Passkeys
React native
Implementation

Implementing Passkeys In React Native: Why Expo Go Falls Short And How To Fix It

Expo Go is a fantastic tool for React Native development, allowing you to quickly iterate on your app without the need for native builds. However, it comes with an important limitation:

Expo Go does not natively support passkeys due to its limitations in handling native code dependencies. Passkey authentication requires native modules that are not compatible with Expo Go's managed environment.

The core issue stems from the architecture of Expo Go:

  1. Sandboxed Environment: Expo Go runs your JavaScript code in a pre-built native container that has limited ability to incorporate custom native modules.
  2. Native Dependencies: Passkey implementation requires platform-specific native code to interact with the device's security features.
  3. Managed Workflow Limitations: In Expo's managed workflow, you can't directly modify the native code or add custom native modules without ejecting.

Options for Implementing Passkeys in React Native with Expo

Option 1: Use Development Builds (Recommended)

The most effective approach is to use Expo's development builds while staying within the Expo ecosystem:

With development builds, you can:

  • Add custom native modules via config plugins
  • Use Expo's managed workflow for most features
  • Test native functionality on real devices

Option 2: Use Config Plugins with EAS Build

Expo's config plugins system allows you to modify native code without ejecting:

  1. Create a config plugin for passkey implementation:

  1. Register the plugin in your app.json:

Option 3: Use Expo's Prebuild to Generate a Native Project

This command generates the necessary native code for your project, allowing you to directly modify native modules while still using Expo tools.

How to implement Passkeys in React Native using AuthSignal

We’ll be using Authsignal’s React Native SDK to add passkeys

Step 1: Install the SDK

Step 2: Configure Native Requirements

After you have configured your Relying Party on Authsignal Portal, you should follow the steps below.

For iOS:

  1. Host an apple-app-site-association file on your domain that matches your relying party:

The response should contain:

Where ABCDE12345 is your team ID and com.example.app is your bundle identifier.

  1. In XCode under “Signing & Capabilities” add a webcredentials entry for your domain / relying party e.g. example.com:

For Android:

  1. Host an assetlinks.json file on your domain that matches your relying party:

The response JSON should look something like this:

  1. Finally, you will need to add an expected origin value for your APK hash when configuring passkeys in the Authsignal Portal.

Step 3: Initialize the Authsignal Client

You can find your tenant ID in the Authsignal Portal.

Step 4: Implement Passkey Registration

Step 5: Implement Passkey Authentication

Note: On your backend, you'll need to validate the Authsignal token using the Authsignal Server SDK. This verifies that the passkey authentication was successful and hasn't been tampered with. For implementation details, see Authsignal's backend validation documentation.

That’s it, you’ve successfully added passkeys to your React Native Application.

Conclusion

By using development builds with Authsignal's SDK, you can implement secure passkey authentication while staying in the Expo ecosystem.

The initial setup requires more effort than using Expo Go, but the security and UX benefits for your users make it worthwhile. Passkeys eliminate password-related vulnerabilities while providing a seamless authentication experience. If passkeys are important for your app, the transition from Expo Go is a necessary and valuable investment.

Have a question?
Talk to an expert
No items found.

You might also like

Passkeys
WebAuthn
Phishing resistant
FIDO2
Relying party ID

Understanding Relying Parties for Passkeys: A Guide on what, why, and how to use them.

July 3, 2024
UX Guidelines
Passkeys
Implementation

UX Best Practices for Passkeys: Understanding Device-Initiated Authentication

December 18, 2024
UI Components
React
Passkeys

Passwordless React UI Components: Add Passkeys to Your Client-Side App

October 23, 2024