Labsco
auth0 logo

auth0-maui

37

by auth0 · part of auth0/agent-skills

Use when adding Auth0 login, logout, or token management to a .NET MAUI cross-platform app (iOS, Android, macOS, or Windows). Integrates Auth0.OidcClient.MAUI — use even if the user says "add login to my MAUI app".

🧩 One of 7 skills in the auth0/agent-skills package — works on its own, and pairs well with its siblings.

This is the playbook your agent receives when the skill activates — you don't need to read it to use the skill, but it's here to audit before installing.

auth0-maui Integration

Add Auth0 authentication to .NET MAUI applications targeting iOS, Android, macOS, and Windows. This skill integrates the Auth0.OidcClient.MAUI NuGet package which uses the system browser via MAUI's WebAuthenticator for secure OIDC-based login and logout flows with PKCE.

Agent instruction: Before providing SDK setup instructions, fetch the latest MAUI release version by running:

gh api repos/auth0/auth0-oidc-client-net/releases --jq '[.[] | select(.tag_name | startswith("maui-")) | .tag_name | ltrimstr("maui-")] | .[0]'

Use the returned version in all dependency lines instead of any hardcoded version below.

When NOT to Use

Use CaseRecommended Skill
ASP.NET Core server-side web appauth0-aspnetcore-authentication
ASP.NET Core Web API (JWT validation)auth0-aspnetcore-api
React Native mobile appauth0-react-native
iOS-only Swift appauth0-swift
Android-only Kotlin appauth0-android
Expo React Native appauth0-expo

Done When

  • Auth0.OidcClient.MAUI package installed
  • Auth0Client configured with Domain, ClientId, and Scope including offline_access
  • URL scheme registered on Android (WebAuthenticatorCallbackActivity) and Windows (Package.appxmanifest)
  • Callback URL (myapp://callback) added to Auth0 Dashboard Allowed Callback URLs and Allowed Logout URLs
  • Login/logout flow working
  • Refresh token persisted via SecureStorage.Default.SetAsync after login
  • Session restoration implemented via SecureStorage.Default.GetAsync + RefreshTokenAsync on app startup
  • Build succeeds with no errors
  • Tested on physical device or emulator/simulator

Detailed Documentation

  • Setup Guide — Auth0 tenant configuration, SDK installation, platform-specific callback setup
  • Integration Patterns — Login/logout flows, token refresh, user profile, error handling, MVVM patterns
  • API Reference & Testing — Full Auth0ClientOptions reference, claims, testing checklist, troubleshooting

Testing Notes

Agent instruction: Remind the user to test on a physical device in addition to emulators/simulators. Some WebAuthenticator behaviors (system browser integration, URL scheme interception) may differ on physical devices vs. emulators. Test the full login → callback → token flow on real hardware before shipping.

Testing Checklist:

  • Login flow: System browser opens → authenticate → returns to app
  • Logout flow: Browser opens → session cleared → returns to app
  • Token refresh: RefreshTokenAsync with stored refresh token works
  • Cancel: User cancels login → app handles UserCancel gracefully
  • Physical device: Test on real iOS/Android device (not just simulator)
  • Offline: Verify token refresh works when the app is restarted
  • Multi-platform: Test on at least one mobile platform (iOS or Android) and Windows
  • auth0-aspnetcore-authentication — ASP.NET Core server-side web apps
  • auth0-aspnetcore-api — ASP.NET Core Web API with JWT validation
  • auth0-android — Android-native Kotlin apps
  • auth0-swift — iOS/macOS Swift apps
  • auth0-react-native — React Native mobile apps
  • auth0-net-android-ios — .NET Android/iOS (non-MAUI)

Quick Reference

using Auth0.OidcClient;

// Initialize client
var client = new Auth0Client(new Auth0ClientOptions
{
    Domain = "YOUR_AUTH0_DOMAIN",
    ClientId = "YOUR_AUTH0_CLIENT_ID",
    RedirectUri = "myapp://callback",
    PostLogoutRedirectUri = "myapp://callback",
    Scope = "openid profile email offline_access"
});

// Login — opens system browser
var loginResult = await client.LoginAsync();
if (!loginResult.IsError)
{
    var user = loginResult.User;
    var accessToken = loginResult.AccessToken;
    var idToken = loginResult.IdentityToken;
    var refreshToken = loginResult.RefreshToken;

    // Access user claims
    var name = user.FindFirst("name")?.Value;
    var email = user.FindFirst("email")?.Value;

    // Persist refresh token securely for session restoration
    if (!string.IsNullOrEmpty(refreshToken))
        await SecureStorage.Default.SetAsync("refresh_token", refreshToken);
}

// Logout — clears Auth0 session and stored tokens
await client.LogoutAsync();
SecureStorage.Default.Remove("refresh_token");

// Restore session on app startup (no user interaction needed)
var savedToken = await SecureStorage.Default.GetAsync("refresh_token");
if (!string.IsNullOrEmpty(savedToken))
{
    var refreshResult = await client.RefreshTokenAsync(savedToken);
    if (!refreshResult.IsError)
    {
        var newAccessToken = refreshResult.AccessToken;
        // Update stored token if rotated
        if (!string.IsNullOrEmpty(refreshResult.RefreshToken))
            await SecureStorage.Default.SetAsync("refresh_token", refreshResult.RefreshToken);
    }
    else
    {
        // Refresh failed — clear and require re-login
        SecureStorage.Default.Remove("refresh_token");
    }
}

// Get user info from /userinfo endpoint
var userInfo = await client.GetUserInfoAsync(accessToken);

// Login with extra parameters (organization, audience, connection)
var orgLogin = await client.LoginAsync(new { organization = "org_abc123" });
var apiLogin = await client.LoginAsync(new { audience = "https://my-api.example.com" });

Android Callback Activity (Required)

[Activity(NoHistory = true, LaunchMode = LaunchMode.SingleTop, Exported = true)]
[IntentFilter(new[] { Intent.ActionView },
    Categories = new[] { Intent.CategoryDefault, Intent.CategoryBrowsable },
    DataScheme = CALLBACK_SCHEME)]
public class WebAuthenticatorActivity : Microsoft.Maui.Authentication.WebAuthenticatorCallbackActivity
{
    const string CALLBACK_SCHEME = "myapp";
}

Windows Platform Setup (Required — Both Steps)

Step 1: Register protocol in Platforms/Windows/Package.appxmanifest:

<Extensions>
  <uap:Extension Category="windows.protocol">
    <uap:Protocol Name="myapp"/>
  </uap:Extension>
</Extensions>

Step 2: Handle redirection in Platforms/Windows/App.xaml.cs:

// In Platforms/Windows/App.xaml.cs
public App()
{
    if (Auth0.OidcClient.Platforms.Windows.Activator.Default.CheckRedirectionActivation())
        return;
    this.InitializeComponent();
}

References