;
};
export const AuthCodeGroup = ({children, dropdown}) => {
const [processedChildren, setProcessedChildren] = useState(children);
useEffect(() => {
let unsubscribe = null;
function init() {
unsubscribe = window.autorun(() => {
const processChildren = node => {
if (typeof node === "string") {
let processedNode = node;
for (const [key, value] of window.rootStore.variableStore.values.entries()) {
const escapedKey = key.replaceAll(/[.*+?^${}()|[\]\\]/g, (String.raw)`\$&`);
processedNode = processedNode.replaceAll(new RegExp(escapedKey, "g"), value);
}
return processedNode;
} else if (Array.isArray(node)) {
return node.map(processChildren);
} else if (node && node.props && node.props.children) {
return {
...node,
props: {
...node.props,
children: processChildren(node.props.children)
}
};
}
return node;
};
setProcessedChildren(processChildren(children));
});
}
if (window.rootStore) {
init();
} else {
window.addEventListener("adu:storeReady", init);
}
return () => {
window.removeEventListener("adu:storeReady", init);
unsubscribe?.();
};
}, [children]);
return {processedChildren};
};
If you use an AI coding assistant like Claude Code, Cursor, or GitHub Copilot, you can add Auth0 authentication automatically in minutes using [agent skills](https://agentskills.io/home).
First, install the Auth0 agent skills:
```bash theme={null}
npx skills add auth0/agent-skills --skill auth0-quickstart --skill auth0-ionic-react
```
Then, ask your AI assistant:
```text theme={null}
Add Auth0 authentication to my Ionic React app
```
Your AI assistant will automatically create your Auth0 application, fetch credentials, install the Auth0 React SDK and Capacitor plugins, configure deep linking, and implement login/logout flows with native browser integration. Learn more about [Auth0 agent skills](/docs/quickstart/agent-skills).
## Get Started
This quickstart demonstrates how to add Auth0 authentication to an Ionic React application with Capacitor. You'll build a mobile-ready app with login, logout, and user profile features using the Auth0 React SDK and Capacitor's native browser integration.
export const localEnvSnippet = `VITE_AUTH0_DOMAIN={yourDomain}
VITE_AUTH0_CLIENT_ID={yourClientId}`;
Create a new Ionic React app with Capacitor
```shellscript theme={null}
npx ionic start auth0-ionic-react tabs --type=react --capacitor
```
Open the project
```shellscript theme={null}
cd auth0-ionic-react
```
Make sure you're using the `@ionic/cli` package (not the deprecated `ionic` package). If you see errors about `--npm-client` during project creation, update your CLI:
```shellscript theme={null}
npm uninstall -g ionic
npm i -g @ionic/cli
```
If you already have an Ionic React app, make sure Capacitor is enabled. You can add it with `ionic integrations enable capacitor` and then `npx cap init`.
The Ionic starter template may scaffold `react@19.0.0`, which is not compatible with the Auth0 React SDK. First, ensure you have a supported React version:
```shellscript theme={null}
npm install react@^19.0.1 react-dom@^19.0.1
```
Then install the Auth0 SDK and Capacitor plugins:
```shellscript theme={null}
npm install @auth0/auth0-react @capacitor/browser @capacitor/app && npx cap sync
```
* [`@auth0/auth0-react`](https://github.com/auth0/auth0-react): Provides React hooks and components for Auth0 authentication
* [`@capacitor/browser`](https://capacitorjs.com/docs/apis/browser): Opens the login page in the device's system browser ([SFSafariViewController](https://developer.apple.com/documentation/safariservices/sfsafariviewcontroller) on iOS, [Chrome Custom Tabs](https://developer.chrome.com/docs/android/custom-tabs) on Android)
* [`@capacitor/app`](https://capacitorjs.com/docs/apis/app): Handles deep link callbacks when Auth0 redirects back to your app
Capacitor's Browser plugin on iOS uses `SFSafariViewController`, which on iOS 11+ does not share cookies with Safari on the device. This means [SSO](https://auth0.com/docs/sso) will not work on those devices. If you need SSO, use a compatible plugin that uses [ASWebAuthenticationSession](https://developer.apple.com/documentation/authenticationservices/aswebauthenticationsession).
Next up, you need to create a new app on your Auth0 tenant and add the environment variables to your project.
You have three options to set up your Auth0 app: use the Quick Setup tool (recommended), run a CLI command, or configure manually via the Dashboard.
Throughout this quickstart, `YOUR_PACKAGE_ID` is your application's package ID. This is the `appId` field in your `capacitor.config.ts` file (e.g. `io.ionic.starter`). See [Capacitor's Config schema](https://capacitorjs.com/docs/config#schema) for more info.
Create an Auth0 App and copy the pre-filled `.env` file with the right configuration values.
After creating the app, go to its **Settings** in the [Auth0 Dashboard](https://manage.auth0.com/dashboard/) and update the **Allowed Callback URLs** and **Allowed Logout URLs** to replace `YOUR_PACKAGE_ID` with your actual package ID and `YOUR_AUTH0_DOMAIN` with your Auth0 domain:
```text theme={null}
YOUR_PACKAGE_ID://YOUR_AUTH0_DOMAIN/capacitor/YOUR_PACKAGE_ID/callback
```
Also ensure the **Application Type** is set to **Native** and the **Token Endpoint Authentication Method** is set to **None**.
Run the following command in your project's root directory to create an Auth0 app and generate a `.env` file:
```shellscript Mac theme={null}
# Install Auth0 CLI (if not already installed)
brew tap auth0/auth0-cli && brew install auth0
# Set up Auth0 app and generate .env file
auth0 qs setup --app --type native --framework ionic-react --build-tool vite --name "My Ionic React App"
```
```powershell Windows theme={null}
# Install Auth0 CLI (if not already installed)
scoop bucket add auth0 https://github.com/auth0/scoop-auth0-cli.git
scoop install auth0
# Set up Auth0 app and generate .env file
auth0 qs setup --app --type native --framework ionic-react --build-tool vite --name "My Ionic React App"
```
This command will:
1. Check if you're authenticated (and prompt for login if needed)
2. Create an Auth0 Native application
3. Generate a `.env` file with `VITE_AUTH0_DOMAIN` and `VITE_AUTH0_CLIENT_ID`
Create a `.env` file with the values from the CLI output:
Before you start, create a `.env` file in your project's root directory
```shellscript .env theme={null}
VITE_AUTH0_DOMAIN=YOUR_AUTH0_APP_DOMAIN
VITE_AUTH0_CLIENT_ID=YOUR_AUTH0_APP_CLIENT_ID
```
1. Head to the [Auth0 Dashboard](https://manage.auth0.com/dashboard/)
2. Click on **Applications** > **Applications** > **Create Application**
3. In the popup, enter a name for your app, select `Native` as the app type and click **Create**
4. Switch to the **Settings** tab on the Application Details page
5. Replace `YOUR_AUTH0_APP_DOMAIN` and `YOUR_AUTH0_APP_CLIENT_ID` in the `.env` file with the **Domain** and **Client ID** values from the dashboard
6. Set the **Token Endpoint Authentication Method** to `None`
Finally, on the **Settings** tab of your Application Details page, configure the following URLs (replace `YOUR_PACKAGE_ID` with your `appId` from `capacitor.config.ts`):
**Allowed Callback URLs:**
```text theme={null}
YOUR_PACKAGE_ID://YOUR_AUTH0_DOMAIN/capacitor/YOUR_PACKAGE_ID/callback
```
**Allowed Logout URLs:**
```text theme={null}
YOUR_PACKAGE_ID://YOUR_AUTH0_DOMAIN/capacitor/YOUR_PACKAGE_ID/callback
```
**Allowed Origins:**
```text theme={null}
capacitor://localhost, http://localhost
```
**Allowed Callback URLs** are a critical security measure to ensure users are safely returned to your application after authentication. Without a matching URL, the login process will fail, and users will be blocked by an Auth0 error page instead of accessing your app.
**Allowed Logout URLs** are essential for providing a seamless user experience upon signing out. Without a matching URL, users will not be redirected back to your application after logout and will instead be left on a generic Auth0 page.
**Allowed Origins** (`capacitor://localhost` for iOS and `http://localhost` for Android) are required so your native app can communicate with the Auth0 API.
Verify your `.env` file exists: `cat .env` (Mac/Linux) or `type .env` (Windows)
Open `src/main.tsx` and wrap the `App` component with the `Auth0Provider`. The mobile-specific settings `useRefreshTokens` and `useRefreshTokensFallback` are required for Ionic apps on iOS and Android.
```javascript src/main.tsx {5,6,12,13,14,15,16,17,18,19} lines theme={null}
import React from 'react';
import { createRoot } from 'react-dom/client';
import App from './App';
import { Auth0Provider } from '@auth0/auth0-react';
// Must match the appId in your capacitor.config.ts
const appId = 'io.ionic.starter';
createRoot(document.getElementById('root')!).render(
);
```
* `useRefreshTokens`: Required for Ionic on Android and iOS. Mobile browsers block third-party cookies, so the SDK uses refresh tokens instead of iframe-based silent authentication.
* `useRefreshTokensFallback`: Must be `false` to prevent the SDK from attempting iframe-based silent auth, which is not available on mobile.
* `authorizationParams.redirect_uri`: Uses your package ID as a custom URL scheme so the OS can route the Auth0 callback back to your app.
To persist authentication after closing and reopening the application, you may want to set `cacheLocation` to `localstorage`, but be aware of [the risks of storing tokens in localstorage](https://auth0.com/docs/libraries/auth0-single-page-app-sdk#change-storage-options). On Capacitor, localstorage should be treated as **transient** — the OS may clear it unexpectedly. See [Capacitor's guidance on storage](https://capacitorjs.com/docs/guides/storage#why-cant-i-just-use-localstorage-or-indexeddb).
We recommend **against** using [Capacitor's Preferences plugin](https://capacitorjs.com/docs/apis/preferences) to store tokens, as it is backed by `UserDefaults` (iOS) and `SharedPreferences` (Android), which are not encrypted and could be synced to the cloud. The SDK supports [custom cache implementations](https://github.com/auth0/auth0-spa-js/blob/master/EXAMPLES.md#creating-a-custom-cache) if you need a more secure and persistent storage mechanism.
Create files
```shellscript Mac/Linux theme={null}
touch src/LoginButton.tsx && touch src/LogoutButton.tsx && touch src/Profile.tsx
```
```powershell Windows theme={null}
New-Item -ItemType File -Path src/LoginButton.tsx
New-Item -ItemType File -Path src/LogoutButton.tsx
New-Item -ItemType File -Path src/Profile.tsx
```
And add the following code snippets
```javascript src/LoginButton.tsx lines theme={null}
import { useAuth0 } from '@auth0/auth0-react';
import { Browser } from '@capacitor/browser';
import { IonButton } from '@ionic/react';
const LoginButton: React.FC = () => {
const { loginWithRedirect } = useAuth0();
const login = async () => {
await loginWithRedirect({
async openUrl(url) {
await Browser.open({
url,
windowName: "_self"
});
}
});
};
return Log in;
};
export default LoginButton;
```
```javascript src/LogoutButton.tsx lines theme={null}
import { useAuth0 } from '@auth0/auth0-react';
import { Browser } from '@capacitor/browser';
import { IonButton } from '@ionic/react';
const appId = 'io.ionic.starter';
const LogoutButton: React.FC = () => {
const { logout } = useAuth0();
const logoutUri = `${appId}://${import.meta.env.VITE_AUTH0_DOMAIN}/capacitor/${appId}/callback`;
const doLogout = async () => {
await logout({
logoutParams: {
returnTo: logoutUri,
},
async openUrl(url) {
await Browser.open({
url,
windowName: "_self"
});
}
});
};
return Log out;
};
export default LogoutButton;
```
```javascript src/Profile.tsx lines theme={null}
import { useAuth0 } from '@auth0/auth0-react';
import { IonAvatar, IonItem, IonLabel } from '@ionic/react';
const Profile: React.FC = () => {
const { user, isAuthenticated, isLoading } = useAuth0();
if (isLoading) {
return Loading profile...;
}
return (
isAuthenticated && user ? (
{
const target = e.target as HTMLImageElement;
target.src = `data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' width='100' height='100' viewBox='0 0 100 100'%3E%3Ccircle cx='50' cy='50' r='50' fill='%2363b3ed'/%3E%3Cpath d='M50 45c7.5 0 13.64-6.14 13.64-13.64S57.5 17.72 50 17.72s-13.64 6.14-13.64 13.64S42.5 45 50 45zm0 6.82c-9.09 0-27.28 4.56-27.28 13.64v3.41c0 1.88 1.53 3.41 3.41 3.41h47.74c1.88 0 3.41-1.53 3.41-3.41v-3.41c0-9.08-18.19-13.64-27.28-13.64z' fill='%23fff'/%3E%3C/svg%3E`;
}}
/>
)}
);
};
export default HomePage;
```
The `openUrl` callback in `LoginButton` and `LogoutButton` uses Capacitor's Browser plugin to open the Auth0 login and logout pages in the device's system browser component, rather than navigating away from the app entirely.
The `App` component listens for the `appUrlOpen` event, which fires when Auth0 redirects back to your app using the custom URL scheme. It calls `handleRedirectCallback` to exchange the authorization code for tokens, then closes the browser.
By default, the SDK's `loginWithRedirect` method uses `window.location.href` to navigate to the login page, which opens the device's default browser application. Setting `openUrl` to use `Browser.open` keeps the authentication flow within your app's context for a better user experience.
Test in the browser first
```shellscript theme={null}
ionic serve
```
When running in the browser with `ionic serve`, the custom URL scheme redirect (`io.ionic.starter://...`) won't work because browsers cannot handle custom URL schemes. For browser testing, temporarily change `redirect_uri` to `http://localhost:8100` in `src/main.tsx` and add `http://localhost:8100` to your Auth0 app's **Allowed Callback URLs** and **Allowed Logout URLs** in the Dashboard. Remember to revert this change before building for native.
To run on a device or simulator, first add the native platforms:
```shellscript theme={null}
npx cap add ios
npx cap add android
```
Then build, sync, and run:
```shellscript iOS theme={null}
ionic build && npx cap sync && npx cap run ios
```
```shellscript Android theme={null}
ionic build && npx cap sync && npx cap run android
```
You must add native platforms with `npx cap add` before you can run on them. This only needs to be done once per platform. After that, `npx cap sync` copies your built web assets and updates native plugins.
**Checkpoint**
You should now have a fully functional Auth0 login running in your Ionic app. When running on a device, tapping "Log in" opens the Auth0 Universal Login Page in the system browser, and after authenticating, you're redirected back to your app with the user's profile displayed.
***
## Advanced Usage
For Auth0 callbacks to work on devices, register your package ID as a custom URL scheme on each platform.
**iOS** — add to `ios/App/App/Info.plist`:
```xml ios/App/App/Info.plist theme={null}
CFBundleURLTypesCFBundleURLSchemesio.ionic.starter
```
**Android** — add an intent filter inside the main `` in `android/app/src/main/AndroidManifest.xml`:
```xml android/app/src/main/AndroidManifest.xml theme={null}
```
Replace `io.ionic.starter` with your actual `appId` from `capacitor.config.ts`.
To learn more, read [Defining a Custom URL Scheme](https://developer.apple.com/documentation/xcode/defining-a-custom-url-scheme-for-your-app) for iOS, or [Create Deep Links to App Content](https://developer.android.com/training/app-links/deep-linking) for Android.
Use Auth0's authentication state to protect specific routes in your Ionic application:
```jsx src/App.tsx theme={null}
import { useAuth0, withAuthenticationRequired } from '@auth0/auth0-react';
import { IonReactRouter } from '@ionic/react-router';
import { IonRouterOutlet } from '@ionic/react';
import { Route, Redirect } from 'react-router-dom';
import HomePage from './pages/Home';
import DashboardPage from './pages/Dashboard';
const ProtectedRoute = ({ component, ...args }: any) => {
const Component = withAuthenticationRequired(component, {
onRedirecting: () =>
Loading...
,
});
return } />;
};
const App: React.FC = () => {
// ... callback handler from previous step
return (
);
};
```
The `withAuthenticationRequired` HOC automatically redirects unauthenticated users to the Auth0 login page when they try to access a protected route.
Configure your Auth0Provider to include an API audience and use the `getAccessTokenSilently` method to get access tokens for your backend:
```jsx src/main.tsx theme={null}
```
Then make authenticated API calls from your components:
```jsx src/ApiCall.tsx theme={null}
import { useState } from 'react';
import { useAuth0 } from '@auth0/auth0-react';
import { IonButton, IonText } from '@ionic/react';
const ApiCall: React.FC = () => {
const { getAccessTokenSilently } = useAuth0();
const [result, setResult] = useState(null);
const callApi = async () => {
try {
const token = await getAccessTokenSilently();
const response = await fetch('https://your-api.example.com/protected', {
headers: {
Authorization: `Bearer ${token}`
}
});
const data = await response.json();
setResult(JSON.stringify(data, null, 2));
} catch (error) {
console.error('API call failed:', error);
}
};
return (