📚 Documentation • 🚀 Getting Started • 💻 Sample App • 📃 Support Policy • 💬 Feedback
Composable UI building blocks for MFA enrollment and verification on iOS, built with SwiftUI Compose. This library provides ready-to-use components that integrate seamlessly with Auth0's authentication flows.
- Sample App
- API Documentation
- Theme System — customise colours, typography, spacing, radii, and component sizes
This library provides ready-to-use UI components for multi-factor authentication:
- 🔐 TOTP (Time-based One-Time Password) - Authenticator app support with QR code enrollment
- 📱 Push Notifications - Secure push-based authentication
- 💬 SMS OTP - Phone number verification via one-time codes
- 📧 Email OTP - Email-based verification
- 🔑 Recovery Codes - Backup authentication codes for account recovery
- 🔐 Passkeys - Passwordless authentication using FIDO2/WebAuthn standards (Requires iOS 16.6+, macOS 13.5+, visionOS 1.0+)
All components are built on top of the Auth0 Swift SDK and integrate with Auth0's My Account APIs.
⚠️ My Account APIs Required - This SDK requires My Account APIs which are currently in early access. Please reach out to Auth0 support to enable My Account APIs for your tenant.
⚠️ BETA RELEASE - This SDK is currently in beta. APIs may change before the stable release.
- iOS 16.0+
- macOS 14.0+
- visionOS 1.0+
- Swift 6.0+
- Xcode 26.0+
Add the following to your Podfile:
pod 'Auth0UniversalComponents'Then run pod install.
Add the following to your Package.swift:
.package(url: "https://github.com/auth0/ui-components-ios.git", from: "1.0.0")Or use Xcode: File → Add Packages → Enter the repository URL.
Add the following to your Cartfile:
github "auth0/ui-components-ios"
You can configure the SDK in two ways:
- Create
Auth0.plistin your Xcode project:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Domain</key>
<string>YOUR_AUTH0_DOMAIN.auth0.com</string>
<key>ClientId</key>
<string>YOUR_AUTH0_CLIENT_ID</string>
</dict>
</plist>- Ensure
Auth0.plistis added to your target's Build Phases.
Pass your credentials directly during initialization.
Initialize Auth0Dependencies in your app's entry point. This must be done before using any UI components.
import SwiftUI
import Auth0UniversalComponents
// Custom token provider
struct YourTokenProvider: TokenProvider {
func fetchAPICredentials(audience: String, scope: String) async throws -> APICredentials {
// Your custom logic to retrieve access token
}
}
@main
struct MyApp: App {
init() {
// Initialize with Auth0.plist
Auth0UniversalComponentsSDKInitializer.initialize(tokenProvider: YourTokenProvider())
// OR initialize programmatically
//Auth0UniversalComponentsSDKInitializer.initialize(session: URLSession = .shared,
// bundle: Bundle = .main,
// domain: "your-auth0-domain",
// clientId: "your_client_id",
// audience: "https://your-auth0-domain.auth0.com/me/",
// tokenProvider: YourTokenProvider())
}
var body: some Scene {
WindowGroup {
NavigationStack {
MyRootView()
.navigationDestination(for: AppRoute.self) { route in
// Your app's route handler
}
}
}
}
}Once initialized, embed MyAccountAuthMethodsView inside your app's NavigationStack. Use .embeddedInNavigationStack() and inject your navigation path so the SDK can push its internal screens onto your stack:
import SwiftUI
import Auth0UniversalComponents
@main
struct MyApp: App {
@StateObject private var router = Router<AppRoute>()
var body: some Scene {
WindowGroup {
NavigationStack(path: $router.path) {
MyRootView()
.navigationDestination(for: AppRoute.self) { route in
switch route {
case .authMethods:
MyAccountAuthMethodsView()
.embeddedInNavigationStack()
}
}
}
.environment(\.hostNavigationPath, $router.path)
.environmentObject(router)
}
}
}This SDK uses Universal Login for step-up authentication flows. When an MFA-required error is encountered, the SDK automatically initiates a step-up flow to allow users to complete the required MFA challenge.
To enable the step-up flow, configure the following in your Auth0 Tenant:
- Associated Domains - Add your app's associated domain to your Auth0 application settings
- Callback URLs - Configure the following in your Auth0 application:
- Add your app's callback URL (e.g.,
com.yourcompany.yourapp://YOUR_AUTH0_DOMAIN/ios/com.yourcompany.yourapp/callback) - Ensure it matches your app's URL scheme and associated domain configuration
- Add your app's callback URL (e.g.,
- In your Xcode project, enable Associated Domains capability
- Add your domain entitlement (e.g.,
applinks:YOUR_AUTH0_DOMAIN.auth0.com) - Configure your Auth0 application settings with the callback URL
- The SDK will automatically handle the Universal Login flow when MFA is required
For more detailed information on Universal Login configuration, associated domains, and callback URL setup, refer to the Auth0.swift SDK documentation.
Display and manage user's authentication methods.
MyAccountAuthMethodsView()Allows users to:
- View connected authenticators
- Enroll in new authentication methods (TOTP, Push, Email, SMS, Recovery Code)
- Remove authentication methods
| Authentication Methods | Manage Auth Methods |
|---|---|
 |
 |
| View connected authenticators | Delete/Add MFA |
This repository includes a sample app (AppUIComponents target) that demonstrates how to use the Auth0 UI Components SDK. You can use the sample app to explore the SDK's features and test the MFA components.
-
Clone the repository:
git clone https://github.com/auth0/ui-components-ios.git cd ui-components-ios -
Install dependencies using Carthage:
carthage bootstrap --use-xcframeworks
Use the bootstrap script to automatically create all required Auth0 resources and configure the sample app.
Prerequisites:
-
Login to Auth0 CLI with the required scopes:
auth0 login --scopes "create:client_grants,update:client_grants,delete:client_grants,create:connections,create:resource_servers,create:roles,create:users,read:client_keys,read:client_grants,read:clients,read:connections,read:resource_servers,read:roles,update:clients,update:connections,read:connection_profiles,create:connection_profiles,update:connection_profiles,create:user_attribute_profiles,update:user_attribute_profiles,read:user_attribute_profiles,update:resource_servers,update:roles,update:tenant_settings,update:prompts" auth0 tenants list # verify your tenant shows Active
-
Run the bootstrap script:
cd scripts npm install npm run auth0:bootstrap <your-tenant-domain>
This will:
- Create a Native application configured for the iOS sample app
- Enable the My Account API and create a Client Grant with MFA scopes
- Create a database connection and admin role
- Configure tenant settings for MFA
- Update
Auth0.plistwith the generated credentials
-
Create a Native application in your Auth0 tenant and note the Client ID and Domain.
-
Configure Allowed Callback URLs in your Auth0 Dashboard. Add:
https://YOUR_AUTH0_DOMAIN/ios/YOUR_BUNDLE_IDENTIFIER/callback, YOUR_BUNDLE_IDENTIFIER://YOUR_AUTH0_DOMAIN/ios/YOUR_BUNDLE_IDENTIFIER/callback
Replace `{scheme}` and `{domain}` with your values.
3. **Configure Auth0 credentials:**
**Important:** The `Auth0.plist` file is required for the sample app to build and run. You need to create this file.
- Create `AppUIComponents/Auth0.plist` in your Xcode project with your Auth0 tenant information:
```xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Domain</key>
<string>YOUR_AUTH0_DOMAIN.auth0.com</string>
<key>ClientId</key>
<string>YOUR_AUTH0_CLIENT_ID</string>
<key>Audience</key>
<string>https://YOUR_AUTH0_DOMAIN.auth0.com/api/v2/</string>
</dict>
</plist>
```
- Ensure the file is added to the `AppUIComponents` target in Build Phases
4. **Open the project in Xcode:**
```bash
open Auth0UniversalComponents.xcodeproj
-
Select the
AppUIComponentstarget from the scheme dropdown -
Build and run the app:
- Select any iOS simulator from the device dropdown (e.g., iPhone 15 Pro)
- Press
Cmd + Ror click the Run button - The app will build and launch in the simulator
To run the sample app on a physical device, you need to:
- Apple Developer Account: Your device must be registered in your Apple Developer account
- Update Bundle Identifier:
- Select the
AppUIComponentstarget in Xcode - Go to the "Signing & Capabilities" tab
- Update the bundle identifier to match your provisioning profile (e.g.,
com.yourcompany.AppUIComponents)
- Select the
- Code Signing: Ensure your team is selected and provisioning profile is valid
- Connect your device via USB and select it from the device dropdown
- Press
Cmd + Ror click the Run button
Note: Without a valid provisioning profile and registered device, you will encounter code signing errors when attempting to run on a physical device.
This Policy defines the extent of the support for Xcode, Swift, and platform (iOS, macOS, tvOS, and watchOS) versions in Auth0.swift.
The only supported versions of Xcode are those that can be currently used to submit apps to the App Store. Once a Xcode version becomes unsupported, dropping it from Auth0.swift will not be considered a breaking change, and will be done in a minor release.
The minimum supported Swift minor version is the one released with the oldest-supported Xcode version. Once a Swift minor becomes unsupported, dropping it from Auth0.swift will not be considered a breaking change, and will be done in a minor release.
We support only the last four major versions of any platform, including the current major version.
Once a platform version becomes unsupported, dropping it from ui-components-ios will not be considered a breaking change, and will be done in a minor release. For example, iOS 14 will cease to be supported when iOS 18 gets released, and ui-components-ios will be able to drop it in a minor release.
In the case of macOS, the yearly named releases are considered a major platform version for the purposes of this Policy, regardless of the actual version numbers.
We appreciate feedback and contribution to this repo! Before you get started, please see the following:
- Auth0's general contribution guidelines
- Auth0's code of conduct guidelines
- ui-components-ios's contribution guide
To provide feedback or report a bug, please raise an issue on our issue tracker.
Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.
Auth0 is an easy-to-implement, adaptable authentication and authorization platform. To learn more check out Why Auth0?
This project is licensed under the Apache License 2.0. See the LICENSE file for more info.
Copyright 2025 Okta, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.