Auth0 is an authentication broker that supports social identity providers as well as enterprise identity providers such as Active Directory, LDAP, Google Apps and Salesforce.
Lock makes it easy to integrate SSO in your app. You won't have to worry about:
Need help migrating from v1? Please check our Migration Guide.
Lock.swift uses Auth0.swift 1.x.
If you are using Cocoapods, add this line to your Podfile
:
pod "Lock", "~> 2.24"
Then run pod install
.
For more information on Cocoapods, check their official documentation.
If you are using Carthage, add the following line to your Cartfile
:
github "auth0/Lock.swift" ~> 2.24
Then run carthage bootstrap --use-xcframeworks --platform iOS
.
For more information about Carthage usage, check their official documentation.
If you are using the Swift Package Manager, open the following menu item in Xcode:
File > Add Packages...
In the Search or Enter Package URL search box enter this url:
https://github.com/auth0/Lock.swift.git
Then select the dependency rule and press Add Package.
For further reference on SPM, check its official documentation.
First import Lock:
import Lock
Next in your AppDelegate.swift
add the following:
func application(_ app: UIApplication, open url: URL, options: [UIApplication.OpenURLOptionsKey : Any] = [:]) -> Bool {
return Lock.resumeAuth(url, options: options)
}
In order to use Lock you need to provide your Auth0 Client ID and Domain.
The Auth0 Client ID & Domain can be found in your Auth0 Dashboard
In your application bundle you can add a plist
file named Auth0.plist
with the following information:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>ClientId</key>
<string>{YOUR_CLIENT_ID}</string>
<key>Domain</key>
<string>{YOUR_DOMAIN}</string>
</dict>
</plist>
Lock Classic handles authentication using Database, Social & Enterprise connections.
It is strongly encouraged that this SDK be used in OIDC Conformant mode. When this mode is enabled, it will force the SDK to use Auth0's current authentication pipeline and will prevent it from reaching legacy endpoints. By default this is false
.
.withOptions {
$0.oidcConformant = true
}
For more information, please see the OIDC adoption guide.
To show Lock, add the following snippet in your UIViewController
:
Lock
.classic()
.withOptions {
$0.closable = false
$0.oidcConformant = true
}
.withStyle {
$0.title = "Welcome to my App!"
}
.onAuth {
print("Obtained credentials \($0)")
}
.onError {
print("Failed with \($0)")
}
.onCancel {
print("User cancelled")
}
.present(from: self)
Since June 2017 new Clients no longer have the Password Grant Type enabled by default. If you are using a Database Connection in Lock then you will need to enable the Password Grant Type, please follow this guide.
Lock will automatically load your application configuration automatically, if you wish to override this behaviour you can manually specify which of your connections to use.
Before presenting Lock you can tell it what connections it should display and use to authenticate an user. You can do that by calling the method and supply a closure that can specify the connections.
.withConnections {
$0.database(name: "Username-Password-Authentication", requiresUsername: true)
}
.withConnections { connections in
connections.social(name: "facebook", style: .Facebook)
connections.social(name: "google-oauth2", style: .Google)
}
.withConnections { connections in
connections.enterprise(name: "customAD", domains: ["domain1.com", "domain2.com"])
connections.enterprise(name: "alternativeAD", domains: ["domain3.com"], style: .Microsoft)
}
If you are using Custom Domains, you will need to set the configurationBaseURL
to your Auth0 Domain so the Lock configuration can
be read correctly:
.withOptions {
$0.configurationBase = "https://<YOUR DOMAIN>.auth0.com"
}
You can easily turn on/off logging capabilities:
Lock
.classic()
.withOptions {
$0.logLevel = .all
$0.logHttpRequest = true
}
Lock provides many styling options to help you apply your own brand identity to Lock.
iPad presentation is show in a modal popup, this can be disabled to use full screen as follows:
.withStyle {
$0.modalPopup = false
}
.withStyle {
$0.title = "Company LLC"
$0.logo = UIImage(named: "company_logo")
$0.primaryColor = UIColor(red: 0.6784, green: 0.5412, blue: 0.7333, alpha: 1.0)
}
You can explore the full range of styling options in Style.swift
.withStyle {
$0.oauth2["slack"] = AuthStyle(
name: "Slack",
color: UIColor(red: 0.4118, green: 0.8078, blue: 0.6588, alpha: 1.0),
withImage: UIImage(named: "ic_slack")
)
}
Lock Passwordless handles authentication using Passwordless & Social Connections.
The Passwordless feature requires your application to have the Passwordless OTP Grant Type enabled. Check this article for more information.
To use Passwordless Authentication with Lock, you need to configure it with OIDC Conformant Mode set to true
.
OIDC Conformant Mode will force Lock to use Auth0's current authentication pipeline and will prevent it from reaching legacy endpoints. By default this mode is disabled. For more information, please see the OIDC adoption guide.
To show Lock, add the following snippet in your UIViewController
:
Lock
.passwordless()
.withOptions {
$0.oidcConformant = true
}
.withStyle {
$0.title = "Welcome to my App!"
}
.onAuth {
print("Obtained credentials \($0)")
}
.onError {
print("Failed with \($0)")
}
.onCancel {
print("User cancelled")
}
.onPasswordless {
print("Passwordless requested for \($0)")
}
.present(from: self)
Notes:
When using Lock Passwordless the default passwordlessMethod
is .code
which sends the user a one time passcode to login. If you want to use Universal Links you can add the following:
.withOptions {
$0.passwordlessMethod = .magicLink
}
If you are using Lock Passwordless and have specified the .magicLink
option to send the user a universal link then you will need to add the following to your AppDelegate.swift
:
func application(_ application: UIApplication, continue userActivity: NSUserActivity, restorationHandler: @escaping ([UIUserActivityRestoring]?) -> Void) -> Bool {
return Lock.continueAuth(using: userActivity)
}
.withConnections {
$0.sms(name: "sms")
}
.withConnections {
$0.email(name: "email")
}
Lock provides numerous options to customize the Lock experience.
Allows Lock to be dismissed by the user. By default this is false
.
.withOptions {
$0.closable = true
}
By default Lock will use Auth0's Terms of Service and Privacy Policy:
.withOptions {
$0.termsOfService = "https://mycompany.com/terms"
$0.privacyPolicy = "https://mycompany.com/privacy"
}
Database connection will require explicit acceptance of terms of service:
.withOptions {
$0.mustAcceptTerms = true
}
Database connection will display the Terms & Service dialog. Default is true
.
.withOptions {
$0.showTerms = true
}
Note: Terms will always be shown if the mustAcceptTerms
flag has been enabled.
.off
, Syslog logging levels are supported.false
print
statement..withOptions {
$0.logLevel = .all
$0.logHttpRequest = true
$0.loggerOutput = CleanroomLockLogger()
}
In the code above, the loggerOutput has been set to use CleanroomLogger. This can typically be achieved by implementing the loggerOutput protocol. You can of course use your favorite logger library.
class CleanroomLockLogger: LoggerOutput {
func message(_ message: String, level: LoggerLevel, filename: String, line: Int) {
let channel: LogChannel?
switch level {
case .debug:
channel = Log.debug
case .error:
channel = Log.error
case .info:
channel = Log.info
case .verbose:
channel = Log.verbose
case .warn:
channel = Log.warning
default:
channel = nil
}
channel?.message(message, filePath: filename, fileLine: line)
}
}
Scope used for authentication. By default is openid
. It will return not only the access_token, but also an id_token which is a JSON Web Token (JWT) containing user information.
.withOptions {
$0.scope = "openid name email picture"
}
Allows you to set provider scopes for oauth2/social connections with a comma separated list. By default is empty.
.withOptions {
$0.connectionScope = ["facebook": "user_friends,email"]
.Login, .Signup, .ResetPassword
.login
.[.Username, .Email]
. However it's important to note that this option is only active if you have set the requires_username flag to true
in your Auth0 Dashboard.withOptions {
$0.allow = [.Login, .ResetPassword]
$0.initialScreen = .login
$0.usernameStyle = [.Username]
}
When signing up the default information requirements are the user's email and password. You can expand your data capture requirements as needed.
If you want to save the value of the attribute in the root of a user's profile, ensure you set the storage
parameter to .rootAttribute
. Only a subset of values can be stored this way. The list of attributes that can be added to your root profile is here. By default, every additional sign up field is stored inside the user's user_metadata
object.
When signing up, your app may need to assign values to the user's profile that are not entered by the user. The hidden
property of CustomTextField
prevents the signup field from being shown to the user, allowing your app to assign default values to the user profile.
.withOptions {
$0.customSignupFields = [
CustomTextField(name: "first_name", placeholder: "First Name", storage: .rootAttribute, icon: UIImage(named: "ic_person", bundle: Lock.bundle), contentType: .givenName),
CustomTextField(name: "last_name", placeholder: "Last Name", storage: .rootAttribute, icon: UIImage(named: "ic_person", bundle: Lock.bundle), contentType: .familyName),
CustomTextField(name: "referral_code", placeholder: "Referral Code", defaultValue: referralCode, hidden: true)
]
}
Note: You must specify the icon to use with your custom text field and store it in your App's bundle.
This functionality has been removed as of Release 2.18 due to the 1Password extension using deprecated methods, which can result in your app being rejected by the AppStore. This functionality was superseded in iOS 12 when Apple introduced the integration of password managers into login forms.
The following options are now deprecated:
.withOptions {
$0.passwordManager.enabled = false
$0.passwordManager.appIdentifier = "www.myapp.com"
$0.passwordManager.displayName = "My App"
}
You may also safely remove the following entry from your app's Info.plist
:
<key>LSApplicationQueriesSchemes</key>
<array>
<string>org-appextension-feature-password-management</string>
</array>
By default a show password icon is shown in password fields to toggle visibility of the input text. You can disable this using the allowShowPassword
option:
.withOptions {
$0.allowShowPassword = false
}
Note: Show password will not be available if the Password Manager is available.
john.doe@auth0.com
will be john.doe
. If you don't want that you can turn on this flag and it will just use the email address..withOptions {
$0.activeDirectoryEmailAsUsername = true
$0.enterpriseConnectionUsingActiveAuth = ["enterprisedomain.com"]
}
Auth0 helps you to:
If you have found a bug or to request a feature, please raise an issue. Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.
This project is licensed under the MIT license. See the LICENSE file for more info.
link |
Stars: 242 |
Last commit: 2 weeks ago |
Swiftpack is being maintained by Petr Pavlik | @ptrpavlik | @swiftpackco | API | Analytics