Member-only story

React Native: User Authentication Flow Explained

How to handle in-house authentication in React Native apps, with AsyncStorage

Ross Bulat
12 min readDec 10, 2019

With privacy concerns are at an all time high, consumers are moving away from OAuth based authentication, or authentication as a service — login with Facebook, Google, etc — in favour of the traditional authentication that cuts out the middlemen of authentication flow. From a developer standpoint, this comes with additional responsibilities in terms of both security and user experience.

This article will cover essential React Native APIs and external packages used to create an authentication flow in your app, keeping your authentication mechanisms in-house, and therefore private to external services, while maintaining security. We will cover APIs on both the React Native side and a Node JS server side, providing sample scripts along the way.

Prelude: Is OAuth demand falling?

In-house authentication has taken somewhat of a back seat in recent years, with many apps only opting for “Sign in with X” services based on the OAuth open standard, a protocol allowing services (often tech giants like Google and Facebook) to authenticate a user on an app’s behalf. There are benefits of doing this — less upkeep of your app in terms of data storage…

Create an account to read the full story.

The author made this story available to Medium members only.
If you’re new to Medium, create a new account to read this story on us.

Or, continue in mobile web

Already have an account? Sign in

Ross Bulat
Ross Bulat

Written by Ross Bulat

Programmer and Author. @ Parity Technologies, JKRB Investments

Responses (3)

What are your thoughts?

Hi Ross, well explained article man!
1. I am not sure if the diagram auth flow and initAuthToken follow the same patterns. I mean do we need to validate the token from our server on every splash screen? if no, then can you please explain why you…

Ross — excellent article as always!
You mention password reset in your closing, but current codebase does not include that functionality? Would you consider creating article describing a means to incorporate password reset, possibly using server-side bcrypt?

Exactly what I was looking for after hearing about the amount of data being shared by the companies you had mentioned.
Would be very interested in seeing a working full-stack demo of this implementation even if it was only an MVP.
Thanks for sharing!