> ## Documentation Index
> Fetch the complete documentation index at: https://docs-dev-docs-event-stream-action-templates.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.
# Build a Self-Service Account Security Interface with My Account API on Android
> Describes how to use Universal Components to build self-service account security interfaces with Auth0's My Account API on Android.
export const ReleaseStageNotice = ({feature, stage, plans, contact, terms}) => {
const stageTextMap = {
"beta": "Beta",
"ea": "Early Access"
};
const stageText = stageTextMap[stage] || "a product release stage";
const prsLink = "/docs/troubleshoot/product-lifecycle/product-release-stages";
const linkify = (text, url) => {
return {text};
};
const includeDetails = (plans, contact, terms) => {
const hasDetails = terms || plans || contact;
if (!hasDetails) return null;
return
{plans && <>This feature is available for {linkify(`${plans} plans`, "https://auth0.com/pricing")}. }
{contact && "To participate, contact " + contact + ". "}
{terms && <>By using this feature, you agree to the applicable Free Trial terms in Okta's {linkify("Master Subscription Agreement", "https://www.okta.com/legal")}.}
;
};
return
The {feature} feature is in {linkify(stageText, prsLink)}.
{includeDetails(plans, contact, terms)}
;
};
Auth0 Universal Components for Android allow you to build a self-service account security UI within your [native Android application](/docs/get-started/auth0-overview/create-applications#create-application-in-auth0).
With the `AuthenticatorSettingsComponent`, users can manage their own authentication methods — multi-factor authentication (MFA) factors, passkeys, and recovery codes — directly inside your application, without leaving for a web browser or contacting support.
## How it works
The `AuthenticatorSettingsComponent` uses the Auth0 [My Account API's authentication methods](/docs/manage-users/my-account-api#manage-authentication-methods) to render an authentication-methods management UI inside your application.
The My Account API currently enforces low rate limits, especially on free-tier tenants. This may cause errors while using these components.
When an authenticated user opens their account settings screen, the [Auth0.Android](https://github.com/auth0/Auth0.Android) SDK retrieves an [access token](/docs/secure/tokens/access-tokens) scoped to the My Account API audience.
The `AuthenticatorSettingsComponent` uses the access token to call the My Account API [`/me/v1/authentication-methods`](/docs/api/myaccount/authentication-methods/get-authentication-methods) endpoints as the logged-in user, so each user can only modify their own authentication methods.
* The `AuthenticatorSettingsComponent` creates **end-user self-service** interfaces. End users can enroll, list, and remove every authentication method on their account: email OTP, SMS OTP, TOTP (authenticator application), push via Auth0 Guardian, passkeys, and recovery codes.
* For **delegated admin** interfaces in which a user manages an Auth0 Organization, read [Build a Delegated Admin Interface](/docs/get-started/universal-components/web/components/build-delegated-admin).
## Prerequisites
### Enable the My Account API
1. Navigate to [Dashboard > Applications > APIs](https://manage.auth0.com/#/apis).
2. Select **Activate My Account API** to ensure it is enabled for your tenant.
### Create an application and configure My Account API permissions
1. Navigate to [Dashboard > Applications](https://manage.auth0.com/#/applications).
2. Select **Create Application**.
3. Select **Native**.
4. Select the **Settings** tab to add the following callback URLs in the **Allowed Callback URLs**:
```text theme={null}
https://YOUR_AUTH0_DOMAIN/android/YOUR_PACKAGE_NAME/callback, YOUR_SCHEME://YOUR_AUTH0_DOMAIN/android/YOUR_PACKAGE_NAME/callback
```
5. Add the same URLs for the **Allowed Logout URLs**.
```text theme={null}
https://YOUR_AUTH0_DOMAIN/android/YOUR_PACKAGE_NAME/callback, YOUR_SCHEME://YOUR_AUTH0_DOMAIN/android/YOUR_PACKAGE_NAME/callback
```
6. Select the **API Access** tab.
7. Select **Edit** for the **Auth0 My Account API** to add the **User-delegated Access** permissions:
`create:me:authentication_methods`
`read:me:authentication_methods`
`update:me:authentication_methods`
`delete:me:authentication_methods`
8. Select **Save** to save the permissions.
* The user's access token only includes permissions they were granted during login.
* Request all four scopes if you want users to enroll, review, and remove authentication methods.
### Install the SDK
Use Gradle to install the `com.auth0.universalcomponents:universal-components` package. For installation details and platform requirements, read Auth0 [Universal Components for Android](/docs/get-started/universal-components/android/android-overview).
### Initialize the SDK
To initialize the SDK, call the `Auth0UniversalComponents.initialize(...)` method once at application start, typically from your `Application` subclass or from `onCreate` in the launcher `Activity`.
```kotlin MainActivity.kt wrap lines theme={null}
import com.auth0.android.Auth0
import com.auth0.android.authentication.AuthenticationAPIClient
import com.auth0.android.authentication.storage.CredentialsManager
import com.auth0.android.authentication.storage.SharedPreferencesStorage
import com.auth0.universalcomponents.Auth0UniversalComponents
import com.auth0.universalcomponents.token.DefaultTokenProvider
class MainActivity : ComponentActivity() {
private val account by lazy {
Auth0.getInstance(
getString(R.string.com_auth0_client_id),
getString(R.string.com_auth0_domain)
)
}
private val credentialsManager by lazy {
CredentialsManager(
AuthenticationAPIClient(account),
SharedPreferencesStorage(this)
)
}
override fun onCreate(savedInstanceState: Bundle?) {
super.onCreate(savedInstanceState)
Auth0UniversalComponents.initialize(
context = applicationContext,
account = account,
tokenProvider = DefaultTokenProvider(credentialsManager),
scheme = getString(R.string.com_auth0_scheme),
passkeyConfiguration = PasskeyConfiguration()
)
setContent { MyApp() }
}
}
```
### Configure the token provider
Use the `DefaultTokenProvider`, which wraps the [`Auth0.Android`](https://github.com/auth0/Auth0.Android) `CredentialsManager`, to request credentials from your application.
Auth0 recommends using the Auth0.Android's `CredentialsManager` for production integrations. Implement a custom `TokenProvider` only if the `Auth0.Android` SDK does not meet your storage requirements.
To manage credentials outside the Auth0.Android SDK's `CredentialsManager`, implement the interface directly:
```kotlin wrap lines theme={null}
class AppTokenProvider : TokenProvider {
override suspend fun fetchCredentials(): Credentials {
// Return the user's login credentials.
}
override suspend fun fetchApiCredentials(
audience: String,
scope: String?
): APICredentials {
// Return cached My Account API credentials, refreshing if expired.
}
override suspend fun saveApiCredentials(
audience: String,
credentials: APICredentials
) {
// Persist the freshly issued API credentials.
}
}
```
Users must be authenticated before you render any component. After the SDK is initialized and your `TokenProvider` is wired up, add the [`AuthenticatorSettingsComponent`](/docs/get-started/universal-components/android/components/auth-methods-management) to your settings screen to give users full MFA, passkey, and recovery-code self-service.
## Learn more
Review the `AuthenticatorSettingsComponent` reference, supported factors, and Compose NavHost integration.
Override colors, typography, spacing, radius, and size tokens using the Auth0 design-token system.