/react-native-app-auth

React native bridge for AppAuth - an SDK for communicating with OAuth2 providers

Primary LanguageJavaMIT LicenseMIT

React Native App Auth

React native bridge for AppAuth - an SDK for communicating with OAuth2 providers

npm package version Maintenance Status Workflow Status

This versions supports react-native@0.63+. The last pre-0.63 compatible version is v5.1.3.

React Native bridge for AppAuth-iOS and AppAuth-Android SDKS for communicating with OAuth 2.0 and OpenID Connect providers.

This library should support any OAuth provider that implements the OAuth2 spec.

We only support the Authorization Code Flow.

Check out the full documentation here!

Tested OpenID providers

These providers are OpenID compliant, which means you can use autodiscovery.

Tested OAuth2 providers

These providers implement the OAuth2 spec, but are not OpenID providers, which means you must configure the authorization and token endpoints yourself.

Why you may want to use this library

AppAuth is a mature OAuth client implementation that follows the best practices set out in RFC 8252 - OAuth 2.0 for Native Apps including using ASWebAuthenticationSession and SFSafariViewController on iOS, and Custom Tabs on Android. WebViews are explicitly not supported due to the security and usability reasons explained in Section 8.12 of RFC 8252.

AppAuth also supports the PKCE ("Pixy") extension to OAuth which was created to secure authorization codes in public clients when custom URI scheme redirects are used.

To learn more, read this short introduction to OAuth and PKCE on the Formidable blog.

Contributing

Please see our contributing guide.

Running the iOS app

After cloning the repository, run the following:

cd react-native-app-auth/Example
yarn
(cd ios && pod install)
npx react-native run-ios

Running the Android app

After cloning the repository, run the following:

cd react-native-app-auth/Example
yarn
npx react-native run-android

Notes

  • You have to have the emulator open before running the last command. If you have difficulty getting the emulator to connect, open the project from Android Studio and run it through there.
  • ANDROID: When integrating with a project that utilizes deep linking (e.g. React Navigation deep linking), update the redirectUrl in your config and the appAuthRedirectScheme value in build.gradle to use a custom scheme so that it differs from the scheme used in your deep linking intent-filter as seen here.

Example:

// build.gradle
android {
  defaultConfig {
    manifestPlaceholders = [
      appAuthRedirectScheme: 'io.identityserver.demo.auth'
    ]
  }
}

Maintenance Status

Active: Nearform is actively working on this project, and we expect to continue for work for the foreseeable future. Bug reports, feature requests and pull requests are welcome.