Skip to content


Functionality of the Mobile SDK⚓︎

The nextAuth Mobile SDK includes all the necessary functionality to create and manage nextAuth accounts, on one or more nextAuth servers, and to log in with these accounts. A login can be either locally, in the mobile app itself, or with respect to a session in another app or even on another device. Every login attempt results in the creation of a session and will trigger the necessary user interaction through callbacks.

The Mobile SDK also handles push messages, keeps a history of all interactions and has a built-in QR code processor.

Core Entities⚓︎


For each server where the Mobile SDK is used to register one or more accounts, the Mobile SDK stores the corresponding server parameters (as defined by the server). Upon creating a session, these server parameters are updated, if needed.

The server parameters have a big influence on the how the Mobile SDK will behave itself for all sessions that correspond to accounts for a given server.


The Mobile SDK keeps a list of registered accounts, whereby each account allows for authenticating towards a specific server as a specific user, and receiving messages from the corresponding server.

Accounts can be deleted, both from the Server SDK and from the app. When an account is deleted server side, the server sends a message to the Mobile SDK instructing it to delete this account. Vice versa, the Mobile SDK will also notify the server that an account was deleted. Note that, when the app is uninstalled, all accounts are effectively deleted but the server will not be notified.


Each login has a session associated with it. A session can be started in three ways:

  • based on the data directly delivered to the application, e.g., by scanning a QR code or decoding a universal link;
  • based on an encrypted push message received from the nextAuth server;
  • through an AppLogin.

The first two are about using the app as an authenticator to a website or other apps. The last one enables logging in into the app itself and securely accessing backend resources.