React Native: User Authentication Flow Explained

How to handle in-house authentication in React Native apps, with AsyncStorage

With privacy concerns are at an all time high, consumers are moving away from OAuth based authentication, or authentication as a service — login with Facebook, Google, etc — in favour of the traditional authentication that cuts out the middlemen of authentication flow. From a developer standpoint, this comes with additional responsibilities in terms of both security and user experience.

This article will cover essential React Native APIs and external packages used to create an authentication flow in your app, keeping your authentication mechanisms in-house, and therefore private to external services, while maintaining security. We will cover APIs on both the React Native side and a Node JS server side, providing sample scripts along the way.

Prelude: Is OAuth demand falling?

In-house authentication has taken somewhat of a back seat in recent years, with many apps only opting for “Sign in with X” services based on the OAuth open standard, a protocol allowing services (often tech giants like Google and Facebook) to authenticate a user on an app’s behalf. There are benefits of doing this — less upkeep of your app in terms of data storage and security obligations on the developer end, and an arguably streamlined process not having to input your email address / phone number and management of another password on the user end.

However, privacy concerns are now leading many users to move away from these OAuth based authentication services, a movement partly due to the raised awareness of how user data is being processed by these companies, most notably being run through sophisticated analytics systems and traded with other entities to create a big picture of individual user behaviour. Collecting timestamps and location data in conjunction with the services you log into, combined with your viewing habits (and purchasing habits) is extremely useful for targeted advertising. The issue here lies in the fact that users are often not aware of how this data is being used, and that only big players can access and benefit from this big-data market.