DemoCloud PricingDocsFor EnterpriseCommunity HelpBlog
New projectLogin
New projectLogin
Community Help

PayloadCMS authentication behavior In React Native (HTTP Only Cookie)

default discord avatar
aayush214
2 months ago
8

I created a registration system from a react native app, user got created, I used payload's login URL to authenticate user and generate token, user.json() in secure storage. Manually authenticate app with a token on the next open. For web apps Payload automatically send HTTP Only cookie. How does the behavior work in native environments?



Here is how it works in web's cookie environment: 


  // On mount, get user and set
  useEffect(() => {
    const fetchMe = async () => {
      const result = await fetch(`${NEXT_PUBLIC_CMS_URL}/api/users/me`, {
        // Make sure to include cookies with fetch
        credentials: 'include',
      }).then(req => req.json());
      setUser(result.user || null);
      console.log('THIS: ', result.user);
    };

    fetchMe();
  }, []);


How to do this on react native when you have user token and details json saved in secure storage and you want to open the app logged in?

  • discord user avatar
    seanzubrickas
    Payload Team
    2 months ago

    Hey @aayush214 do you still need need help here?

  • default discord avatar
    aayush214
    2 months ago

    Hey @seanzubrickas, yes I need help, For now, I've moved on by simply checking if the token exists in encrypted storage and put that in state. I believe I should in some way be checking if that said token is valid or not?



    I have essentially skipped /api/users/me call. Pretty sure it's not secure.

  • default discord avatar
    notchr
    2 months ago

    @aayush214 This would be a great place to use / verify JWT tokens



    JWT libraries exist both on the web / node / other languages too



    Payload provides JWT auth tokens. Using your Payload secret key, you can confirm that the token is non-tampered as well

  • default discord avatar
    aayush214
    2 months ago

    @notchr isn't that what the /me end point does?

  • default discord avatar
    notchr
    2 months ago

    It creates an http-only cookie, which is essentially the JWT token



    But you can verify the authenticity of a jwt token using a library, even on native



    You take the token and the secret key and the library will be able to determine if it is valid

  • default discord avatar
    aayush214
    2 months ago

    Ok. I'll give that a shot. Thanks for the help 😃

  • default discord avatar
    notchr
    2 months ago

    Of course! Be sure to read through the following to get a better grasp on the flow of jwt



    https://www.npmjs.com/package/jsonwebtoken


    In addition, Payload allows you to specify which collection or user data is included in a JWT token (apart from your default auth information)

  • default discord avatar
    paulpopus
    2 months ago

    Also, you using raw react native or something like expo?



    I think frameworks like Expo has some helper libraries for authentication

Open the post
Continue the discussion in Discord
Like what we're doing?
Star us on GitHub!

Star

Connect with the Payload Community on Discord

Discord

online

Can't find what you're looking for?

Get help straight from the Payload team with an Enterprise License.