Skip to main content

Use AI to integrate Auth0

If you use an AI coding assistant like Claude Code, Cursor, or GitHub Copilot, you can add Auth0 authentication automatically in minutes using agent skills.Install:
Then ask your AI assistant:
Your AI assistant will automatically create your Auth0 application, fetch credentials, add the auth0_flutter SDK dependency, configure the Android and iOS callback URLs, and implement Web Auth login/logout with secure credential storage. Full agent skills documentation →
This guide demonstrates how to integrate Auth0 with a Flutter application using the Auth0 Flutter SDK. This guide covers setup for Android, iOS, and macOS platforms.
The Auth0 Flutter SDK also supports Web and Windows (beta). These platforms have dedicated quickstarts:

Get Started

1

Create a new Flutter project

Create a new Flutter project for this quickstart.In your terminal:
  1. Navigate to your workspace directory
  2. Run: flutter create auth0_flutter_sample
  3. Navigate into the project: cd auth0_flutter_sample
  4. Open in your IDE:
    • VS Code: code .
    • Android Studio: open -a "Android Studio" .
This creates a modern Flutter app with the latest project structure. Run flutter doctor to verify your environment is set up correctly.
2

Install the Auth0 Flutter SDK

Add the Auth0 Flutter SDK to your project using the Flutter CLI.
This will add auth0_flutter to your pubspec.yaml dependencies:
pubspec.yaml
The Auth0 Flutter SDK requires Flutter 3.24.0+ and Dart 3.5.0+. Run flutter doctor to verify your environment meets these requirements.
3

Setup your Auth0 App

Next up, you need to create a new app on your Auth0 tenant and configure the callback URLs.
  1. Head to the Auth0 Dashboard
  2. Click on Applications > Applications > Create Application
  3. In the popup, enter a name for your app, select Native as the app type and click Create
  4. Switch to the Settings tab on the Application Details page
  5. Note down the Domain and Client ID values - you’ll need these later
On the Settings tab, configure the following URLs based on your target platform(s):Allowed Callback URLs:
Allowed Logout URLs:Add the same URLs from the callback configuration above to the Allowed Logout URLs field.
Allowed Callback URLs are a critical security measure to ensure users are safely returned to your application after authentication. Without a matching URL, the login process will fail.Allowed Logout URLs are essential for providing a seamless user experience upon signing out. Without a matching URL, users will not be redirected back to your application after logout.For example, if your Auth0 domain is example.us.auth0.com and your Android package name is com.example.myapp, your Android callback URL would be: https://example.us.auth0.com/android/com.example.myapp/callback
Important: Ensure the package name (Android) or bundle identifier (iOS/macOS) in your callback URLs matches your actual app identifier. If authentication fails, verify these values are identical.
4

Configure Your Application

Platform-specific configuration is required to enable the authentication flow. Follow the instructions for each platform you’re targeting.
Open the android/app/build.gradle file and add the following manifest placeholders inside android > defaultConfig:
android/app/build.gradle
Replace {yourDomain} with your Auth0 domain (e.g., example.us.auth0.com).https schemeTo use https scheme for your callback url, set up Android app links for your application.For Biometric Authentication (Optional):If you plan to use biometric authentication, update your MainActivity.kt to extend FlutterFragmentActivity:
android/app/src/main/kotlin/.../MainActivity.kt
Android: Ensure the auth0Domain value matches your Auth0 domain exactly. If authentication fails, verify this value is identical to the domain shown in your Auth0 Dashboard.iOS/macOS: Universal Links require a paid Apple Developer account and iOS 17.4+/macOS 14.4+. On older versions, the SDK automatically falls back to custom URL schemes.
5

Implement Login and Logout

Universal Login is the easiest way to set up authentication in your application. We recommend using it for the best experience, best security, and the fullest array of features.Implement Login:Import the Auth0 Flutter SDK and create an Auth0 instance:
lib/auth_service.dart
Implement Logout:
lib/auth_service.dart
iOS/macOS: The useHTTPS: true parameter enables Universal Links on iOS 17.4+ and macOS 14.4+ for enhanced security.Android: If you are using a custom scheme, pass this scheme to the login method so that the SDK can route to the login page and back again correctly:
6

Show User Profile Information

The user profile is automatically retrieved when the user logs in. The Credentials object contains a user property with all the user profile information, populated by decoding the ID token.
lib/profile_screen.dart
Request the appropriate scopes during login to access specific user profile fields. The default scopes are openid, profile, email, and offline_access.
7

Run your app

Build and run your Flutter application.In your terminal:
Expected flow:
  1. App launches with your login UI
  2. User taps Log In → Browser/Custom Tab opens with Auth0 Universal Login
  3. User completes authentication
  4. Browser redirects back to your app
  5. User is now authenticated and credentials are stored
CheckpointYou should now have a fully functional Auth0 login experience in your Flutter application. The app uses secure browser-based authentication and automatically stores credentials for session persistence.

Troubleshooting & Advanced Usage

Callback URL Mismatch

Symptom: Error “redirect_uri_mismatch” or authentication fails silently.Solutions:
  1. Check Allowed Callback URLs in Auth0 Dashboard match your app configuration exactly
  2. Verify the scheme (https:// vs http://)
  3. Ensure the package name (Android) or bundle identifier (iOS/macOS) is correct
  4. Check for trailing slashes

Android: Chrome Custom Tab Doesn’t Open

Symptom: Nothing happens when calling login().Fix:
  1. Verify manifestPlaceholders are correctly set in build.gradle
  2. Ensure internet permission is in AndroidManifest.xml:
  3. Check that Chrome or another browser is installed on the device

iOS: “Open in App” Alert

Symptom: Alert box appears asking to open in your app.Fix: This is expected behavior with ASWebAuthenticationSession. To remove it:
  • Use Universal Links (requires iOS 17.4+ and paid Apple Developer account)
  • Or set useEphemeralSession: true (disables SSO):

Authentication cancelled by user

Handle gracefully in your error handling:
The Auth0 Flutter SDK includes a built-in Credentials Manager that securely stores user credentials. On mobile platforms, credentials are encrypted and stored in the platform’s secure storage (Keychain on iOS/macOS, encrypted SharedPreferences on Android).

Check for Stored Credentials

Before prompting the user to log in, check if valid credentials already exist:
lib/auth_service.dart

Retrieve Stored Credentials

Retrieve credentials to access tokens or user information. The Credentials Manager automatically refreshes expired tokens when possible:
lib/auth_service.dart
You don’t need to manually store credentials after login—the SDK handles this automatically. You also don’t need to manually refresh tokens; the Credentials Manager refreshes them when needed.
Handle authentication errors gracefully to provide a good user experience.
lib/auth_service.dart

Enhanced Credential Security with Biometrics

Implement biometric authentication for credential access on mobile:
lib/secure_auth_service.dart
Android: Requires MainActivity to extend FlutterFragmentActivity as configured in Step 4.iOS/macOS: Requires adding NSFaceIDUsageDescription to your Info.plist.

Custom Scopes and Audience

Request specific scopes and audience for your API:
lib/auth_service.dart

Organizations (B2B/Enterprise)

Authenticate users within a specific organization:
lib/auth_service.dart

App Store Preparation

  • Configure Universal Links (iOS) and App Links (Android) for seamless authentication
  • Test on multiple device sizes and OS versions
  • Implement proper error handling for network failures
  • Add ProGuard rules for Android if using code obfuscation
  • Follow platform-specific App Store/Play Store policies

Security Considerations

  • Use the built-in Credentials Manager for production credential storage
  • Enable biometric authentication for sensitive operations
  • Consider certificate pinning for additional API security
  • Implement proper token refresh handling
  • Use useHTTPS: true for Universal Links on supported platforms

Next Steps

Check out the EXAMPLES.md file in the SDK repository for comprehensive code examples covering advanced scenarios like DPoP, biometric authentication, passwordless login and many more features.