Add Login to Your Ionic Angular with Capacitor Application
Auth0 allows you to quickly add authentication and access user profile information in your application. This guide
demonstrates how to integrate Auth0 with an Ionic (Angular) & Capacitor application using the Auth0 Angular SDK.
1
Getting started
This quickstart assumes you already have an Ionic application up and running with Capacitor. If not, check out the Using
Capacitor with Ionic Framework guide to get started with a simple app, or clone our sample
apps.You should also be familiar with the Capacitor development workflow.
2
Configure Auth0
To use Auth0 services, you need to have an application set up in the Auth0 Dashboard. The Auth0 application is
where you will configure how you want authentication to work for your project.Lastly, be sure that the Application Type for your application is set to Native in the Application Settings.
Throughout this article,
YOUR_PACKAGE_ID is your application’s package ID. This can be
found and configured in the appId field in your capacitor.config.ts file. See
Capacitor’s Config schema for more info.Configure an application
Use the interactive selector to create a new Auth0 application or select an existing application that represents the project you want to integrate with. Every application in Auth0 is assigned an alphanumeric, unique client ID that your application code will use to call Auth0 APIs through the SDK.Any settings you configure using this quickstart will automatically update for your application in the Dashboard, which is where you can manage your applications in the future.If you would rather explore a complete configuration, you can view a sample application instead.Configure Callback URLs
A callback URL is a URL in your application that you would like Auth0 to redirect users to after they have authenticated. If not set, users will not be returned to your application after they log in.If you are following along with our sample project, set this to:
YOUR_PACKAGE_ID://{yourDomain}/capacitor/YOUR_PACKAGE_ID/callbackConfigure Logout URLs
A logout URL is a URL in your application that you would like Auth0 to redirect users to after they have logged out. If not set, users will not be able to log out from your application and will receive an error.If you are following along with our sample project, set this to:
YOUR_PACKAGE_ID://{yourDomain}/capacitor/YOUR_PACKAGE_ID/callbackConfigure Allowed Origins
To be able to make requests from your native application to Auth0, set the following Allowed Origins in your Application Settings.If you are following along with our sample project, set this to
capacitor://localhost, http://localhost for iOS and Android respectively.3
Install the Auth0 Angular SDK
Run the following command within your project directory to install the Auth0 Angular SDK:The SDK exposes several types that help you integrate Auth0 with your Angular application idiomatically,
including a module and an authentication service.
Install Capacitor plugins
This quickstart and sample make use of some of Capacitor’s official plugins. Install these into your app using the following command:- @capacitor/browser: Allows you to interact with the device’s system browser and is used to open the URL to Auth0’s authorization endpoint.
- @capacitor/app: Allows you to subscribe to high-level app events, useful for handling callbacks from Auth0.
Capacitor’s Browser plugin on iOS uses SFSafariViewController, which on iOS 11+ does not share
cookies with Safari on the device. This means that SSO will not work on those devices. If you need
SSO, please instead use a compatible plugin that uses ASWebAuthenticationSession.
4
Register and configure the authentication module
The SDK exports
AuthModule, a module that contains all the services required for the SDK to
function. This module should be registered with your application and be configured with your Auth0 domain and
Client ID.The AuthModule.forRoot function takes the following configuration:domain: Thedomainvalue present under the **Settings **of the application you created in the Auth0 Dashboard, or your custom domain if you are using Auth0’s custom domains feature.clientId: The Client ID value present under the **Settings **of the application you created in the Auth0 Dashboard.useRefreshTokens: To use auth0-angular with Ionic on Android and iOS, it’s required to enable refresh tokens.useRefreshTokensFallback: To use auth0-angular with Ionic on Android and iOS, it’s required to disable the iframe fallback.authorizationParams.redirect_uri: The URL to redirect your users after they authenticate with Auth0.
To persist authentication after closing and reopening the application, you may want to set
cacheLocation to localstorage when configuring the SDK, but please be aware of
the risks of
storing tokens in localstorage. Also, localstorage should be treated as transient in
Capacitor app as the data might be recovered unexpectedly in certain circumstances. Please read the guidance on storage in the Capacitor docs.Additionally, the SDK has the ability to use a custom cache implementation to store tokens, if
you have a requirement to use a more secure and persistent storage mechanism.Note that we recommend against using Capacitor’s Storage plugin to store tokens, as this is
backed by UserDefaults and SharedPreferences on iOS and Android respectively. Data stored using
these APIs is not encrypted, not secure, and could also be synced to the cloud.Checkpoint
Now that you have configured your app with the Auth0 Angular SDK, run your application to verify that the SDK is initializing without error, and that your application runs as it did before.5
Add login to your application
In a Capacitor application, the Capacitor’s Browser plugin performs a redirect to the Auth0 Universal Login Page. Set the
openUrl
parameter on the loginWithRedirect function to use Browser.open so that the URL is
opened using the device’s system browser component (SFSafariViewController on iOS, and Chrome
Custom Tabs on Android).By default, the SDK’s
loginWithRedirect method uses window.location.href to
navigate to the login page in the default browser application on the user’s device rather than the
system browser component appropriate for the platform. The user would leave your application to
authenticate and could make for a suboptimal user experience.Checkpoint
TheloginWithRedirect function tells the SDK to initiate the login flow, using the
Browser.open function to open the login URL with the platform’s system browser component by
setting the openUrl parameter. This provides a way for your user to log in to your
application. Users redirect to the login page at Auth0 and do not receive any errors.6
Handling the login callback
Once users logs in with the Universal Login Page, they redirect back to your app via a URL with a custom URL
scheme. The
appUrlOpen event must be handled within your app. You can call the
handleRedirectCallback method from the Auth0 SDK to initialize the authentication state.You can only use this method on a redirect from Auth0. To verify success, check for the presence of the
code and state parameters in the URL.The Browser.close() method should close the browser when this event is raised.Note that the appUrlOpen event callback is wrapped in ngZone.run. Changes to
observables that occur when handleRedirectCallback runs are picked up by the Angular app. To learn
more, read Using
Angular with Capacitor. Otherwise, the screen doesn’t update to show the authenticated state after log in.This article assumes you will be using Custom URL Schemes to handle the callback within your
application. To do this, register your
YOUR_PACKAGE_ID as a URL scheme for your chosen
platform. To learn more, read Defining a Custom URL Scheme for iOS, or Create Deep Links to App Content for Android.Checkpoint
Add theappUrlOpen to your application’s App component and log in. The browser
window should close once the user authenticates and logs in to your app.7
Add logout to your application
Now that users can log in, you need to configure a way to log
out. Users must redirect to the Auth0 logout endpoint in the browser to clear their browser session. Again,
Capacitor’s Browser plugin should perform this redirect so that the user does not leave your app and receive a
suboptimal experience.To achieve this with Ionic and Capacitor in conjunction with the Auth0 SDK:
- Construct the URL for your app Auth0 should use to redirect to after logout. This is a URL that uses your registered custom scheme and Auth0 domain. Add it to your **Allowed Logout URLs **configuration in the Auth0 Dashboard
- Logout from the SDK by calling
logout, and pass your redirect URL back as thelogoutParams.returnToparameter. - Set the
openUrlparameter to a callback that uses the Capacitor browser plugin to open the URL usingBrowser.open.
Similar to the login step, if you do not set
openUrl when calling logout, the
SDK redirects the user to the logout URL using the default browser application on the device, which
provides a suboptimal user experience.Checkpoint
Provide a way for your users to log out of your application. Verify the redirect to Auth0 and then to the address you specified in thereturnTo parameter. Make sure users are no longer logged in to
your application.8
Show the user profile
The Auth0 SDK retrieves the profile information
associated with logged-in users in whatever component you need, such as their name or profile picture, to
personalize the user interface. The profile information is available through the
user$ property
exposed by AuthService.Checkpoint
Provide a way for your users to see their user profile details within the app and verify you are able to retrieve and see your profile information on screen once you have logged in.Next Steps
Excellent work! If you made it this far, you should now have login, logout, and user profile information running in your application.This concludes our quickstart tutorial, but there is so much more to explore. To learn more about what you can do with Auth0, check out:- Auth0 Dashboard - Learn how to configure and manage your Auth0 tenant and applications
- Auth0 Marketplace - Discover integrations you can enable to extend Auth0’s functionality