Skip to main content

Before you start

  1. Create an Auth0 tenant to register and configure your native and web applications.
  2. Install and configure Auth0 CLI for your Auth0 tenant.
  3. Add Auth0 Authentication to your native application using the appropriate Quickstarts for your platform:
  1. Add refresh_token support to your native application.
  2. Add Auth0 Authentication to your web application using the React Single Page App Quickstart.
Native to Web Single Sign-On (SSO) allows you to create a seamless, secure user experience between your native application and a web-based paid membership flow. Native to Web enables the native application to send the user’s authentication context to the web application using a short-lived, secure session_transfer_token. The sections below outline how you can add:
  • To your native application, a Subscribe Now button that lets authenticated users sign up for a paid membership plan using a secure web checkout experience.
  • To your web application, a Subscription page that allows user to select membership subscriptions without the user logging-in again.
This use case focuses on React-based web applications using the Auth0 React SDK.If you are using a different framework, such as Node or Express, the logic for managing session_transfer_token whether through a URL parameter or cookie can be adapted accordingly.

Configure Auth0 CLI

Use the Auth0 CLI to configure your Auth0 tenant. You can also use the Auth0 Management API; to learn more read Configure Native to Web SSO.
Follow these steps to authenticate your Auth0 tenant using Auth0 CLI:
  1. Initialize the Auth0 CLI
  1. Select As a user and follow the login flow.
  1. Select the Auth0 tenant where you want to enable Native to Web SSO.

Configure Auth0

Enable Native to Web SSO in your native application

Native to Web SSO uses a session_transfer_token to establish SSO from a native to a web application. The session_transfer_token allows Auth0 to identify the user, the origin native application, and additional context securely. To learn more, read Native to Web SSO. Enable Native to Web SSO using Auth0 CLI:

Enable Native to Web SSO in your web application

Enable the web application to accept the session_transfer_token for authentication through a cookie or URL parameter using Auth0 CLI: If the session_transfer_token is injected into the browser with a cookie no additional changes to your web application are required. The only requirement is that the browser navigates to your application’s Login URI to handle the redirect of the user to your Auth0 tenant’s /authorize endpoint.
You can configure the Application Login URI in your application’s settings within the Auth0 Dashboard. This is the route Auth0 will redirect users to when initiating login from external sources.

Create a subscription page in the web application

Add a new /src/views/ file to create a subscription page:

Step 1: Add a new view file

Create a file at src/views/JoinMembership.js. This file will prompt the users to complete a paid subscription.

Step 2: Add a new route

Edit the file src/App.js and add a /join-membership route to the new subscription page:
The new /join-membership route:
  • Determines if the user is authenticated. If not, it will redirect the user to the page.
  • If a session_transfer_token is appended as a URL parameter, the token is passed in the authentication request.
  • Once authenticated, the user will be presented with buttons to subscribe to different membership plans.
Run your React app and go to http://localhost:3000/join-membership
  • If the user is authenticated, the user will see the subscription options.
  • If the user is not authenticated, they are automatically redirected to the Auth0 Universal Login page.
    • If the URL includes a session_transfer_token, it will be included in the login request to Auth0.
    • If not, the login will proceed using the standard web authentication.
When the user logs in, the user is returned to the /join-membership page to select the subscription options.

Configure the native application

Your native application needs to exchange the refresh_token for a session_transfer_token immediately before launching the web application. To do so, add the session transfer exchange and the web application launch logic inside the same event handler, an example is the button’s onClick method.

iOS

The following steps outline how to add mobile-to-web payment to iOS native applications:

Step 1: Add a Subscribe to Membership button

To launch the web-based subscription flow from your iOS native app, add a Subscribe to Membership button to the ProfileView.swift file. Edit the body of the ProfileView.swift file to include a button below the user information:
The ProfileView.swift file adds a Subscribe to Membership button and uses an onSubscribe closure to determine the behavior when selected.

Step 2: Implement the subscription flow using Native to Web SSO

Edit the MainView.swift file to define the behavior of the Subscribe to Membership button:
This sample uses the audience https://sample.api.com for demonstration purposes. You can create an API with this identifier in your Auth0 tenant or replace it with your own API identifier.To learn more, read Set Up APIs.
This allows the user to select the Subscribe to Membership in the native app and immediately start the web application subscription process without logging in again.

Android

The following steps outline how to add mobile-to-web payment to Android native applications:

Step 1: Add a Subscribe button to the main page

To launch the web-based subscription flow from your Android native application, add a Subscribe to Membership button to the UI. Edit the MainActivity.kt file and add the following code to the onCreate() method:
Edit the activity_main.xml file to include the code below after @+id/button_patch_metadata button:

Step 2: Implement subscription flow using Native to Web SSO

Edit the MainActivity.kt file to define the behavior of the Subscribe to Membership button:
  1. Extend the login flow and handle the subscription action:
  1. Update the onCreate()method to include the credentialsManager:
  1. Update the loginwithBrowser() method to store credentials using the credentialsManager:
This sample uses the audience https://sample.api.com for demonstration purposes. You can create an API with this identifier in your Auth0 tenant or replace it with your own API identifier.To learn more, read Set Up APIs.
  1. Add the launchSubscriptionFlow() method to open the web application:
This allows the user to select Subscribe to Membership in the native application and immediately start the web application subscription process without logging in again.

Test your Native to Web SSO implementation

Once everything is configured, run your iOS or Android native application to log in, go to the Profile or to the Mainscreen and select the Subscribe to Membership button. The following takes place:
  • The stored refresh_token is used to request a secure session_transfer_token
  • The session_transfer_token is injected into a cookie for your Auth0 domain
  • A WKWebView is used to load your web application’s /join-membership route
  • The web application receives the session_transfer_token and completes login using Native to Web SSO
  • The user sees the subscription options immediately in the web application
You have created a seamless experience where a mobile native application user can launch a secure, authenticated flow in a web application without being prompted to log in again.

Next Steps

  • Explore more configuration options for Native to Web SSO:Dive deeper into session lifetime, rotation, device binding, and cascade revocation in the Native to Web SSO documentation.
  • Customize the post-login experience with Progressive Profiling:Use Auth0’s Progressive Profile Form to collect additional user data after login — such as plan preferences, address, or payment intent — before showing subscription options.