Mobile SDK

Native vs Browser Flows

Mobile authentication often determines how users perceive your app's quality and trustworthiness. While many auth providers rely on browser-based flows—opening external web pages for sign-in—Descope's Native Flows elevate the user experience by embedding authentication screens directly into your mobile app pages.

Native flows still rely on hosted content (such as Auth Hosting), but integrate that content into your app via a webview. This preserves the flexibility and scalability of hosted authentication, while delivering a polished, in-app experience that feels fully native.

First, let's compare the two approaches to understand the benefits of using Native Flows.

Browser-Based Authentication Flows

Browser-based flows open authentication screens in an external browser or browser-like popup. Though simple to implement, this can cause a jarring break in the user experience:

  • Context Switching: Users leave the app's environment, potentially losing trust or momentum.
  • Limited Customization: The UI is restricted to external browser pages.
  • Reduced Control: Session management, cookie handling, and transitions depend heavily on browser behavior.

Native Flows: Embedded Webview Experience

Native flows offer a more integrated approach:

  1. Running Hosted Flow:
    The authentication flow is served remotely for secure and stable hosting without extra infrastructure on your part.

  2. Embedded via Webview:
    Instead of redirecting users to an external browser, the hosted authentication page is displayed inside a webview, making it feel like a natural part of your app.

  3. Enhanced Control & Customization:
    You can preload flows, add custom animations, and control the entire transition within the native app environment, leveraging the flexibility of hosted pages without sacrificing control.

  4. Seamless UX:
    Users remain inside the app, maintaining consistent branding and style. The authentication step feels integrated rather than an external detour.

Different Native Flows

Below are general approaches you might choose with Descope's mobile SDK. Each still uses a hosted authentication page displayed in a webview, ensuring a cohesive experience:

  • Simple Flow: Pushes a DescopeFlowViewController onto your navigation stack, immediately presenting the hosted flow in a native webview.

    simple-flow

  • Modal Flow: Preloads a DescopeFlowViewController, so when the user initiates sign-in, the flow appears in a modal instantly. This creates a smooth, uninterrupted experience. This also does not fill the entire screen like the simple flow does, and mimicks the browser modal a bit more, without the annoying browser related buttons.

    modal-flow

  • Inline Flow: Integrates a DescopeFlowView directly into your app's view hierarchy. This approach allows for fully custom animations and transitions, making the flow feel like an organic part of your UI.

    inline-flow

All these approaches keep the user within your app's environment rather than switching to an external browser, ensuring consistent branding, better control, and a smoother user experience.

Comparison: Native vs. Browser-Based

FeatureBrowser-Based FlowsNative Flows with Hosted Content
User ExperienceContext switch to external browser environmentFully embedded within the app's interface
CustomizationLimited UI and transition controlFull control over animations, transitions, and flow
HostingHosted pages displayed externallyHosted pages displayed in-app via a webview
BrandingHarder to maintain consistent brandingConsistent branding and UX continuity
Session ManagementHandled primarily by the browser environmentManaged directly in-app with flexible session utilities

Browser Capabilities for Specialized Flows

Native Flows can still seamlessly invoke browser-based capabilities behind the scenes when required. For methods that inherently rely on browser interactions—like passkeys, OAuth social login, or native OAuth (e.g. Sign in with Apple)—Descope's Native Flow will handle these gracefully. Under the hood, it may open a secure, controlled browser session that fits naturally into the native flow, preserving a unified look and feel.

For example:

  • OAuth Social Login: If your app uses Google or Apple sign-in, Native Flows can momentarily tap into browser-based sessions using system-level tools. This ensures the security and correctness of the OAuth handshake without making it feel like the user left the app.
  • Cookie-Based Sessions: When cookies need to be set or read for certain flows, the underlying webview or system browser session can handle these details invisibly, retaining a native-like user experience.

Managing Sessions and Authentication State

Beyond the flow itself, proper session management ensures that users remain seamlessly authenticated without repeatedly entering credentials.

iOS with ASWebAuthenticationSession

On iOS, ASWebAuthenticationSession can enhance session management in scenarios that require browser-based capabilities (such as OAuth). It provides a secure environment to handle authentication sessions while still allowing the app to control aspects like timeouts, tokens, and redirects. When combined with Native Flows, it ensures that even browser-dependent authentication methods (like certain OAuth providers) integrate smoothly without forcing a full browser context switch. This means your iOS app can benefit from secure, system-level session handling while still presenting a native and cohesive UX.

Android with DescopeSessionManager

On Android, Descope offers the DescopeSessionManager class to manage authenticated user sessions. It takes care of loading and saving session data, securely storing it with EncryptedSharedPreferences, and refreshing sessions before they expire. By initializing Descope with your applicationContext and managing sessions with DescopeSessionManager, you can ensure that users stay signed in across app launches and have their tokens refreshed automatically.

By leveraging DescopeSessionManager, you get:

  • Auto-Refresh: Sessions refresh automatically before expiration.
  • Secure Storage: Sessions and tokens are stored in encrypted preferences.
  • Persistent Auth State: The user remains signed in across app restarts, and you can easily revoke or clear sessions when they sign out.

This seamless integration of session management helps you deliver a stable, user-friendly authentication experience without manual token handling.

Conclusion

Descope's Native Flows provide the best of both worlds: reliability and maintainability of hosted authentication pages, combined with the control and seamless feel of a fully native UI. With easy access to session management tools on both iOS and Android, you can deliver a top-tier authentication experience without compromising on security, scalability, or branding.

By integrating Native Flows, session management tools like DescopeSessionManager, and leveraging platform-specific frameworks such as ASWebAuthenticationSession, developers can create authentication journeys that users trust, appreciate, and remember—without forcing them into clunky browser redirects or fragmented experiences.

To learn how to integrate Native Flows in your Swift or Kotlin applications, visit the respective quickstart guides.

Was this helpful?

Previous

Auth Helpers

Next

Backend SDK

On this page

Native vs Browser FlowsBrowser-Based Authentication FlowsNative Flows: Embedded Webview ExperienceDifferent Native FlowsComparison: Native vs. Browser-BasedBrowser Capabilities for Specialized FlowsManaging Sessions and Authentication StateiOS with ASWebAuthenticationSessionAndroid with DescopeSessionManagerConclusion