Add login to a mobile app

Mobile applications, by design, cannot maintain any secrets. These kinds of applications are called public clients.

Based on the OAuth 2.0 best practices for browser-based apps (opens new window), Asgardeo recommends securing your mobile apps using the OpenID Connect Authorization Code Flow for public clients with the PKCE (Proof Key for Code Exchange (opens new window)) extension.

See the guides given below to add login to your mobile applications with Asgardeo.

Manually add login to your mobile app

• Implement authorization code flow with PKCE

Add login to your framework-based mobile apps

• Authenticate users into Android applications
• Authenticate users into Flutter applications