Add authentication to an Ionic Angular application using the
SDK with Capacitor plugins for native iOS and Android. This skill covers login, logout, user profile display, and secure token management using the system browser (SFSafariViewController on iOS, Chrome Custom Tabs on Android) via Capacitor's Browser plugin.
Agent instruction: Follow these steps in order.
Always use
to let the developer choose between Automatic Setup and Manual Setup before proceeding — even if credentials are already provided in the prompt.
SECURITY — Never display credentials: After obtaining Auth0 credentials (domain, client ID) via the CLI or from a file, NEVER print, echo, or display them in your text output. Write them directly to the config file (
src/environments/environment.ts
) silently. Do NOT produce output like "Domain: xxx" or "Client ID: yyy". Instead, confirm that the config file has been written and tell the user where to find it.
UI reuse: Before creating new login/logout components, search the existing project for login/logout handlers or buttons. If found, hook Auth0 into the existing UI rather than creating duplicate components.
Agent instruction: Always present the setup choice using
— even if the user has already provided credentials:
AskUserQuestion:
question: "How would you like to configure Auth0 for your Ionic Angular app?"
options:
- label: "Automatic Setup (Recommended)"
description: "Uses the Auth0 CLI to create a Native application, configure callback URLs, and store credentials in your project automatically."
- label: "Manual Setup"
description: "You provide an .env file with your Auth0 Domain and Client ID, and the agent reads it and writes the project configuration for you."
Follow the chosen path in the Setup Guide which has the full step-by-step instructions for both options.
Note: For Automatic Setup, these URLs are configured automatically by the Auth0 CLI. For Manual Setup, the user must configure them in the Auth0 Dashboard.
Note: For local web development (
), also add
to Allowed Callback URLs, Allowed Logout URLs, and Allowed Web Origins.
The
function (or
) is the Angular equivalent of
— it acts as the
provider/wrapper that wraps the app and makes
available everywhere. For local web development with
, the callback URL is
.
typescript
import { ApplicationConfig } from '@angular/core';
import { provideAuth0 } from '@auth0/auth0-angular';
// Replace with your capacitor.config.ts appId and Auth0 domain
const appId = 'com.example.myapp';
const domain = 'YOUR_AUTH0_DOMAIN';
const callbackUri = `${appId}://${domain}/capacitor/${appId}/callback`;
export const appConfig: ApplicationConfig = {
providers: [
provideAuth0({
domain,
clientId: 'YOUR_AUTH0_CLIENT_ID',
useRefreshTokens: true,
useRefreshTokensFallback: false,
authorizationParams: {
redirect_uri: callbackUri,
},
}),
],
};
typescript
import { AuthModule } from '@auth0/auth0-angular';
const appId = 'com.example.myapp';
const domain = 'YOUR_AUTH0_DOMAIN';
const callbackUri = `${appId}://${domain}/capacitor/${appId}/callback`;
@NgModule({
imports: [
AuthModule.forRoot({
domain,
clientId: 'YOUR_AUTH0_CLIENT_ID',
useRefreshTokens: true,
useRefreshTokensFallback: false,
authorizationParams: {
redirect_uri: callbackUri,
},
}),
],
})
export class AppModule {}
Register the
listener at the app root so it persists across navigation:
typescript
import { Component, NgZone, OnInit } from '@angular/core';
import { AuthService } from '@auth0/auth0-angular';
import { Browser } from '@capacitor/browser';
import { App as CapApp } from '@capacitor/app';
import { mergeMap } from 'rxjs/operators';
@Component({
selector: 'app-root',
template: `<ion-app><ion-router-outlet></ion-router-outlet></ion-app>`,
})
export class AppComponent implements OnInit {
constructor(
private auth: AuthService,
private ngZone: NgZone
) {}
ngOnInit() {
CapApp.addListener('appUrlOpen', ({ url }) => {
this.ngZone.run(() => {
if (url.includes('state') && (url.includes('code') || url.includes('error'))) {
this.auth
.handleRedirectCallback(url)
.pipe(mergeMap(() => Browser.close()))
.subscribe();
}
});
});
}
}
typescript
import { Component } from '@angular/core';
import { AuthService } from '@auth0/auth0-angular';
import { Browser } from '@capacitor/browser';
@Component({
selector: 'app-logout-button',
template: `<ion-button (click)="logout()">Log Out</ion-button>`,
})
export class LogoutButtonComponent {
constructor(public auth: AuthService) {}
logout() {
this.auth
.logout({
logoutParams: {
returnTo: `YOUR_PACKAGE_ID://YOUR_AUTH0_DOMAIN/capacitor/YOUR_PACKAGE_ID/callback`,
},
async openUrl(url: string) {
await Browser.open({ url, windowName: '_self' });
},
})
.subscribe();
}
}
Agent instruction: After writing all code, verify the build succeeds:
bash
npm run build
npx cap sync
If the build fails, investigate errors and fix (up to 5-6 iterations). If still failing, use
to ask the user for help.