttp://auth0.com/oauth/grant-type/passwordless/otp
. Check our documentation for more information.See
Error ResponsesDefault Implementation
Declaration
Swift
func login(email: String, code: String, audience: String?, scope: String) -> Request<Credentials, AuthenticationError>
Parameters
email
Email the user used to start the passwordless login flow.
code
One-time password (OTP) code the user received via email.
audience
API Identifier that your application is requesting access to. Defaults to
nil
.scope
Space-separated list of requested scope values. Defaults to
openid profile email
.Return Value
Request that will yield Auth0 user’s credentials.
-
login(phoneNumber:
Default implementationcode: audience: scope: ) Logs in a user using a phone number and an OTP code received via SMS. This is the last part of the passwordless login flow.
Auth0 .authentication(clientId: clientId, domain: "samples.auth0.com") .login(phoneNumber: "+12025550135", code: "123456") .start { result in switch result { case .success(let credentials): print("Obtained credentials: \(credentials)") case .failure(let error): print("Failed with: \(error)") } }
You can also specify audience and scope:
Auth0 .authentication(clientId: clientId, domain: "samples.auth0.com") .login(phoneNumber: "+12025550135", code: "123456", audience: "https://myapi.com/api", scope: "openid profile email offline_access") .start { print($0) }
Requires
Passwordless OTP Granthttp://auth0.com/oauth/grant-type/passwordless/otp
. Check our documentation for more information.See
Error ResponsesDefault Implementation
Declaration
Swift
func login(phoneNumber: String, code: String, audience: String?, scope: String) -> Request<Credentials, AuthenticationError>
Parameters
phoneNumber
Phone number the user used to start the passwordless login flow.
code
One-time password (OTP) code the user received via SMS.
audience
API Identifier that your application is requesting access to. Defaults to
nil
.scope
Space-separated list of requested scope values. Defaults to
openid profile email
.Return Value
Request that will yield Auth0 user’s credentials.
-
login(usernameOrEmail:
Default implementationpassword: realmOrConnection: audience: scope: ) Logs in a user using a username and password with a realm or connection.
Auth0 .authentication(clientId: clientId, domain: "samples.auth0.com") .login(usernameOrEmail: "support@auth0.com", password: "secret password", realmOrConnection: "mydatabase") .start { result in switch result { case .success(let credentials): print("Obtained credentials: \(credentials)") case .failure(let error): print("Failed with: \(error)") } }
You can also specify audience and scope:
Auth0 .authentication(clientId: clientId, domain: "samples.auth0.com") .login(usernameOrEmail: "support@auth0.com", password: "secret password", realmOrConnection: "mydatabase", audience: "https://myapi.com/api", scope: "openid profile email offline_access") .start { print($0) }
Requires
Thehttp://auth0.com/oauth/grant-type/password-realm
grant. Check our documentation for more information.Default Implementation
Declaration
Swift
func login(usernameOrEmail username: String, password: String, realmOrConnection realm: String, audience: String?, scope: String) -> Request<Credentials, AuthenticationError>
Parameters
usernameOrEmail
Username or email of the user.
password
Password of the user.
realmOrConnection
Domain of the realm or connection name.
audience
API Identifier that your application is requesting access to.
scope
Space-separated list of requested scope values.
Return Value
Request that will yield Auth0 user’s credentials.
-
Verifies multi-factor authentication (MFA) using a one-time password (OTP).
Auth0 .authentication(clientId: clientId, domain: "samples.auth0.com") .login(withOTP: "123456", mfaToken: "mfa token") .start { result in switch result { case .success(let credentials): print("Obtained credentials: \(credentials)") case .failure(let error): print("Failed with: \(error)") } }
Requires
Thehttp://auth0.com/oauth/grant-type/mfa-otp
grant. Check our documentation for more information.Declaration
Swift
func login(withOTP otp: String, mfaToken: String) -> Request<Credentials, AuthenticationError>
Parameters
otp
One-time password supplied by a MFA authenticator.
mfaToken
Token returned when authentication fails with an
isMultifactorRequired
error due to MFA requirement.Return Value
A request that will yield Auth0 user’s credentials.
-
login(withOOBCode:
Default implementationmfaToken: bindingCode: ) Verifies multi-factor authentication (MFA) using an out-of-band (OOB) challenge (either push notification, SMS or voice).
Auth0 .authentication(clientId: clientId, domain: "samples.auth0.com") .login(withOOBCode: "123456", mfaToken: "mfa token") .start { result in switch result { case .success(let credentials): print("Obtained credentials: \(credentials)") case .failure(let error): print("Failed with: \(error)") } }
Requires
Thehttp://auth0.com/oauth/grant-type/mfa-oob
grant. Check our documentation for more information.Default Implementation
Declaration
Swift
func login(withOOBCode oobCode: String, mfaToken: String, bindingCode: String?) -> Request<Credentials, AuthenticationError>
Parameters
oobCode
The OOB code received from the challenge request.
mfaToken
Token returned when authentication fails with an
isMultifactorRequired
error due to MFA requirement.bindingCode
A code used to bind the side channel (used to deliver the challenge) with the main channel you are using to authenticate. This is usually an OTP-like code delivered as part of the challenge message.
Return Value
A request that will yield Auth0 user’s credentials.
-
Verifies multi-factor authentication (MFA) using a recovery code. Some multi-factor authentication (MFA) providers support using a recovery code to login. Use this method to authenticate when the user’s enrolled device is unavailable, or the user cannot receive the challenge or accept it due to connectivity issues.
Auth0 .authentication(clientId: clientId, domain: "samples.auth0.com") .login(withRecoveryCode: "recovery code", mfaToken: "mfa token") .start { result in switch result { case .success(let credentials): print("Obtained credentials: \(credentials)") case .failure(let error): print("Failed with: \(error)") } }
Requires
Thehttp://auth0.com/oauth/grant-type/mfa-recovery-code
grant. Check our documentation for more information.See
recoveryCode
Declaration
Swift
func login(withRecoveryCode recoveryCode: String, mfaToken: String) -> Request<Credentials, AuthenticationError>
Parameters
recoveryCode
Recovery code provided by the user.
mfaToken
Token returned when authentication fails with an
isMultifactorRequired
error due to MFA requirement.Return Value
A request that will yield Auth0 user’s credentials. Might include a recovery code, which the application must display to the user to be stored securely for future use.
-
multifactorChallenge(mfaToken:
Default implementationtypes: authenticatorId: ) Requests a challenge for multi-factor authentication (MFA) based on the challenge types supported by the application and user.
The
type
is how the user will get the challenge and prove possession. Supported challenge types include:otp
: for one-time password (OTP)oob
: for SMS/voice messages or out-of-band (OOB)
Auth0 .authentication(clientId: clientId, domain: "samples.auth0.com") .multifactorChallenge(mfaToken: "mfa token", types: ["otp"]) .start { result in switch result { case .success(let challenge): print("Obtained challenge: \(challenge)") case .failure(let error): print("Failed with: \(error)") } }
Default Implementation
Declaration
Swift
func multifactorChallenge(mfaToken: String, types: [String]?, authenticatorId: String?) -> Request<Challenge, AuthenticationError>
Parameters
mfaToken
Token returned when authentication fails with an
isMultifactorRequired
error due to MFA requirement.types
A list of the challenges types accepted by your application. Accepted challenge types are
oob
orotp
. Excluding this parameter means that your application accepts all supported challenge types.authenticatorId
The ID of the authenticator to challenge. You can get the ID by querying the list of available authenticators for the user.
Return Value
A request that will yield a multi-factor challenge.
-
login(appleAuthorizationCode:
Default implementationfullName: profile: audience: scope: ) Authenticates a user with their Sign In with Apple authorization code.
Auth0 .authentication(clientId: clientId, domain: "samples.auth0.com") .login(appleAuthorizationCode: "auth code") .start { result in switch result { case .success(let credentials): print("Obtained credentials: \(credentials)") case .failure(let error): print("Failed with: \(error)") } }
You can also specify audience and scope:
Auth0 .authentication(clientId: clientId, domain: "samples.auth0.com") .login(appleAuthorizationCode: "auth code", fullName: credentials.fullName, audience: "https://myapi.com/api", scope: "openid profile email offline_access") .start { print($0) }
Default Implementation
Declaration
Swift
func login(appleAuthorizationCode authorizationCode: String, fullName: PersonNameComponents?, profile: [String : Any]?, audience: String?, scope: String) -> Request<Credentials, AuthenticationError>
Parameters
authorizationCode
Authorization Code retrieved from Apple Authorization.
fullName
The full name property returned with the Apple ID Credentials.
profile
Additional user profile data returned with the Apple ID Credentials.
audience
API Identifier that your application is requesting access to.
scope
Space-separated list of requested scope values. Defaults to
openid profile email
.Return Value
A request that will yield Auth0 user’s credentials.
-
login(facebookSessionAccessToken:
Default implementationprofile: audience: scope: ) Authenticates a user with their Facebook Session Info Access Token and profile data.
Auth0 .authentication(clientId: clientId, domain: "samples.auth0.com") .login(facebookSessionAccessToken: "session info access token", profile: ["key": "value"]) .start { result in switch result { case .success(let credentials): print("Obtained credentials: \(credentials)") case .failure(let error): print("Failed with: \(error)") } }
You can also specify audience and scope:
Auth0 .authentication(clientId: clientId, domain: "samples.auth0.com") .login(facebookSessionAccessToken: "session info access token", profile: ["key": "value"], audience: "https://myapi.com/api", scope: "openid profile email offline_access") .start { print($0) }
Default Implementation
Declaration
Swift
func login(facebookSessionAccessToken sessionAccessToken: String, profile: [String : Any], audience: String?, scope: String) -> Request<Credentials, AuthenticationError>
Parameters
sessionAccessToken
Session Info Access Token retrieved from Facebook.
profile
The user profile data retrieved from Facebook.
audience
API Identifier that your application is requesting access to.
scope
Space-separated list of requested scope values. Defaults to
openid profile email
.Return Value
A request that will yield Auth0 user’s credentials.
-
loginDefaultDirectory(withUsername:
Default implementationpassword: audience: scope: ) Logs in a user using a username and password in the default directory.
Auth0 .authentication(clientId: clientId, domain: "samples.auth0.com") .loginDefaultDirectory(withUsername: "support@auth0.com", password: "secret password") .start { result in switch result { case .success(let credentials): print("Obtained credentials: \(credentials)") case .failure(let error): print("Failed with: \(error)") } }
You can also specify audience and scope:
Auth0 .authentication(clientId: clientId, domain: "samples.auth0.com") .loginDefaultDirectory(withUsername: "support@auth0.com", password: "secret password", audience: "https://myapi.com/api", scope: "openid profile email offline_access") .start { print($0) }
Default Implementation
Declaration
Swift
func loginDefaultDirectory(withUsername username: String, password: String, audience: String?, scope: String) -> Request<Credentials, AuthenticationError>
Parameters
username
Username or email of the user.
password
Password of the user.
audience
API Identifier that your application is requesting access to.
scope
Space-separated list of requested scope values.
Return Value
A request that will yield Auth0 user’s credentials.
-
signup(email:
Default implementationusername: password: connection: userMetadata: rootAttributes: ) Creates a user in a database connection.
Auth0 .authentication(clientId: clientId, domain: "samples.auth0.com") .signup(email: "support@auth0.com", password: "secret password", connection: "Username-Password-Authentication") .start { result in switch result { case .success(let user): print("User signed up: \(user)") case .failure(let error): print("Failed with: \(error)") } }
You can also add additional metadata when creating the user:
Auth0 .authentication(clientId: clientId, domain: "samples.auth0.com") .signup(email: "support@auth0.com", password: "secret password", connection: "Username-Password-Authentication", userMetadata: ["first_name": "John", "last_name": "Appleseed"]) .start { print($0) }
If the database connection requires a username:
Auth0 .authentication(clientId, domain: "samples.auth0.com") .signup(email: "support@auth0.com", username: "support", password: "secret password", connection: "Username-Password-Authentication") .start { print($0) }
Default Implementation
Declaration
Swift
func signup(email: String, username: String?, password: String, connection: String, userMetadata: [String : Any]?, rootAttributes: [String : Any]?) -> Request<DatabaseUser, AuthenticationError>
Parameters
email
Email for the new user.
username
Username for the new user (if the connection requires a username). Defaults to
nil
.password
Password for the new user.
connection
Name of the connection where the user will be created (database connection).
userMetadata
Additional user metadata parameters that will be added to the newly created user.
rootAttributes
Root attributes that will be added to the newly created user. These will not overwrite existing parameters. See https://auth0.com/docs/api/authentication#signup for the full list of supported attributes.
Return Value
A request that will yield a newly created database user (just the email, username, and email verified flag).
-
Resets the password of a database user.
Auth0 .authentication(clientId: clientId, domain: "samples.auth0.com") .resetPassword(email: "support@auth0.com", connection: "Username-Password-Authentication") .start { print($0) }
Declaration
Swift
func resetPassword(email: String, connection: String) -> Request<Void, AuthenticationError>
Parameters
email
Email of the database user.
connection
Name of the database connection.
Return Value
A request for resetting the password.
-
startPasswordless(email:
Default implementationtype: connection: ) Starts passwordless authentication by sending an email with an OTP code. This is the first part of the passwordless login flow.
Auth0 .authentication(clientId: clientId, domain: "samples.auth0.com") .startPasswordless(email: "support@auth0.com") .start { print($0) }
If you have configured iOS Universal Links:
Auth0 .authentication(clientId: clientId, domain: "samples.auth0.com") .startPasswordless(email: "support@auth0.com", type: .iOSLink) .start { print($0) }
Requires
Passwordless OTP Granthttp://auth0.com/oauth/grant-type/passwordless/otp
. Check our documentation for more information.See
Error ResponsesDefault Implementation
Declaration
Swift
func startPasswordless(email: String, type: PasswordlessType, connection: String) -> Request<Void, AuthenticationError>
Parameters
email
Email where to send the code or link.
type
Type of passwordless authentication. Defaults to ‘code’.
connection
Name of the passwordless connection. Defaults to ‘email’.
Return Value
A request for starting the passwordless flow.
-
startPasswordless(phoneNumber:
Default implementationtype: connection: ) Starts passwordless authentication by sending an SMS with an OTP code. This is the first part of the passwordless login flow.
Auth0 .authentication(clientId: clientId, domain: "samples.auth0.com") .startPasswordless(phoneNumber: "+12025550135") .start { print($0) }
If you have configured iOS Universal Links:
Auth0 .authentication(clientId: clientId, domain: "samples.auth0.com") .startPasswordless(phoneNumber: "+12025550135", type: .iOSLink) .start { print($0) }
Requires
Passwordless OTP Granthttp://auth0.com/oauth/grant-type/passwordless/otp
. Check our documentation for more information.See
Error ResponsesDefault Implementation
Declaration
Swift
func startPasswordless(phoneNumber: String, type: PasswordlessType, connection: String) -> Request<Void, AuthenticationError>
Parameters
phoneNumber
Phone number where to send the SMS with the code or link.
type
Type of passwordless authentication. Defaults to ‘code’.
connection
Name of the passwordless connection. Defaults to ‘sms’.
Return Value
A request for starting the passwordless flow.
-
Returns OIDC standard claims information by performing a request to the
/userinfo
endpoint.Auth0 .authentication(clientId, domain: "samples.auth0.com") .userInfo(withAccessToken: credentials.accessToken) .start { result in switch result { case .success(let user): print("Obtained user: \(user)") case .failure(let error): print("Failed with: \(error)") } }
Declaration
Swift
func userInfo(withAccessToken accessToken: String) -> Request<UserInfo, AuthenticationError>
Parameters
accessToken
Access Token obtained by authenticating the user.
Return Value
A request that will yield user information.
-
Performs the last step of Proof Key for Code Exchange (PKCE). This will request the user’s token using the code and its verifier after a request to
/oauth/authorize
.Auth0 .authentication(clientId: clientId, domain: "samples.auth0.com") .codeExchange(withCode: "code", codeVerifier: "code verifier", redirectURI: "https://samples.auth0.com/callback") .start { result in switch result { case .success(let credentials): print("Obtained credentials: \(credentials)") case .failure(let error): print("Failed with: \(error)") } }
See
RFC 7636Declaration
Swift
func codeExchange(withCode code: String, codeVerifier: String, redirectURI: String) -> Request<Credentials, AuthenticationError>
Parameters
code
Code returned after a request to
/oauth/authorize
.codeVerifier
Verifier used to generate the challenge sent in the request to
/oauth/authorize
.redirectURI
Redirect URI sent in the request to
/oauth/authorize
.Return Value
A request that will yield Auth0 user’s credentials.
-
renew(withRefreshToken:
Default implementationscope: ) Renews the user’s credentials using a Refresh Token.
Auth0 .renew(withRefreshToken: credentials.refreshToken) .start { result in switch result { case .success(let credentials): print("Obtained new credentials: \(credentials)") case .failure(let error): print("Failed with: \(error)") } }
You can get a downscoped Access Token by requesting fewer scopes than were requested on login:
Auth0 .renew(withRefreshToken: credentials.refreshToken, scope: "openid offline_access") .start { print($0) }
Default Implementation
Declaration
Swift
func renew(withRefreshToken refreshToken: String, scope: String?) -> Request<Credentials, AuthenticationError>
Parameters
refreshToken
The Refresh Token.
scope
Space-separated list of scope values to request. Defaults to
nil
, which will ask for the same scopes that were requested on login.Return Value
A request that will yield Auth0 user’s credentials.
-
Revokes a user’s Refresh Token by performing a request to the
/oauth/revoke
endpoint.Auth0 .authentication(clientId: clientId, domain: "samples.auth0.com") .revoke(refreshToken: credentials.refreshToken) .start { print($0) }
See
Error ResponsesDeclaration
Swift
func revoke(refreshToken: String) -> Request<Void, AuthenticationError>
Parameters
refreshToken
The Refresh Token to revoke.
Return Value
A request for revoking the Refresh Token.
-
Returns JSON Web Key Set (JWKS) information from the
/.well-known/jwks.json
endpoint.Auth0 .authentication(clientId: clientId, domain: "samples.auth0.com") .jwks() .start { result in switch result { case .success(let jwks): print("Obtained JWKS: \(jwks)") case .failure(let error): print("Failed with: \(error)") } }
Declaration
Swift
func jwks() -> Request<JWKS, AuthenticationError>
Return Value
A request that will yield JWKS information.