Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs-staging.auth0-mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Auth0 Universal Components for Android allow you to build a self-service account security UI within your native Android application. With the AuthenticatorSettingsComponent, users can manage their own authentication methods — multi-factor authentication (MFA) factors, passkeys, and recovery codes — directly inside your application, without leaving for a web browser or contacting support.

How it works

The AuthenticatorSettingsComponent uses the Auth0 My Account API’s authentication methods to render an authentication-methods management UI inside your application.
The My Account API currently enforces low rate limits, especially on free-tier tenants. This may cause errors while using these components.
When an authenticated user opens their account settings screen, the Auth0.Android SDK retrieves an access token scoped to the My Account API audience. The AuthenticatorSettingsComponent uses the access token to call the My Account API /me/v1/authentication-methods endpoints as the logged-in user, so each user can only modify their own authentication methods.
  • The AuthenticatorSettingsComponent creates end-user self-service interfaces. End users can enroll, list, and remove every authentication method on their account: email OTP, SMS OTP, TOTP (authenticator application), push via Auth0 Guardian, passkeys, and recovery codes.
  • For delegated admin interfaces in which a user manages an Auth0 Organization, read Build a Delegated Admin Interface.

Prerequisites

Enable the My Account API

  1. Navigate to Dashboard > Applications > APIs.
  2. Select Activate My Account API to ensure it is enabled for your tenant.

Create an application and configure My Account API permissions

  1. Navigate to Dashboard > Applications.
  2. Select Create Application.
  3. Select Native.
  4. Select the Settings tab to add the following callback URLs in the Allowed Callback URLs: 
    https://YOUR_AUTH0_DOMAIN/android/YOUR_PACKAGE_NAME/callback, YOUR_SCHEME://YOUR_AUTH0_DOMAIN/android/YOUR_PACKAGE_NAME/callback
  5. Add the same URLs for the Allowed Logout URLs. 
    https://YOUR_AUTH0_DOMAIN/android/YOUR_PACKAGE_NAME/callback, YOUR_SCHEME://YOUR_AUTH0_DOMAIN/android/YOUR_PACKAGE_NAME/callback
  6. Select the API Access tab.
  7. Select Edit for the Auth0 My Account API to add the User-delegated Access permissions: create:me:authentication_methods read:me:authentication_methods update:me:authentication_methods delete:me:authentication_methods
  8. Select Save to save the permissions.
  • The user’s access token only includes permissions they were granted during login.
  • Request all four scopes if you want users to enroll, review, and remove authentication methods.

Install the SDK

Use Gradle to install the com.auth0.universalcomponents:universal-components package. For installation details and platform requirements, read Auth0 Universal Components for Android.

Initialize the SDK

To initialize the SDK, call the Auth0UniversalComponents.initialize(...) method once at application start, typically from your Application subclass or from onCreate in the launcher Activity.
MainActivity.kt
import com.auth0.android.Auth0
import com.auth0.android.authentication.AuthenticationAPIClient
import com.auth0.android.authentication.storage.CredentialsManager
import com.auth0.android.authentication.storage.SharedPreferencesStorage
import com.auth0.universalcomponents.Auth0UniversalComponents
import com.auth0.universalcomponents.token.DefaultTokenProvider

class MainActivity : ComponentActivity() {

    private val account by lazy {
        Auth0.getInstance(
            getString(R.string.com_auth0_client_id),
            getString(R.string.com_auth0_domain)
        )
    }

    private val credentialsManager by lazy {
        CredentialsManager(
            AuthenticationAPIClient(account),
            SharedPreferencesStorage(this)
        )
    }

    override fun onCreate(savedInstanceState: Bundle?) {
        super.onCreate(savedInstanceState)

        Auth0UniversalComponents.initialize(
            context = applicationContext,
            account = account,
            tokenProvider = DefaultTokenProvider(credentialsManager),
            scheme = getString(R.string.com_auth0_scheme),
            passkeyConfiguration = PasskeyConfiguration()
        )

        setContent { MyApp() }
    }
}

Configure the token provider

Use the DefaultTokenProvider, which wraps the Auth0.Android CredentialsManager, to request credentials from your application.
Auth0 recommends using the Auth0.Android’s CredentialsManager for production integrations. Implement a custom TokenProvider only if the Auth0.Android SDK does not meet your storage requirements.
To manage credentials outside the Auth0.Android SDK’s CredentialsManager, implement the interface directly: 
class AppTokenProvider : TokenProvider {
    override suspend fun fetchCredentials(): Credentials {
        // Return the user's login credentials.
    }
    override suspend fun fetchApiCredentials(
        audience: String,
        scope: String?
    ): APICredentials {
        // Return cached My Account API credentials, refreshing if expired.
    }
    override suspend fun saveApiCredentials(
        audience: String,
        credentials: APICredentials
    ) {
        // Persist the freshly issued API credentials.
    }
}
Users must be authenticated before you render any component. After the SDK is initialized and your TokenProvider is wired up, add the AuthenticatorSettingsComponent to your settings screen to give users full MFA, passkey, and recovery-code self-service.

Learn more

Auth Methods Management

Review the AuthenticatorSettingsComponent reference, supported factors, and Compose NavHost integration.

Customize style and themes

Override colors, typography, spacing, radius, and size tokens using the Auth0 design-token system.