Skip to main content

Auth0

Only needed when self-hosting. The sandbox uses a pre-filled demo Auth0 tenant — see the Quick Start.

Auth0 handles user authentication. When a user signs in, Auth0 issues a JWT access token which the app passes to auth-svc to register and identify the user.

1. Create the Auth0 application

Sign in to the Auth0 dashboard and go to ApplicationsCreate Application.

Auth0 → Applications → Create Application

Choose React Native as the application type.

Select the React Native application type

Open the application's Settings tab and note the Domain and Client ID — you'll add these to .env in step 3.

Auth0 application Settings — Domain and Client ID

Then create the API + scopes by following the auth-svc Auth0 guide — the API and its scopes are shared with your backend. Come back here for the callback URLs, .env values, and optional login methods (Google SSO, Passkey) below.

2. Configure callback URLs

The app authenticates through Auth0's mobile SDK, which needs its redirect URLs allow-listed. In your Auth0 application's Settings, add both URLs below to Allowed Callback URLs and Allowed Logout URLs:

Auth0 application Settings — Allowed Callback URLs and Allowed Logout URLs

iOS

{YOUR_IOS_BUNDLE_ID}.auth0://{YOUR_AUTH0_DOMAIN}/ios/{YOUR_IOS_BUNDLE_ID}/callback

Android

{YOUR_ANDROID_PACKAGE_NAME}.auth0://{YOUR_AUTH0_DOMAIN}/android/{YOUR_ANDROID_PACKAGE_NAME}/callback

Replace the placeholders:

  • {YOUR_IOS_BUNDLE_ID} — the app's iOS bundle identifier from ios.bundleIdentifier in app.config.ts. The boilerplate default is com.silencelaboratories.boilerplate.silentshield.
  • {YOUR_ANDROID_PACKAGE_NAME} — the app's Android package name from android.package in app.config.ts. The boilerplate default is com.silencelaboratories.boilerplate.silentshield.
  • {YOUR_AUTH0_DOMAIN} — your Auth0 tenant domain (e.g. your-tenant.auth0.com).

Copy only the URL — don't include the "iOS" / "Android" labels.

3. Add values to .env

Copy your Auth0 Domain and Client ID, and your Auth0 API Identifier, into the app's .env:

EXPO_PUBLIC_AUTH0_DOMAIN=your-tenant.auth0.com
EXPO_PUBLIC_AUTH0_CLIENT_ID=your_client_id
EXPO_PUBLIC_AUTH0_AUDIENCE=silent-shard-boilerplate

EXPO_PUBLIC_AUTH0_AUDIENCE must exactly match the Identifier of your Auth0 API — which is also the AUTH0_AUDIENCE configured in auth-svc. A mismatch causes token verification to fail on the backend.

Optional: Enable offline access

Offline access lets the app receive a refresh token so the user's session persists without re-authenticating on every launch. The app already requests the offline_access scope — you just need to enable it on the Auth0 side:

  1. ApplicationsAPIs → your API → Settings → enable Allow Offline Access.
Auth0 API Settings — Allow Offline Access
  1. Applications → your application → SettingsAdvanced SettingsGrant Types → make sure Refresh Token is checked.
Auth0 application Advanced Settings — Grant Types with Refresh Token enabled

Once both are enabled, Auth0 returns a refresh token on login and the app keeps the user signed in across restarts.

Optional: Enable Google SSO

Let users sign in with their Google account:

  1. Go to AuthenticationSocialGoogle / Gmail.
  2. On the Applications tab, make sure the connection is enabled for your React Native application.
Auth0 Google social connection enabled for the application

For production, configure the Google connection with your own credentials — see the Auth0 Google connection docs.

Optional: Enable Passkey

Passkeys are configured on your database connection, not under Passwordless:

  1. Go to AuthenticationDatabase and select your database connection (e.g. Username-Password-Authentication).
  2. Open the Authentication Methods tab.
  3. In the Passkey section, click Configure, check Enable passkeys, then Save.
Auth0 Database connection — Authentication Methods with passkeys enabled

Passkeys require Universal Login with Identifier First authentication enabled at the tenant level. For production, see the Auth0 passkey docs.