Build a Self-Service Account Security Interface with My Account API

Universal Components allows you to build a self service account security UI within your native iOS and Android applications. This enables your users to manage their own authentication methods, such as MFA factors, passkeys, and recovery codes directly inside your application, without leaving for a web browser or contacting support.

How it works

Universal Components leverage the My Account API, which operates using user scoped tokens, to render an authentication-methods management UI inside your application. When an authenticated user opens their account settings screen, The Auth0 SDK, Auth0.swift on iOS and Auth0.Android on Android, retrieves an Access Token scoped to the My Account API audience. Universal Components use this token to call the API as the logged in user, ensuring each user can only modify their own authentication methods.

My Account components are used to create end-user self-service interfaces. For delegated admin UI where a user manages an Auth0 Organization, read Build a Delegated Admin Interface.

Available components

Each component leverages the My Account API and covers one or more authentication methods.

Component	API endpoint
Auth Methods Management — `MyAccountAuthMethodsView` (iOS) / `AuthenticatorSettingsComponent` (Android). Enrolls, lists, and removes every authentication method on the user’s account: Email OTP, SMS OTP, TOTP (Authenticator app), Push via Auth0 Guardian, Passkeys, and Recovery Codes.	`/me/v1/authentication-methods`

Configure My Account Components using the Auth0 Dashboard

To use My Account components, you need to configure your Auth0 tenant with the proper APIs, applications, and scopes.

Enable the My Account API

Navigate to Dashboard > Applications > APIs.
Select Activate My Account API to and ensure it is enabled for your tenant.

Create an Application and configure My Account API scopes

Navigate to Dashboard > Applications.
Select Create Application.
Select Native.
In the Settings tab, add the callback URL in the Allowed Callback URLs:
- For iOS applications use: https://YOUR_AUTH0_DOMAIN://YOUR_BUNDLE_ID/ios/YOUR_BUNDLE_ID/callback.
- For Android applications use: https://YOUR_AUTH0_DOMAIN://YOUR_PACKAGE_NAME/android/YOUR_PACKAGE_NAME/callback.
Add your logout URLs in the Allowed Logout URLs.
Select the API Access Tab.
Select Edit for the Auth0 My Account API to select the User delegated Access permissions:

Configure scopes

Request the scopes your app needs from the My Account API when obtaining the user’s access token.

Required scopes

create:me:authentication_methods
read:me:authentication_methods
update:me:authentication_methods
delete:me:authentication_methods

The user’s token only includes permissions they were granted during login. Request all four scopes if you want users to enroll, review, and remove authentication methods.

Configure passkeys (optional)

You can skip this step if you are not enabling passkey enrollment.

Navigate to Dashboard > Authentication > Database. Open the database connection you want passkeys enabled on.
Under Passkey settings, toggle Require Passkey Enrollment as needed for your policy.
Register your mobile applications so the platform authenticator can issue credentials for your Auth0 tenant:
- For iOS applications add: your application’s bundle ID under Allowed iOS Applications.
- For Android applications add: your applications’s package name and SHA-256 signing fingerprints under Allowed Android Applications. Obtain the fingerprint with keytool -list -v -keystore /path/to/keystore -alias YOUR_ALIAS | grep SHA256, or copy it from Play Console > Setup > App signing for Play App Signing.

Auth0 publishes the platform association files (apple-app-site-association on iOS, assetlinks.json on Android) on your tenant domain automatically.

Passkeys require custom domains to be enabled in your tenant.

Configure your application

iOS
Android

Install the SDK

To install the Auth0UniversalComponents use the Swift Package Manager, CocoaPods, or Carthage. For installation details and requirements, read Auth0 Universal Components for Native Apps.

Initialize the SDK

To initialize the SDK call the Auth0UniversalComponentsSDKInitializer.initialize(...) once at application start, typically in your application struct’s init. If your application already uses Auth0.plist to configure Auth0.swift, add ClientId, Domain, and Audience keys and call:

App.swift

import SwiftUI
import Auth0
import Auth0UniversalComponents

@main
struct MyApp: App {
    init() {
        Auth0UniversalComponentsSDKInitializer.initialize(
            tokenProvider: CredentialsManager(authentication: Auth0.authentication())
        )
    }

    var body: some Scene {
        WindowGroup { ContentView() }
    }
}

Or pass the values directly in code:

App.swift

Auth0UniversalComponentsSDKInitializer.initialize(
    domain: "YOUR_AUTH0_DOMAIN",
    clientId: "YOUR_CLIENT_ID",
    audience: "https://YOUR_AUTH0_DOMAIN/me/",
    tokenProvider: CredentialsManager(authentication: Auth0.authentication())
)

Configure the token provider

The TokenProvider protocol is how the SDK asks your application for credentials. Auth0 recommends to use the Auth0.swift's CredentialsManager for production integrations and avoid hand-rolling a custom implementation unless you have storage requirements that Auth0.swift doesn’t meet.

Custom TokenProvider

If you manage credentials yourself, implement all four methods:

struct AppTokenProvider: TokenProvider {
    func fetchCredentials() async throws -> Credentials {
        // Return the user's login credentials.
    }
    func storeCredentials(credentials: Credentials) {
        // Persist new or refreshed credentials.
    }
    func store(apiCredentials: APICredentials, for audience: String) {
        // Persist My Account API credentials keyed by audience.
    }
    func fetchAPICredentials(audience: String, scope: String) async throws -> APICredentials {
        // Return cached My Account API credentials, refreshing if expired.
    }
}

Configure passkeys (optional)

To configure passkeys implement a PasskeysConfiguration to override default passkey behavior. All fields are optional.

let passkeys = PasskeysConfiguration(
    userIdentityId: "auth0|abc123",
    connection: "Username-Password-Authentication"
)

Auth0UniversalComponentsSDKInitializer.initialize(
    passkeyConfiguration: passkeys,
    tokenProvider: credentialsManager
)

Add the Associated Domains entitlement to your Xcode target so the platform authenticator will issue credentials for your Auth0 tenant:

    webcredentials:YOUR_AUTH0_DOMAIN

Passkeys require iOS 16.6+, macOS 13.5+, or visionOS 1.0+.

Install the SDK

Use Gradle to install com.auth0.universalcomponents:universal-components. For installation details and platform requirements, read Auth0 Universal Components for Native Apps .

Initialize the SDK

To initialize the SDK use the Auth0UniversalComponents.initialize(...) method once at the application start, typically from your application subclass or from onCreate in the launcher Activity.

MainActivity.kt

import com.auth0.android.Auth0
import com.auth0.android.authentication.AuthenticationAPIClient
import com.auth0.android.authentication.storage.CredentialsManager
import com.auth0.android.authentication.storage.SharedPreferencesStorage
import com.auth0.universalcomponents.Auth0UniversalComponents
import com.auth0.universalcomponents.token.DefaultTokenProvider

class MainActivity : ComponentActivity() {

    private val account by lazy {
        Auth0.getInstance(
            getString(R.string.com_auth0_client_id),
            getString(R.string.com_auth0_domain)
        )
    }

    private val credentialsManager by lazy {
        CredentialsManager(
            AuthenticationAPIClient(account),
            SharedPreferencesStorage(this)
        )
    }

    override fun onCreate(savedInstanceState: Bundle?) {
        super.onCreate(savedInstanceState)

        Auth0UniversalComponents.initialize(
            account = account,
            tokenProvider = DefaultTokenProvider(credentialsManager),
            scheme = getString(R.string.com_auth0_scheme)
        )

        setContent { MyApp() }
    }
}

Configure the token provider

Use the DefaultTokenProvider which wraps the Auth0.Android CredentialsManager, unless you need custom token storage.

Custom TokenProvider

If you manage tokens outside the Auth0.Android CredentialsManager, implement the interface directly:

class AppTokenProvider : TokenProvider {
    override suspend fun fetchCredentials(): Credentials {
        // Return the user's login credentials.
    }
    override suspend fun fetchApiCredentials(
        audience: String,
        scope: String?
    ): APICredentials {
        // Return cached My Account API credentials, refreshing if expired.
    }
    override suspend fun saveApiCredentials(
        audience: String,
        credentials: APICredentials
    ) {
        // Persist the freshly issued API credentials.
    }
}

Configure passkeys (optional)

Use the PasskeyConfiguration to customize how the SDK enrolls passkeys through the AndroidX Credential Manager.

import androidx.credentials.CredentialManager
import com.auth0.universalcomponents.PasskeyConfiguration

val passkeyConfiguration = PasskeyConfiguration(
    credentialManager = CredentialManager.create(this),
    connection = "Username-Password-Authentication",
    userIdentity = "auth0|abc123"
)

Auth0UniversalComponents.initialize(
    account = account,
    tokenProvider = DefaultTokenProvider(credentialsManager),
    scheme = getString(R.string.com_auth0_scheme),
    passkeyConfiguration = passkeyConfiguration
)

Passkeys require Android 14+ for the full Credential Manager experience. On Android’s versions 9–13, they sync through Google Password Manager on devices with up-to-date Play Services.

Users must be authenticated before you render any component. Once the SDK is initialized and your TokenProvider is wired up, drop the Auth Methods Management component into your settings screen to give users full MFA, passkey, and recovery-code self-service.

Web Foundations

Native Foundations

My Account

My Organization

Build a Self-Service Account Security Interface with My Account API

How it works

Available components

Configure My Account Components using the Auth0 Dashboard

Enable the My Account API

Create an Application and configure My Account API scopes

Configure scopes

Configure passkeys (optional)

Configure your application

Install the SDK

Initialize the SDK

Configure the token provider

Configure passkeys (optional)

Install the SDK

Initialize the SDK

Configure the token provider

Configure passkeys (optional)

Web Foundations

Native Foundations

My Account

My Organization

Documentation Index

​How it works

​Available components

​Configure My Account Components using the Auth0 Dashboard

​Enable the My Account API

​Create an Application and configure My Account API scopes

​Configure scopes

​Configure passkeys (optional)

​Configure your application

​Install the SDK

​Initialize the SDK

​Configure the token provider

​Configure passkeys (optional)

​Install the SDK

​Initialize the SDK

​Configure the token provider

​Configure passkeys (optional)

How it works

Available components

Configure My Account Components using the Auth0 Dashboard

Enable the My Account API

Create an Application and configure My Account API scopes

Configure scopes

Configure passkeys (optional)

Configure your application

Install the SDK

Initialize the SDK

Configure the token provider

Configure passkeys (optional)

Install the SDK

Initialize the SDK

Configure the token provider

Configure passkeys (optional)