Loading...
Loading...
Use when adding Auth0 login, logout, or biometric-protected credential storage to a Flutter mobile app (iOS or Android). Integrates auth0_flutter on the native platform — use even if the user says "add login to my Flutter app".
npx skill4agent add auth0/agent-skills auth0-flutter-nativeauth0_flutterCredentialsManagerAgent instruction: Before providing SDK setup instructions, fetch the latest release version by running one of:bashgh api repos/auth0/auth0-flutter/releases/latest --jq '.tag_name'bashflutter pub info auth0_flutter 2>/dev/null | head -5Or check pub.dev:bashcurl -s https://pub.dev/api/packages/auth0_flutter | python3 -c "import sys,json;print(json.load(sys.stdin)['latest']['version'])"Use the returned version in all dependency lines instead of any hardcoded version below. Current known version:.2.1.0
Auth0WebAgent instruction: Follow these steps in order. If you encounter an error at any step, attempt to fix it up to 5 times before callingto ask the user for guidance. Always search existing code first — if there are existing login/logout handlers, hook into them rather than creating new ones.AskUserQuestion
Agent instruction: Check the project directory for. If present, add the dependency. If not found, this is not a Flutter project — ask the user.pubspec.yamlRun in the project root:bashflutter pub add auth0_flutterVerify the dependency was added to:pubspec.yamlyamldependencies: auth0_flutter: ^2.1.0
Note: The Auth0 Domain and Client ID are public configuration (not secrets) — a native app uses PKCE with no client secret. Pass them directly to; there is no need to store them in environment variables or hide them.Auth0(domain, clientId)Agent instruction:
- If Auth0 credentials (domain AND client ID) are already in the user's prompt: Use those values directly in the
constructor and proceed to Step 3.Auth0(...)- If no credentials are provided: Ask the user which setup they prefer using
: "How would you like to set up the Auth0 application — automatic (I run the Auth0 CLI to create it) or manual (you create it in the Auth0 Dashboard and give me the Domain + Client ID)?"AskUserQuestion
- Automatic: Follow the Auth0 CLI steps in the Setup Guide to create the Native application.
- Manual: Ask the user for their Auth0 Domain and Client ID and use them directly.
Follow Setup Guide — Auth0 Configuration for the pre-flight checks and thecommand.auth0 apps create
Agent instruction: Edit(orandroid/app/build.gradle) and addbuild.gradle.ktsinsidemanifestPlaceholders. These supply the callback URL the SDK'sandroid { defaultConfig { ... } }intent filter registers — without them the app will not build correctly for Auth0.RedirectActivity
android/app/build.gradleandroid {
defaultConfig {
manifestPlaceholders = [auth0Domain: "YOUR_AUTH0_DOMAIN", auth0Scheme: "https"]
}
}android/app/build.gradle.ktsandroid {
defaultConfig {
manifestPlaceholders["auth0Domain"] = "YOUR_AUTH0_DOMAIN"
manifestPlaceholders["auth0Scheme"] = "https"
}
}Agent instruction: Useto use Android App Links (recommended). If the app targets a custom scheme instead, set it to a lowercase scheme string and pass the same scheme toauth0Scheme: "https"in Dart. See Setup Guide for details.webAuthentication(scheme: ...)
Agent instruction: For the default HTTPS (Universal Link) flow on iOS 17.4+, nochange is required, but the Associated Domains capability must be added in Xcode (Info.plist). For older iOS or a custom URL scheme, add awebcredentials:YOUR_AUTH0_DOMAINentry toCFBundleURLTypes:ios/Runner/Info.plist
<key>CFBundleURLTypes</key>
<array>
<dict>
<key>CFBundleTypeRole</key>
<string>None</string>
<key>CFBundleURLName</key>
<string>auth0</string>
<key>CFBundleURLSchemes</key>
<array>
<string>$(PRODUCT_BUNDLE_IDENTIFIER)</string>
</array>
</dict>
</array>Agent instruction: Register the platform-specific callback and logout URLs using the Auth0 CLI. Determine the Android package name (fromandroid/app/build.gradle) and the iOS bundle identifier (from Xcode /applicationId), then run the command below, replacing the placeholders (PRODUCT_BUNDLE_IDENTIFIER,CLIENT_ID,YOUR_DOMAIN,ANDROID_PACKAGE_NAME) with the project's values:IOS_BUNDLE_IDbashauth0 apps update CLIENT_ID \ --callbacks "https://YOUR_DOMAIN/android/ANDROID_PACKAGE_NAME/callback,https://YOUR_DOMAIN/ios/IOS_BUNDLE_ID/callback" \ --logout-urls "https://YOUR_DOMAIN/android/ANDROID_PACKAGE_NAME/callback,https://YOUR_DOMAIN/ios/IOS_BUNDLE_ID/callback" \ --no-input
https://YOUR_DOMAIN/android/YOUR_PACKAGE_NAME/callbackhttps://YOUR_DOMAIN/ios/YOUR_BUNDLE_ID/callbackAgent instruction: Search the project for the main app entry point (). Determine the state management approach:main.dart
- Look for
,provider,riverpod,bloc, orGetXimportsmobx- If none found, use basic
withStatefulWidgetsetStateThen follow only the matching path below. If ambiguous, ask via: "Which state management approach does your Flutter app use — Provider, Riverpod, Bloc, or basic setState?"AskUserQuestion
Agent instruction: Create anclass, then wire it into the app's root widget. Search for theAuthServiceorMaterialAppwidget and update accordingly. On startup, restore the session from theCupertinoAppcache.CredentialsManager
// lib/auth_service.dart
import 'package:auth0_flutter/auth0_flutter.dart';
class AuthService {
late final Auth0 _auth0;
Credentials? _credentials;
AuthService({required String domain, required String clientId}) {
_auth0 = Auth0(domain, clientId);
}
bool get isAuthenticated => _credentials != null;
UserProfile? get user => _credentials?.user;
/// Restore a stored session on app startup, if one exists.
Future<void> init() async {
final hasValid = await _auth0.credentialsManager.hasValidCredentials();
if (hasValid) {
_credentials = await _auth0.credentialsManager.credentials();
}
}
/// Launch Web Auth via the system browser. Tokens are stored automatically.
Future<void> login() async {
_credentials = await _auth0
.webAuthentication()
.login(scopes: {'openid', 'profile', 'email', 'offline_access'});
}
/// Clear the session in the browser and wipe stored credentials.
Future<void> logout() async {
await _auth0.webAuthentication().logout();
await _auth0.credentialsManager.clearCredentials();
_credentials = null;
}
}// lib/main.dart
import 'package:flutter/material.dart';
import 'package:auth0_flutter/auth0_flutter.dart'; // for WebAuthenticationException
import 'auth_service.dart';
void main() {
runApp(const MyApp());
}
class MyApp extends StatefulWidget {
const MyApp({super.key});
State<MyApp> createState() => _MyAppState();
}
class _MyAppState extends State<MyApp> {
final _authService = AuthService(
domain: 'YOUR_AUTH0_DOMAIN',
clientId: 'YOUR_AUTH0_CLIENT_ID',
);
bool _isLoading = true;
void initState() {
super.initState();
_initAuth();
}
Future<void> _initAuth() async {
await _authService.init();
setState(() => _isLoading = false);
}
Widget build(BuildContext context) {
return MaterialApp(
home: _isLoading
? const Scaffold(body: Center(child: CircularProgressIndicator()))
: _authService.isAuthenticated
? HomeScreen(authService: _authService, onChanged: _refresh)
: LoginScreen(authService: _authService, onChanged: _refresh),
);
}
void _refresh() => setState(() {});
}
class LoginScreen extends StatelessWidget {
final AuthService authService;
final VoidCallback onChanged;
const LoginScreen({super.key, required this.authService, required this.onChanged});
Widget build(BuildContext context) {
return Scaffold(
body: Center(
child: ElevatedButton(
onPressed: () async {
// Capture the messenger before the await to avoid using
// BuildContext across an async gap.
final messenger = ScaffoldMessenger.of(context);
try {
await authService.login();
onChanged();
} on WebAuthenticationException catch (e) {
messenger.showSnackBar(
SnackBar(content: Text('Login failed: ${e.message}')),
);
}
},
child: const Text('Log In'),
),
),
);
}
}
class HomeScreen extends StatelessWidget {
final AuthService authService;
final VoidCallback onChanged;
const HomeScreen({super.key, required this.authService, required this.onChanged});
Widget build(BuildContext context) {
final user = authService.user;
return Scaffold(
appBar: AppBar(
title: const Text('Home'),
actions: [
IconButton(
onPressed: () async {
await authService.logout();
onChanged();
},
icon: const Icon(Icons.logout),
),
],
),
body: Center(
child: Column(
mainAxisAlignment: MainAxisAlignment.center,
children: [
if (user?.pictureUrl != null)
CircleAvatar(
backgroundImage: NetworkImage(user!.pictureUrl.toString()),
radius: 40,
),
const SizedBox(height: 16),
Text('Welcome, ${user?.name ?? 'User'}!'),
Text(user?.email ?? ''),
],
),
),
);
}
}Agent instruction: If the project uses, createprovideras aAuthServiceand inject it viaChangeNotifierat the app root.ChangeNotifierProvider
// lib/auth_service.dart
import 'package:flutter/foundation.dart';
import 'package:auth0_flutter/auth0_flutter.dart';
class AuthService extends ChangeNotifier {
late final Auth0 _auth0;
Credentials? _credentials;
bool _isLoading = true;
AuthService({required String domain, required String clientId}) {
_auth0 = Auth0(domain, clientId);
}
bool get isAuthenticated => _credentials != null;
bool get isLoading => _isLoading;
UserProfile? get user => _credentials?.user;
Future<void> init() async {
if (await _auth0.credentialsManager.hasValidCredentials()) {
_credentials = await _auth0.credentialsManager.credentials();
}
_isLoading = false;
notifyListeners();
}
Future<void> login() async {
_credentials = await _auth0
.webAuthentication()
.login(scopes: {'openid', 'profile', 'email', 'offline_access'});
notifyListeners();
}
Future<void> logout() async {
await _auth0.webAuthentication().logout();
await _auth0.credentialsManager.clearCredentials();
_credentials = null;
notifyListeners();
}
}// lib/main.dart — wrap with ChangeNotifierProvider
import 'package:provider/provider.dart';
void main() {
runApp(
ChangeNotifierProvider(
create: (_) => AuthService(
domain: 'YOUR_AUTH0_DOMAIN',
clientId: 'YOUR_AUTH0_CLIENT_ID',
)..init(),
child: const MyApp(),
),
);
}Agent instruction: Run a build to verify the integration compiles without errors:bashflutter build apk --debug # Android flutter build ios --no-codesign # iOS (on macOS)Then run the app on a device or emulator to test:bashflutter runIf the build fails, review error messages and fix up to 5 times before asking the user.Physical device testing: Biometric protection (Face ID / Touch ID / fingerprint) cannot be exercised on a simulator/emulator — the iOS Simulator and Android emulator have limited or no biometric hardware. Test biometrics and the full Universal Login redirect on a real physical device before release.
manifestPlaceholdersInfo.plist| Mistake | Fix |
|---|---|
| Auth0 app type not set to Native | Create the application with |
Missing | Add |
Using | Mobile uses the |
Importing | Only import |
| Callback URL mismatch | Register |
| Scheme mismatch between Gradle and Dart | If |
| Custom scheme with uppercase letters on Android | Android custom schemes must be all lowercase |
| Biometrics prompt never appears on Android | |
| Not storing credentials after login | |
| Not restoring session on startup | Call |
Missing | Add |
Catching generic | Catch |
| API | Purpose |
|---|---|
| Create the SDK client |
| Launch Universal Login in the system browser |
| Clear the browser session |
| Use a custom URL scheme |
| Get stored credentials (auto-renews if expired) |
| Check for a valid stored session |
| Wipe stored credentials |
| Enable biometric protection of stored credentials |