From b3105ebab4bb417783dca2cf2554e1671bd511c7 Mon Sep 17 00:00:00 2001 From: Tom Milewski Date: Wed, 28 May 2025 16:30:40 -0400 Subject: [PATCH] feat(clerk-expo): Default token cache SecureStore implementation keychainAccessible to AFTER_FIRST_UNLOCK --- .changeset/pretty-parks-arrive.md | 5 +++++ packages/expo/src/token-cache/index.ts | 16 +++++++++++++--- 2 files changed, 18 insertions(+), 3 deletions(-) create mode 100644 .changeset/pretty-parks-arrive.md diff --git a/.changeset/pretty-parks-arrive.md b/.changeset/pretty-parks-arrive.md new file mode 100644 index 00000000000..f0bd03a9457 --- /dev/null +++ b/.changeset/pretty-parks-arrive.md @@ -0,0 +1,5 @@ +--- +'@clerk/clerk-expo': minor +--- + +Default token cache `SecureStore` implementation `keychainAccessible` to `AFTER_FIRST_UNLOCK` - The data in the keychain item cannot be accessed after a restart until the device has been unlocked once by the user. This may be useful if you need to access the item when the device is locked. diff --git a/packages/expo/src/token-cache/index.ts b/packages/expo/src/token-cache/index.ts index 4a67114e009..0a577cbe577 100644 --- a/packages/expo/src/token-cache/index.ts +++ b/packages/expo/src/token-cache/index.ts @@ -7,18 +7,28 @@ import { isNative } from '../utils'; * Create a token cache using Expo's SecureStore */ const createTokenCache = (): TokenCache => { + const secureStoreOpts: SecureStore.SecureStoreOptions = { + /** + * The data in the keychain item cannot be accessed after a restart until the + * device has been unlocked once by the user. + * + * This may be useful if you need to access the item when the phone is locked. + */ + keychainAccessible: SecureStore.AFTER_FIRST_UNLOCK, + }; + return { getToken: async (key: string) => { try { - const item = await SecureStore.getItemAsync(key); + const item = await SecureStore.getItemAsync(key, secureStoreOpts); return item; } catch { - await SecureStore.deleteItemAsync(key); + await SecureStore.deleteItemAsync(key, secureStoreOpts); return null; } }, saveToken: (key: string, token: string) => { - return SecureStore.setItemAsync(key, token); + return SecureStore.setItemAsync(key, token, secureStoreOpts); }, }; };