Skills oidc-hosted-page-ios
Implement passwordless authentication in native iOS/Swift applications using MojoAuth OIDC with AppAuth.
install
source · Clone the upstream repo
git clone https://github.com/MojoAuth/skills
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/MojoAuth/skills "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/authentication/oidc-hosted-page-ios" ~/.claude/skills/mojoauth-skills-oidc-hosted-page-ios && rm -rf "$T"
manifest:
skills/authentication/oidc-hosted-page-ios/SKILL.mdsource content
Implement MojoAuth OIDC (iOS / Swift)
This expert AI assistant guide walks you through integrating passwordless authentication into an existing iOS application using MojoAuth's Hosted Login Page as an OIDC identity provider via AppAuth for iOS. MojoAuth handles all authentication methods (Magic Links, Email OTP, SMS OTP, Social Login, Passkeys) through its hosted page.
1. Prerequisites
- An existing iOS 15+ application (Swift 5.7+) with a login screen.
- Xcode 14+ installed.
- An active MojoAuth account.
- MojoAuth OIDC Setup Guide
- Required library:
.openid/AppAuth-iOS
2. Implementation Steps
Step 1: Configure Application in MojoAuth
- Log in to the MojoAuth Dashboard.
- Note your MojoAuth Domain (e.g.,
).your-app.mojoauth.com - Configure the callback URI using a custom scheme (e.g.,
).com.example.myapp://auth/callback - Retrieve Client ID.
- Enable your preferred authentication methods.
Note: For native/mobile apps, use Authorization Code with PKCE (no Client Secret on the device).
Step 2: Modify the Existing iOS Project
Substep 2.1: Add Dependencies
Add AppAuth via Swift Package Manager:
- In Xcode, go to File > Add Package Dependencies.
- Enter:
.https://github.com/openid/AppAuth-iOS.git - Select the latest stable version and add to your target.
Or via CocoaPods:
# Podfile pod 'AppAuth'
pod install
Substep 2.2: Configure URL Scheme
Add a custom URL scheme in your
Info.plist<key>CFBundleURLTypes</key> <array> <dict> <key>CFBundleURLSchemes</key> <array> <string>com.example.myapp</string> </array> <key>CFBundleURLName</key> <string>com.example.myapp</string> </dict> </array>
Substep 2.3: Configure OIDC
Create an auth configuration helper (e.g.,
AuthConfig.swift// AuthConfig.swift import Foundation struct AuthConfig { static let issuerURL = URL(string: "https://your-app.mojoauth.com")! static let clientID = "your_client_id" static let redirectURI = URL(string: "com.example.myapp://auth/callback")! static let scopes = ["openid", "profile", "email"] }
Substep 2.4: Create Auth Manager
Create a centralised auth manager (e.g.,
AuthManager.swift// AuthManager.swift import UIKit import AppAuth class AuthManager: NSObject { static let shared = AuthManager() var currentAuthorizationFlow: OIDExternalUserAgentSession? var authState: OIDAuthState? func login(from viewController: UIViewController, completion: @escaping (Result<OIDAuthState, Error>) -> Void) { // Discover OIDC configuration OIDAuthorizationService.discoverConfiguration(forIssuer: AuthConfig.issuerURL) { config, error in guard let config = config else { completion(.failure(error ?? NSError(domain: "OIDC", code: -1, userInfo: [NSLocalizedDescriptionKey: "Discovery failed"]))) return } // Build authorization request let request = OIDAuthorizationRequest( configuration: config, clientId: AuthConfig.clientID, scopes: AuthConfig.scopes, redirectURL: AuthConfig.redirectURI, responseType: OIDResponseTypeCode, additionalParameters: nil ) // Launch auth flow — opens MojoAuth Hosted Login Page self.currentAuthorizationFlow = OIDAuthState.authState( byPresenting: request, presenting: viewController ) { authState, error in if let authState = authState { self.authState = authState print("Authenticated! Access Token: \(authState.lastTokenResponse?.accessToken ?? "nil")") completion(.success(authState)) } else { print("OIDC Error: \(error?.localizedDescription ?? "Unknown error")") completion(.failure(error ?? NSError(domain: "OIDC", code: -1))) } } } } func logout() { authState = nil } }
Substep 2.5: Handle Redirect in AppDelegate / SceneDelegate
// AppDelegate.swift (or SceneDelegate.swift) import AppAuth // In AppDelegate: func application(_ app: UIApplication, open url: URL, options: [UIApplication.OpenURLOptionsKey: Any] = [:]) -> Bool { if let flow = AuthManager.shared.currentAuthorizationFlow, flow.resumeExternalUserAgentFlow(with: url) { AuthManager.shared.currentAuthorizationFlow = nil return true } return false } // If using SceneDelegate: func scene(_ scene: UIScene, openURLContexts URLContexts: Set<UIOpenURLContext>) { guard let url = URLContexts.first?.url else { return } if let flow = AuthManager.shared.currentAuthorizationFlow, flow.resumeExternalUserAgentFlow(with: url) { AuthManager.shared.currentAuthorizationFlow = nil } }
Substep 2.6: Update Login View Controller
Since MojoAuth handles all authentication on its Hosted Login Page, your login screen only needs a "Sign In" button:
// LoginViewController.swift import UIKit class LoginViewController: UIViewController { private let signInButton = UIButton(type: .system) override func viewDidLoad() { super.viewDidLoad() setupUI() } private func setupUI() { view.backgroundColor = .systemBackground title = "Welcome" let titleLabel = UILabel() titleLabel.text = "Welcome" titleLabel.font = .systemFont(ofSize: 28, weight: .bold) titleLabel.textAlignment = .center let subtitleLabel = UILabel() subtitleLabel.text = "Sign in with your preferred method" subtitleLabel.font = .systemFont(ofSize: 14) subtitleLabel.textColor = .secondaryLabel subtitleLabel.textAlignment = .center signInButton.setTitle("Sign In with MojoAuth", for: .normal) signInButton.addTarget(self, action: #selector(handleSignIn), for: .touchUpInside) signInButton.titleLabel?.font = .systemFont(ofSize: 17, weight: .semibold) let poweredByLabel = UILabel() poweredByLabel.text = "Powered by MojoAuth" poweredByLabel.font = .systemFont(ofSize: 12) poweredByLabel.textColor = .tertiaryLabel poweredByLabel.textAlignment = .center let stack = UIStackView(arrangedSubviews: [titleLabel, subtitleLabel, signInButton, poweredByLabel]) stack.axis = .vertical stack.spacing = 16 stack.translatesAutoresizingMaskIntoConstraints = false view.addSubview(stack) NSLayoutConstraint.activate([ stack.centerYAnchor.constraint(equalTo: view.centerYAnchor), stack.leadingAnchor.constraint(equalTo: view.leadingAnchor, constant: 24), stack.trailingAnchor.constraint(equalTo: view.trailingAnchor, constant: -24), ]) } @objc private func handleSignIn() { AuthManager.shared.login(from: self) { result in DispatchQueue.main.async { switch result { case .success: let dashboard = DashboardViewController() self.navigationController?.pushViewController(dashboard, animated: true) case .failure(let error): let alert = UIAlertController(title: "Error", message: error.localizedDescription, preferredStyle: .alert) alert.addAction(UIAlertAction(title: "OK", style: .default)) self.present(alert, animated: true) } } } } }
Step 3: Test the Implementation
- Run on a simulator or device.
- Tap "Sign In with MojoAuth".
- A browser/ASWebAuthenticationSession opens to the MojoAuth Hosted Login Page.
- Authenticate using any available method.
- Verify you are redirected back to the app and into the Dashboard.
3. Additional Considerations
- Security: PKCE is handled automatically by AppAuth. Never embed Client Secrets in mobile apps.
- Token Storage: Use the iOS Keychain to store tokens securely.
- SwiftUI: For SwiftUI apps, wrap the
call in a coordinator or useOIDAuthState.authState(byPresenting:)
directly.ASWebAuthenticationSession
4. Support
- MojoAuth Documentation: mojoauth.com/docs
- Library Documentation: Refer to the AppAuth for iOS documentation.