Native Flows

While many other Auth Providers rely on opening external web pages for authentication, Descope's Native Flows elevate the user experience by embedding authentication flows directly into your mobile app, creating a seamless experience that feels fully native.

Native flows require a flow to be hosted within a web application (either by using our Auth Hosting app or a self-hosted page), but integrate that content into your app via a webview. This preserves the flexibility and scalability of hosted authentication, while delivering a polished, in-app experience that feels fully native.

How Native Flows Work

Native flows provide an integrated authentication experience:

1. Running Hosted Flow:
   The authentication flow is served remotely for secure and stable hosting without extra infrastructure on your part.

2. Embedded via Webview:
   Instead of redirecting users to an external browser, the hosted authentication page is displayed inside a webview, making it feel like a natural part of your app.

3. Enhanced Control & Customization:
   You can preload flows, add custom animations, and control the entire transition within the native app environment, leveraging the flexibility of hosted pages without sacrificing control.

4. Seamless UX:
   Users remain inside the app, maintaining consistent branding and style. The authentication step feels integrated rather than an external detour.

Different Native Flows

Below are general approaches you might choose with Descope's mobile SDK. Each still uses a hosted authentication page displayed in a webview, ensuring a cohesive experience:

• Simple Flow: Pushes a DescopeFlowViewController onto your navigation stack, immediately presenting the hosted flow in a full screen native webview.

• Modal Flow: Preloads a DescopeFlowViewController, so when the user initiates sign-in, the flow appears in a modal instantly. This creates a smooth, uninterrupted experience. This also does not fill the entire screen like the simple flow does, and mimicks the browser modal a bit more, without the annoying browser related buttons.

• Inline Flow: Integrates a DescopeFlowView directly into your app's view hierarchy. This approach allows for fully custom animations and transitions, making the flow feel like an organic part of your UI.

All these approaches keep the user within your app's environment rather than switching to an external browser, ensuring consistent branding, better control, and a smoother user experience.

Authentication Methods with Native Flows

Native Flows work seamlessly with various authentication methods. Native OAuth, Passkeys, and Magic Link all integrate smoothly with Native Flows, though they require additional configuration to set up properly.

• OAuth: Social login providers like Google, Facebook, and Apple can be integrated with Native Flows. The OAuth handshake is handled securely while maintaining the native app experience.
• Passkeys: Biometric authentication and passkeys work seamlessly with Native Flows, providing a secure and user-friendly authentication experience.
• Magic Link: Magic link authentication integrates with Native Flows, allowing users to authenticate via email or SMS links while staying within your app.

For methods that inherently rely on browser interactions, Descope's Native Flow handles these gracefully. Under the hood, it may open a secure, controlled browser session that fits naturally into the native flow, preserving a unified look and feel.

Managing Sessions and Authentication State

Beyond the flow itself, proper session management ensures that users remain seamlessly authenticated without repeatedly entering credentials.

iOS with ASWebAuthenticationSession

On iOS, ASWebAuthenticationSession can enhance session management in scenarios that require browser-based capabilities (such as OAuth). It provides a secure environment to handle authentication sessions while still allowing the app to control aspects like timeouts, tokens, and redirects. When combined with Native Flows, it ensures that even browser-dependent authentication methods (like certain OAuth providers) integrate smoothly without forcing a full browser context switch. This means your iOS app can benefit from secure, system-level session handling while still presenting a native and cohesive UX.

Android with DescopeSessionManager

On Android, Descope offers the DescopeSessionManager class to manage authenticated user sessions. It takes care of loading and saving session data, securely storing it with EncryptedSharedPreferences, and refreshing sessions before they expire. By initializing Descope with your applicationContext and managing sessions with DescopeSessionManager, you can ensure that users stay signed in across app launches and have their tokens refreshed automatically.

By leveraging DescopeSessionManager, you get:

• Auto-Refresh: Sessions refresh automatically before expiration.
• Secure Storage: Sessions and tokens are stored in encrypted preferences.
• Persistent Auth State: The user remains signed in across app restarts, and you can easily revoke or clear sessions when they sign out.

This seamless integration of session management helps you deliver a stable, user-friendly authentication experience without manual token handling.

Conclusion

Descope's Native Flows provide the best of both worlds: reliability and maintainability of hosted authentication pages, combined with the control and seamless feel of a fully native UI. With easy access to session management tools on both iOS and Android, you can deliver a top-tier authentication experience without compromising on security, scalability, or branding.

By integrating Native Flows, session management tools like DescopeSessionManager, and leveraging platform-specific frameworks such as ASWebAuthenticationSession, developers can create authentication journeys that users trust, appreciate, and remember.

To learn how to integrate Native Flows in your Swift or Kotlin applications, visit the respective quickstart guides.