Skip to main content

Auth0

Auth0 handles user authentication. When a user signs in, Auth0 issues a JWT access token which the app passes to auth-svc to register and identify the user.

A.1 Create an Auth0 account and application

  1. Sign up at auth0.com — the free tier is sufficient for development.

  2. Go to ApplicationsCreate Application.

    • Choose Native as the application type (required for mobile).
    • Note down the Domain and Client ID.

  3. Under your application's Settings, scroll to Advanced SettingsGrant Types and make sure Refresh Token is enabled. This allows the offline_access scope to work, which keeps users signed in across app restarts.

A.2 Create an API

  1. Go to ApplicationsAPIsCreate API.
  2. Set a Name (e.g. auth-svc-api) and an Identifier — this is a logical name for your API, not a real URL (e.g. silent-shard-boilerplate). The identifier becomes your AUTH0_AUDIENCE.
  3. In the API's Settings tab, enable Allow Offline Access. This lets the app request refresh tokens for your API when it asks for the offline_access scope.
  4. Under the Permissions tab, add the following custom API scopes:
ScopeDescription
write:backupCreate / update keyshare backups
read:backupRetrieve keyshare backups
read:transactionsView transaction history
write:devicesRegister / update devices
read:devicesView registered devices
write:faceRegister face biometric
read:faceView face registration status

A.3 Configure callback URLs

Under your application's Settings, add the following to Allowed Callback URLs and Allowed Logout URLs:

# iOS
{YOUR_BUNDLE_ID}.auth0://{YOUR_AUTH0_DOMAIN}/ios/{YOUR_BUNDLE_ID}/callback

# Android
{YOUR_PACKAGE_NAME}.auth0://{YOUR_AUTH0_DOMAIN}/android/{YOUR_PACKAGE_NAME}/callback

Replace {YOUR_BUNDLE_ID} and {YOUR_PACKAGE_NAME} with the values from your app.config.ts.

A.4 Optional: Enable Google SSO

  1. Go to AuthenticationSocialCreate ConnectionGoogle / Gmail.
  2. Provide your Google OAuth web client credentials (from Google setup).
  3. Enable the connection for your Native application.

A.5 Optional: Enable Passkey

  1. Go to AuthenticationPasswordless.
  2. Enable Passkey and follow the setup wizard.

A.6 Add values to .env

EXPO_PUBLIC_AUTH0_DOMAIN=your-tenant.auth0.com
EXPO_PUBLIC_AUTH0_CLIENT_ID=your_client_id
EXPO_PUBLIC_AUTH0_AUDIENCE=silent-shard-boilerplate

The EXPO_PUBLIC_AUTH0_AUDIENCE value must exactly match the Identifier configured in your Auth0 API. A mismatch causes token verification to fail on the backend.