Social sign-in for native and mobile apps
Overview
This page covers how to implement social sign-in for native applications via OIDC and OAuth 2.0. The user interaction looks like this:
- The user is presented with a login or registration screen that includes a social sign-in button.
- The user clicks the social sign-in button. A browser window opens (using ASWebAuthenticationSession on iOS or Custom Tabs on Android).
- The user authenticates with the identity provider and grants the application access to profile information.
- The user is redirected back to the application and is logged in.
Apple and Google support a more tightly integrated login experience for native apps. See the documentation on Apple social sign-in and Google social sign-in for more information.
The native app authentication flow
From a high level, the native app initializes a login or registration flow and receives the first part of the session token exchange code from the Ory Network. After the user performed the social sign-in, the user is redirected back to the native application via an iOS Universal Link or Android App Link. The native application then exchanges the session token exchange code for a session token.
As part of this flow, Ory will redirect the browser to a callback. In this demo, we use the redirect URL
http://localhost:19006/Callback
. Please ensure that this redirect URL is allowed. Go
to Branding → Browser redirects in the Ory Console to allow it.
The flow looks like this:
Implementation
The following sections describe how to implement the native app authentication flow. The code examples are written in TypeScript for React Native. The steps refer to the steps in the flow diagram above.
Steps 1-5: Create an API flow with return_session_token_exchange_code=true
The user opens the login screen (1) and the native application initializes a login or registration flow through the Ory Network APIs (2) with the following parameters:
- The flow is of type
api
. - The
return_to
parameter is set to the URL of the native application. This URL is used to redirect the user back to the app after the social sign-in. - The
return_session_token_exchange_code
parameter is set totrue
to receive the session token exchange code in the response (3).
Upon rendering the form, the user selects the specific social sign-in provider (4). The native application submits the form to the Ory Network (5).