Loading...
Loading...
Use when adding Auth0 login or token management to a .NET iOS application. Integrates Auth0.OidcClient.iOS — use even if the user says "add login to my .NET iOS app" or references Xamarin iOS.
npx skill4agent add auth0/agent-skills auth0-net-iosAuth0.OidcClient.iOSASWebAuthenticationSessionAgent instruction: Before providing SDK setup instructions, fetch the latest release version by running:bashgh api repos/auth0/auth0-oidc-client-net/releases --jq '[.[] | select(.tag_name | startswith("ios-")) | .tag_name | ltrimstr("ios-")] | .[0]'Use the returned version in all dependency lines instead of any hardcoded version below.
net9.0-ios| Use Case | Recommended Skill |
|---|---|
| .NET MAUI cross-platform app (iOS + Android + Windows) | |
| .NET Android-only app | |
| iOS-only Swift app | |
| ASP.NET Core server-side web app | |
| ASP.NET Core Web API (JWT validation) | |
| React Native mobile app | |
Agent instruction: Before starting, examine the user's project:
- Identify the .NET version from the
file (.csproj)TargetFramework- Check for existing authentication implementations — search for existing login/logout handlers and hook into them if found (reuse existing UI elements like login buttons rather than creating duplicates)
- Note the project's Bundle Identifier from
orInfo.plist.csproj- Look for existing
orAuth0Clientusage to avoid duplicate configurationAuth0ClientOptions
dotnet add package Auth0.OidcClient.iOSAuth0ClientInfo.plistOpenUrlAppDelegateActivityMediator.Instance.Send(url.AbsoluteString)dotnet buildAgent instruction: When writing the Auth0Client configuration:
- The iOS SDK does NOT require passing an Activity context — just
.new Auth0Client(options)- Always set
— theScope = "openid profile email offline_access"scope is required to receive refresh tokens, enabling silent token renewal without re-prompting the user.offline_access- The callback URL is automatically derived from the Bundle Identifier:
.{BundleId}://{domain}/ios/{BundleId}/callback- The Bundle Identifier must be registered as a URL scheme in
.Info.plist- The
must handleAppDelegateand callOpenUrl.ActivityMediator.Instance.Send(url.AbsoluteString)- Store tokens securely: After successful login, persist
andAccessTokenusing iOS Keychain (viaRefreshTokenframework or a wrapper likeSecurity). Never store tokens inKeychainAccessor in-memory variables only.UserDefaultsAfter writing configuration and code, verify the build succeeds:bashdotnet buildIf the build fails, attempt to fix the issue. After 5-6 failed attempts, ask the user for help.
LoginAsync()/authorize{BundleId}://{domain}/ios/{BundleId}/callbackAppDelegate.OpenUrlActivityMediator.Instance.Send(url.AbsoluteString)LoginResultYOUR_BUNDLE_IDENTIFIER://YOUR_AUTH0_DOMAIN/ios/YOUR_BUNDLE_IDENTIFIER/callbackYOUR_BUNDLE_IDENTIFIERcom.mycompany.myapplicationcom.mycompany.myapp://tenant.us.auth0.com/ios/com.mycompany.myapp/callbackNote: Some Auth0 native SDKs useorhttps://{domain}/ios/{bundleId}/callbackas the callback URL format. The .NET iOS SDK uses the Bundle Identifier directly as the URL scheme.{bundleId}.auth0://{domain}/ios/{bundleId}/callback
Info.plistCFBundleURLSchemesAuth0.OidcClient.iOSAuth0ClientScope = "openid profile email offline_access"Info.plistAppDelegate.OpenUrlActivityMediator.Instance.Send(url.AbsoluteString)SecuritySecKeyChain.AddAuth0ClientOptions| Mistake | Fix |
|---|---|
| App type not set to Native in Auth0 Dashboard | Change application type to "Native" in Dashboard settings |
| Missing callback URL in Auth0 Dashboard | Add |
| Missing URL scheme in Info.plist | Add |
Not handling | Override |
Using | Domain should be hostname only (e.g., |
| Passing Activity context to Auth0Client (Android pattern) | iOS does not need context — just |
| URL scheme not matching Bundle Identifier | The CFBundleURLSchemes value must exactly match the Bundle Identifier |
Storing tokens in | Use iOS Keychain via the |
Agent instruction: Remind the user to test on a physical device in addition to simulators. Some WebAuth/ASWebAuthenticationSession behaviors may differ on physical devices vs. simulators. Test the full login → callback → token flow on real hardware before shipping.
OpenUrlUserCancelusing Auth0.OidcClient;
var client = new Auth0Client(new Auth0ClientOptions
{
Domain = "YOUR_AUTH0_DOMAIN",
ClientId = "YOUR_AUTH0_CLIENT_ID",
Scope = "openid profile email offline_access"
});
var loginResult = await client.LoginAsync();
BrowserResultType browserResult = await client.LogoutAsync();Agent instruction: Always includein the scope to enable refresh tokens. This allows the app to silently refresh access tokens without forcing the user to re-authenticate.offline_accessAgent instruction: After login, always persist tokens to the iOS Keychain using theframework (SecuritywithSecKeyChain.Add). Never store tokens inSecAccessible.WhenUnlockedThisDeviceOnlyor leave them only in memory. Clear tokens on logout. See Integration Patterns for the fullUserDefaultshelper class.SecureTokenStorage
CFBundleURLSchemesOpenUrlActivityMediator.Instance.Send(url.AbsoluteString)