React Native integration with identity server

Question

I have a react native app which is created using react-native-cli.

In official react native documentation it recommends to use react-native-app-auth which has too many issues reported.

However since it’s used by many i have started my implementation but came across many issues related Android.

Is there a recommended library that is maintained or tutorial that provides the guide to implement authentication using authorization code flow with PKCE?

Thanks in advance

Answer 1

AppAuth are the official libraries, though they are easier to integrate into a Kotlin based app, since the tech gets quite native in places:

• Opening a Chrome Custom Tab
• Registering redirect schemes
• An Authorization Code Flow redirect
• An Authorization Code Grant POST
• A Refresh Token Grant POST
• Secure storage of tokens on the device
• Good login usability
• Handling error and expiry conditions

AppAuth is primarily a pattern though, from RFC8252, so you could implement the above in Javascript code.

Start by implementing the above 3 OAuth messages and ensure that you understand payloads. Post back if you get stuck on areas such as PKCE and I can point you to some relevant JS code.

TRICKY AREAS

My Android Blog Posts may help you to clarify your requirements and explains some common problems and resolutions. There is a detailed code sample you can run locally also.

MOBILE TECH

I had a React Native sample in the past, but found the tech too painful in some areas:

• Missing error details in responses from React-Native-App-Auth
• Red screens when tracing HTTPS requests.

Therefore I switched everything to Kotlin where there are fewer tech layers to deal with.