> ## Documentation Index
> Fetch the complete documentation index at: https://docs-staging-quickstart-revamp.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

> Learn about the different login options for native mobile applications.

# Native Login

Native mobile applications can use native or browser-based login flows.

In a **browser-based** login flow, the user is shown a web browser and redirected to the Auth0 login page for sign up or log in. For example: an iOS application opens a SafariViewController or an Android application opens a Custom Chrome Tab.

With a **native** login flow, the user signs up or enters their credentials directly into the app.

Regardless of which option you choose, Auth0 supports either.

## Browser-based login

* [Android Quickstart](/docs/quickstart/native/android)
* [iOS Swift Quickstart](/docs/quickstart/native/ios-swift)

## Native embedded login

If you prefer to embed your own login pages within your native/mobile app, you can implement our login widget, Lock, directly into your app with:

* [Lock.swift](/docs/libraries/lock-swift)
* [Lock.Android](/docs/libraries/lock-android)

Examples of native apps with embedded login:

* [Android](https://github.com/auth0-samples/auth0-android-sample/tree/embedded-login)
* [iOS](https://github.com/auth0-samples/auth0-ios-swift-sample/tree/embedded-login/01-Embedded-Login)

### Passwordless

[Embedded Passwordless Login in Native Applications](/docs/authenticate/passwordless/implement-login/embedded-login/native)

### Considerations

* Phishing/security concerns: an unauthorized party could decompile or intercept traffic to/from your application to get the <Tooltip tip="Client ID: Identification value given to your registered resource from Auth0." cta="View Glossary" href="/docs/glossary?term=Client+ID">Client ID</Tooltip> and authentication URL. With this information the unauthorized party could create a rogue application, upload it to an application store, and use it to phish for usernames, passwords, and <Tooltip tip="Access Token: Authorization credential, in the form of an opaque string or JWT, used to access an API." cta="View Glossary" href="/docs/glossary?term=Access+Tokens">Access Tokens</Tooltip>.
* <Tooltip tip="Single Sign-On (SSO): Service that, after a user logs into one applicaton, automatically logs that user in to other applications." cta="View Glossary" href="/docs/glossary?term=SSO">SSO</Tooltip>: users have to enter their credentials for each application.

  * Can implement SSO with native apps by storing refresh tokens on a shared keychain, but this is not compliant with the OAuth 2.0 specifications.
* Takes more time to implement
* No automatic improvements when Auth0 adds new features, have to update app code to take advantage of new features vs UL
* Not compliant with <Tooltip tip="OAuth 2.0: Authorization framework that defines authorization protocols and workflows." cta="View Glossary" href="/docs/glossary?term=OAuth+2.0">OAuth 2.0</Tooltip> best practices

  * [RFC 8252 OAuth 2.0 for Native Apps](https://tools.ietf.org/html/rfc8252): authorization requests from native apps should only be made through external user-agents, primarily the user's browser

## Native social login

You can add functionality to your native app letting users authenticate with social <Tooltip tip="Identity Provider (IdP): Service that stores and manages digital identities." cta="View Glossary" href="/docs/glossary?term=identity+providers">identity providers</Tooltip> natively, within the application:

Facebook Login:

* [Add Facebook Login to Native Apps](/docs/authenticate/identity-providers/social-identity-providers/facebook-native)
* [Android - Facebook Login](/docs/quickstart/native/android-facebook-login)
* [iOS Swift - Facebook Login](/docs/quickstart/native/ios-swift)

Sign In with Apple:

* [iOS Swift - Sign In With Apple](/docs/quickstart/native/ios-swift)
* [Add Sign In with Apple to Native iOS Apps](/docs/authenticate/identity-providers/social-identity-providers/apple-native)

### Rate limits

Limits are only applied to requests related to the Native Social Login flows, which are identified based on the body of the requests with the following initial criteria:

<table class="table">
  <thead>
    <tr>
      <th>Request Type</th>
      <th>Body</th>
    </tr>
  </thead>

  <tbody>
    <tr>
      <td><code>grant\_type</code></td>
      <td><code>urn:ietf:params:oauth:grant-type:token-exchange</code></td>
    </tr>

    <tr>
      <td><code>subject\_token\_type</code></td>
      <td><code>[http://auth0.com/oauth/token-type/apple-authz-code](http://auth0.com/oauth/token-type/apple-authz-code)</code></td>
    </tr>
  </tbody>
</table>

#### Limits for production tenants of paying customers

<table class="table">
  <thead>
    <tr>
      <th>Endpoint</th>
      <th>Path</th>
      <th>Limited By</th>
      <th>Rate Limit</th>
    </tr>
  </thead>

  <tbody>
    <tr>
      <td>Get Token</td>
      <td><code>/oauth/token</code></td>
      <td>Any native social login request</td>
      <td>50 per minute with bursts up to 500 requests</td>
    </tr>
  </tbody>
</table>

#### Limits for non-production tenants of paying customers and all tenants of free customers

<table class="table">
  <thead>
    <tr>
      <th>Endpoint</th>
      <th>Path</th>
      <th>Limited By</th>
      <th>Rate Limit</th>
    </tr>
  </thead>

  <tbody>
    <tr>
      <td>Get Token</td>
      <td><code>/oauth/token</code></td>
      <td>Native social login requests and IP</td>
      <td>30 per minute</td>
    </tr>
  </tbody>
</table>
