login method

Future<Credentials> login({
  1. String? audience,
  2. Set<String> scopes = const {'openid', 'profile', 'email', 'offline_access'},
  3. String? redirectUrl,
  4. String? organizationId,
  5. String? invitationUrl,
  6. bool useHTTPS = false,
  7. bool useEphemeralSession = false,
  8. Map<String, String> parameters = const {},
  9. IdTokenValidationConfig idTokenValidationConfig = const IdTokenValidationConfig(),
  10. SafariViewController? safariViewController,
})

Redirects the user to the Auth0 Universal Login page for authentication. If successful, it returns a set of tokens, as well as the user's profile (constructed from ID token claims).

If redirectUrl is not specified, a default URL is used that incorporates the domain value specified to Auth0.new, and scheme on Android, or the bundle identifier in iOS/macOS. redirectUrl must appear in your Allowed Callback URLs list for the Auth0 app. Read more about redirecting users.

How the ID token is validated can be configured using idTokenValidationConfig, but in general the defaults for this are adequate.

Additional notes:

  • audience relates to the API Identifier you want to reference in your access tokens. See API settings to learn more.
  • scopes defaults to openid profile email offline_access. You can override these scopes, but openid is always requested regardless of this setting.
  • Arbitrary parameters can be specified and then picked up in a custom Auth0 Action or Rule.
  • If you want to log into a specific organization, provide the organizationId. Provide invitationUrl if a user has been invited to join an organization.
  • (iOS only): safariViewController causes SFSafariViewController to be used when opening the Universal Login page, as an alternative to the default ASWebAuthenticationSession. You will also need to configure your iOS app to automatically resume the Web Auth operation after login.
  • (iOS/macOS only): useHTTPS controls whether to use https as the scheme for the redirect URL on iOS 17.4+ and macOS 14.4+. When set to true, the bundle identifier of the app will be used as a custom scheme on older versions of iOS and macOS. Requires an Associated Domain configured with the webcredentials service type, set to your Auth0 domain –or custom domain, if you have one.
  • (iOS/macOS only): useEphemeralSession controls whether shared persistent storage is used for cookies. Read more on the effects this setting has.

Implementation

Future<Credentials> login(
    {final String? audience,
    final Set<String> scopes = const {
      'openid',
      'profile',
      'email',
      'offline_access'
    },
    final String? redirectUrl,
    final String? organizationId,
    final String? invitationUrl,
    final bool useHTTPS = false,
    final bool useEphemeralSession = false,
    final Map<String, String> parameters = const {},
    final IdTokenValidationConfig idTokenValidationConfig =
        const IdTokenValidationConfig(),
    final SafariViewController? safariViewController}) async {
  final credentials = await Auth0FlutterWebAuthPlatform.instance.login(
      _createWebAuthRequest(WebAuthLoginOptions(
          audience: audience,
          scopes: scopes,
          redirectUrl: redirectUrl,
          organizationId: organizationId,
          invitationUrl: invitationUrl,
          parameters: parameters,
          idTokenValidationConfig: idTokenValidationConfig,
          scheme: _scheme,
          useHTTPS: useHTTPS,
          useEphemeralSession: useEphemeralSession,
          safariViewController: safariViewController)));

  await _credentialsManager?.storeCredentials(credentials);

  return credentials;
}