Authenticate
Manage Users
Customize
Auth0 AI
PlatformTheDocumentation Index
Fetch the complete documentation index at: https://docs-staging.auth0-mintlify.app/llms.txt
Use this file to discover all available pages before exploring further.
MyAccountAuthMethodsView component can render the Auth0 passkey enrollment flow.
The passkey enrollment flow renders an educational screen, a WebAuthn registration handshake with the platform authenticator, and the enrolled-factor entry in the authenticator list.
Unlike other factors, passkeys require application-side platform entitlements that the Universal Components for iOS SDK cannot configure.
Prerequisites
To enable passkey support in the Universal Components for iOS SDK:- Configure a custom domain on your Auth0 tenant. Passkeys require a custom domain, which serves the Apple App Site Association (AASA) file that binds passkey credentials to your application.
- Enable passkeys on your Auth0 database connection. To learn how to enable passkeys in your Auth0 tenant, read Configure Passkeys.
- Register your Apple Team ID and Bundle ID in your Auth0 application. To learn more, read Native Passkeys for Mobile Applications.
- Install and configure Universal Components for iOS. To install Universal Components, configure your Auth0 tenant, and initialize the SDK, read Build a Self-Service Account Security Interface.
- Confirm OS version. Passkeys are supported on devices running iOS 16.6+, macOS 13.5+, or visionOS 1.0+.
Platform setup
Add the associated domain in Xcode
After registering your Apple Team ID and Bundle ID in your Auth0 application’s Device Settings, Auth0 serves the AASA file from your custom domain. Add your Auth0 custom domain to the application:- Open Xcode.
- Select your target’s Signing & Capabilities.
- Add a Capability and select Associated Domains.
-
Enter your Auth0 custom domain:
-
Confirm that Signing & Capabilities → Team matches the Apple Team ID you registered in your Auth0 application’s Device Settings, and that the target’s Bundle Identifier matches the registered Bundle ID exactly. iOS performs a case-sensitive byte-for-byte match — for example,
com.example.OAuth2is not the same ascom.example.oauth2.
During development, Apple’s CDN can cache stale AASA files for hours after you change Device Settings.To fetch the AASA directly from your tenant during development, append
?mode=developer to the entitlement (for example, webcredentials:YOUR_AUTH0_DOMAIN?mode=developer) and enable Settings → Developer → Associated Domains Development on the device.Test on a physical device, the iOS Simulator does not reliably honor associated-domain configuration. Remove the ?mode=developer suffix before shipping a release build.SDK limitations
-
Passkeys can only be enrolled from inside the
MyAccountAuthMethodsViewcomponent. There is no public SwiftUI API to trigger a standalone passkey enrollment from elsewhere in your application. Post-login “save a passkey” upsell prompts are not supported. You can track ui-components-ios for updates. - Removing a passkey in the component does not purge the OS credential store. The enrolled passkey detaches from the Auth0 account, but the private credential remains in iCloud Keychain until the user removes it from the OS-level credential manager.
-
Attestation conveyance is not surfaced. The SDK does not let you select the attestation policy (
none/indirect/direct) or enumerate authenticator transports. It uses the Auth0 tenant’s configured WebAuthn policy.
Learn more
Auth Methods Management
Review the
MyAccountAuthMethodsView component reference and the full list of supported factors.Build a Self-Service Account Security Interface
Initialize the SDK and wire the token provider to your Auth0 tenant.