Authentication Bridge
Native and React Native authentication
The primary goal of the Native authentication bridge is to maintain synchronization between the React Native (RN) and Native with respect to the JWT token and refresh token. It is crucial that any login, logout, or token refresh action on the Native side is reflected in the RN environment, and vice versa. This ensures consistent authentication status across both platforms.
Currently there are two methods for authentication: Auth0 through the existing RN login screen, or the new Hydra web view login. The RN login screen utilizes a feature flag, web-view-login, to determine whether to connect to the Auth0 or Hydra endpoint for authentication. The native functionality adopts the Hydra login approach, issuing a Hydra token. We also use another feature flag, login-native, to choose between displaying the native Hydra login or the RN login screen. The Hydra login web content is hosted in a WebView container on both Android and iOS. For more details, please refer to: Login Feature.
RN Login authentication methods: Auth0 or Hydra determined by web-view-login feature flag
Native Login authentication method: Hydra (navigation to this screen determined by login-native)
Feature Flags
login-native - This feature flag determines if we show the native Hydra login web view or if a we use the RN login screen.
web-view-login - This feature flag determines if the RN login screen uses the new Hydra login True or the Auth0 login False.
RN login sync with native iOS & Android
AuthenticationTokenModule is located within the main app module (Android) and mobile/bridge (iOS).This class is essential for synchronizing JWT and refresh tokens between RN and the native platform, ensuring that the authentication tokens remain consistent across both environments.
Android: The system will only update the token if the new token received from RN is different from the current one. This precaution prevents recursive updates between RN and the native platform, thereby avoiding redundant data exchanges.
The following methods enable RN to communicate with the native platform via the bridge:
tokenSyncReady() - Invoked when RN has successfully initialized and is prepared for bridge communication. This ensures that the native side does not emit bridge events until RN is ready to receive them.
tokenUpdate(..) - Invoked whenever a token is updated, such as during login, token refresh, or during an Auth0 to Hydra token exchange from RN.
logout() - Invoked from RN when a logout event occurs.
iOS
tokenSyncReady(): Use the AuthenticationServices publisher authenticationService.tokenUpdatePublisher to monitor changes in the native token state.
tokenUpdate(..): Receive a map of data that is converted to the native AuthenticationTokenBridgeData structure. This data is then mapped to AuthTokens, which is then assigned to the AuthenticationService using the setToken() method.
logout(): Native calls AuthenticationService logout by utilizing clearToken()
Android
tokenSyncReady(): Utilizes ObserveTokenChangesUseCase and ObserveLogoutUseCase to monitor changes in the native token state.
tokenUpdate(..): Receive a map of data that is mapped to a native TokenEntity that we can set to AuthRepository via SetTokenUseCase.
logout(): The native AuthRepository processes logouts by using the LogOutUseCase, specifying the logout event type as LogoutEvent.ReactNativeLogout to indicate that the logout was explicitly initiated from RN. A native logout event will emit a LogoutEvent.NativeLogout for more info: Android authentication.
Native login sync with RN
Both Android and iOS have the ability to observe a token change and logout event. Native is required to keep RN in sync and does so by reacting to token changes and logout events and emits the updates across the bridge. The native side offers a method to request a token update from RN. This is achieved by emitting a TOKEN_REQUEST_EVENT through the invocation of getTokenEventFromReactNative.
iOS
Token Change (tokenUpdatePublisher): On iOS, changes to authenticationService.tokenUpdatePublisher are observed. If the token is nil, a LOGOUT_EVENT is emitted. Otherwise, AuthenticationTokenBridgeData is converted into the appropriate map format and a TOKEN_EVENT is sent to RN.
Android
Token Update (ObserveTokenChangesUseCase): On Android, the tokenUpdateToReactNative function converts the TokenEntity into the appropriate map format and then emits a TOKEN_EVENT across the bridge to RN.
Logout (ObserveLogoutUseCase): When a LogoutEvent.NativeLogout occurs, the native side will emit a LOGOUT_EVENT across the bridge for more info: Android authentication.
Hydra token exchange
Within the native code base we expose a method to exchange an Auth0 token to a Hydra token. This functionality is automatically handled by the RN side, that invokes a exchange method call via the native HydraTokenExchangeModule exchangeToken(:). This method will perform a REST call and update RN with an Hydra token, which will then notify Android/iOS via the AuthenticationTokenModule updateToken(:). Which ensures that the Native and RN both have the same JWT and Refresh token.
Resources
| Role | Contact |
|---|---|
| PM | TBC |
| Android Lead | Anthony Librio |
| iOS Lead | Nicholas Vella |