Security News
Maven Central Adds Sigstore Signature Validation
Maven Central now validates Sigstore signatures, making it easier for developers to verify the provenance of Java packages.
By Sarah Gooding - Feb 06, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
expo-auth-session
Advanced tools
What is expo-auth-session?
The expo-auth-session package is a library for handling authentication flows in Expo and React Native applications. It provides tools to manage OAuth 2.0 and OpenID Connect authentication, making it easier to integrate with various identity providers.
What are expo-auth-session's main functionalities?
OAuth 2.0 Authentication
This feature allows you to initiate an OAuth 2.0 authentication flow. The code sample demonstrates how to start an authentication session using a specified authorization URL and handle the result.
import * as AuthSession from 'expo-auth-session';
const authUrl = 'https://example.com/auth';
const redirectUrl = AuthSession.makeRedirectUri();
async function authenticate() {
const result = await AuthSession.startAsync({ authUrl, returnUrl: redirectUrl });
if (result.type === 'success') {
console.log('Authentication successful:', result.params);
}
}OpenID Connect Support
This feature supports OpenID Connect, which is an identity layer on top of OAuth 2.0. The code sample shows how to use the discovery document to configure an authentication request and handle the response.
import * as AuthSession from 'expo-auth-session';
const discovery = AuthSession.useAutoDiscovery('https://example.com');
async function authenticateWithOIDC() {
const request = new AuthSession.AuthRequest({
clientId: 'your-client-id',
scopes: ['openid', 'profile'],
redirectUri: AuthSession.makeRedirectUri(),
});
const result = await AuthSession.startAsync({ authUrl: request.makeAuthUrl(), returnUrl: request.redirectUri });
if (result.type === 'success') {
console.log('OIDC Authentication successful:', result.params);
}
}Token Exchange
This feature allows you to exchange an authorization code for an access token. The code sample demonstrates how to perform a token exchange using the authorization code obtained from a successful authentication.
import * as AuthSession from 'expo-auth-session';
async function exchangeToken(authCode) {
const tokenResponse = await AuthSession.exchangeCodeAsync({
clientId: 'your-client-id',
code: authCode,
redirectUri: AuthSession.makeRedirectUri(),
extraParams: {
client_secret: 'your-client-secret',
},
});
console.log('Access Token:', tokenResponse.accessToken);
}Other packages similar to expo-auth-session
react-native-app-auth
react-native-app-auth is a library for OAuth 2.0 and OpenID Connect authentication in React Native applications. It provides a more native experience by using native modules for iOS and Android, which can result in better performance and reliability compared to expo-auth-session, which is more suitable for Expo managed workflows.
passport
Passport is a popular authentication middleware for Node.js. It supports a wide range of authentication strategies, including OAuth 2.0 and OpenID Connect. While it is not specifically designed for React Native, it can be used in conjunction with a backend server to handle authentication flows, offering more flexibility and control compared to expo-auth-session.
oidc-client
oidc-client is a JavaScript library for managing OpenID Connect and OAuth 2.0 authentication. It is primarily used in web applications but can be adapted for use in React Native. It provides more comprehensive support for OpenID Connect features compared to expo-auth-session, which is more focused on ease of use in Expo environments.
expo-auth-session
AuthSession is the easiest way to implement web browser based authentication (for example, browser-based OAuth flows) to your app, built on top of expo-web-browser.
API documentation
Installation in managed Expo projects
For managed Expo projects, please follow the installation instructions in the API documentation for the latest stable release.
Installation in bare React Native projects
For bare React Native projects, you must ensure that you have installed and configured the expo package before continuing.
Add the package to your npm dependencies
npx expo install expo-auth-session expo-crypto
Configuration
To use this module, you need to set up React Native deep linking in your application. For more information, check out React Native documentation.
Add support for React Native deep linking
-
Android:
Add intent filter and set the
launchModeof your MainActivity tosingleTaskinAndroidManifest.yml:<activity android:name=".MainActivity" android:launchMode="singleTask"> <intent-filter> <action android:name="android.intent.action.VIEW" /> <category android:name="android.intent.category.DEFAULT" /> <category android:name="android.intent.category.BROWSABLE" /> <!-- Accepts URIs that begin with "example://gizmos” --> <data android:scheme="example" android:host="gizmos" /> </intent-filter>For more information about the available configuration, check out Android documentation.
-
iOS:
Add following lines to your
AppDelegate.m:#import <React/RCTLinkingManager.h> // iOS 9.x or newer - (BOOL)application:(UIApplication *)application openURL:(NSURL *)url options:(NSDictionary<UIApplicationOpenURLOptionsKey,id> *)options { return [RCTLinkingManager application:application openURL:url options:options]; } // iOS 8.x or older - (BOOL)application:(UIApplication *)application openURL:(NSURL *)url sourceApplication:(NSString *)sourceApplication annotation:(id)annotation { return [RCTLinkingManager application:application openURL:url sourceApplication:sourceApplication annotation:annotation]; }Add following lines to
Info.plist:<dict> ... <key>CFBundleURLTypes</key> <array> <dict> <key>CFBundleURLName</key> <string>gizmos</string> <key>CFBundleURLSchemes</key> <array> <string>example</string> </array> </dict> </array> </dict>
Contributing
Contributions are very welcome! Please refer to guidelines described in the contributing guide.
FAQs
Expo module for browser-based authentication
The npm package expo-auth-session receives a total of 83,658 weekly downloads. As such, expo-auth-session popularity was classified as popular.
We found that expo-auth-session demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Package last updated on 31 Jan 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
38% of CISOs Fear They’re Not Moving Fast Enough on AI
CISOs are racing to adopt AI for cybersecurity, but hurdles in budgets and governance may leave some falling behind in the fight against cyber threats.
By Sarah Gooding - Feb 04, 2025
Research
Security News
Go Supply Chain Attack: Malicious Package Exploits Go Module Proxy Caching for Persistence
Socket researchers uncovered a backdoored typosquat of BoltDB in the Go ecosystem, exploiting Go Module Proxy caching to persist undetected for years.
By Kirill Boychenko - Feb 04, 2025