Surfing the AuthN Wave: Secure Your .NET MAUI App with Auth0 and Terraform
I’m building a cross-platform native mobile application using .NET MAUI. To provide users with a seamless and secure authentication experience, I’ve chosen Auth0 as the identity provider. Auth0 supports integration with a variety of identity services such as Microsoft Personal Accounts, Google Accounts, Facebook, and Apple ID, making it a suitable choice for consumer-focused applications.
Setting Up the Auth0 Application
To begin, I needed to create an application within Auth0 that corresponds to my .NET MAUI app. I used Terraform to define and provision this application with the following configuration:
resource "auth0_client" "maui_app" {
name = "foo MAUI Client"
description = "Native app for Android/iOS/Windows using .NET MAUI"
app_type = "native"
is_first_party = true
oidc_conformant = true
callbacks = [
"foo://callback"
]
allowed_logout_urls = [
"foo://logout"
]
web_origins = [
"foo://callback"
]
grant_types = [
"authorization_code",
"refresh_token"
]
jwt_configuration {
alg = "RS256"
}
// Optional: rotate refresh tokens
refresh_token {
rotation_type = "rotating"
expiration_type = "expiring"
token_lifetime = 2592000 # 30 days
leeway = 0
}
}
This configuration sets up a native application type with a custom URI scheme (dinkline://callback) for handling authentication responses. The refresh token is configured for rotation and expiration to enhance security.
Integrating Auth0 with .NET MAUI
I used the Auth0.OidcClient.MAUI NuGet package to facilitate the authentication process. In MauiProgram.cs, I registered a singleton instance of the Auth0Client:
builder.Services.AddSingleton(new Auth0Client(new()
{
Domain = "dev-foo.us.auth0.com",
ClientId = "foo",
RedirectUri = "foo://callback",
PostLogoutRedirectUri = "foo://logout",
Scope = "openid profile email"
}
)
);
This configuration aligns with the settings defined in the Terraform auth0_client resource.
Using the Auth0 Client in the App
With the Auth0Client registered, I can inject it into any page or service within my app. For example, in MainPage, the client is injected through the constructor:
public partial class MainPage : ContentPage
{
Auth0Client _auth0Client;
int count = 0;
public MainPage(Auth0Client auth0Client)
{
InitializeComponent();
_auth0Client = auth0Client;
}
}
To initiate login, I simply call:
var loginResult = await _auth0Client.LoginAsync();
This prompts the user to authenticate via Auth0. However, at this stage, the app is configured to authenticate through Auth0 only. To enable third-party identity providers, further configuration within the Auth0 dashboard or via Terraform is required.
Next Steps: Adding Identity Providers
With the core authentication flow in place, the next step is to integrate external identity providers like Google, Microsoft, Facebook, and Apple. This typically involves enabling the desired providers in the Auth0 dashboard and potentially configuring client IDs and secrets from each provider. Once set up, users will be presented with multiple login options, enhancing the user experience and accessibility of the app.
By leveraging Auth0’s extensibility and .NET MAUI’s cross-platform capabilities, I’m setting up a robust authentication mechanism that balances security with user convenience.