Sign in with logi (1pass) in Expo / React Native apps. Wraps
expo-auth-session
to run the OAuth 2.0 Authorization Code flow with PKCE (S256) — the same
contract as @logi-auth/browser,
adapted for a native single-call flow.
- Zero secrets on device — public PKCE client (RFC 8252 native app).
- One
await signIn()→ opens the system browser, exchanges the code, returns a session. - Same option names as the browser SDK (
clientId,redirectUri,scopes,issuer).
Verified against
expo-auth-session@57.0.2(Expo SDK 57, latest as of 2026-07-09). The public API (AuthRequest/exchangeCodeAsync/makeRedirectUri) has been stable across recent SDKs; thepeerDependenciesfloor is set conservatively.
npx expo install expo-auth-session expo-crypto expo-web-browser
npm install @logi-auth/react-nativeAdd a custom URL scheme to app.json so the IdP can redirect back into your app:
{ "expo": { "scheme": "myapp" } }Register the resulting redirect URI (e.g. myapp://oauth/callback) on your
logi client as a public client. See
https://docs.1pass.dev/oauth/public-clients.
import { LogiAuth, makeRedirectUri } from "@logi-auth/react-native";
import { Button } from "react-native";
const auth = new LogiAuth({
clientId: "logi_xxx",
redirectUri: makeRedirectUri({ scheme: "myapp", path: "oauth/callback" }),
// scopes default to ["openid", "profile:basic", "email"]
});
export function LoginButton() {
const onPress = async () => {
try {
const session = await auth.signIn();
// session.accessToken / session.idToken / session.refreshToken
// session.sub / session.email ← UI hints only (see note below)
// Send session.idToken to YOUR backend and verify it there with a logi
// server SDK before trusting the identity.
} catch (e) {
// e is a LogiAuthError with .code ("user_cancelled", "token_exchange_failed", …)
}
};
return <Button title="logi로 계속하기" onPress={onPress} />;
}const tokens = await auth.refresh(session.refreshToken!);
// persist tokens.refreshToken — logi rotates itsession.sub / session.email are decoded without verifying the id_token
signature — React Native has no reliable RS256/JWKS primitive, so client-side
verification would give false assurance. This SDK checks the nonce (replay
defense) and state (CSRF defense) but not the signature.
For any authorization decision, send session.idToken to your backend and
verify it with a logi server SDK:
@logi-auth/server (Node),
logi-auth (Python),
logi_auth (Ruby).
| Option | Default |
|---|---|
clientId |
required |
redirectUri |
required (custom scheme, e.g. myapp://oauth/callback) |
scopes |
["openid", "profile:basic", "email"] |
issuer |
https://api.1pass.dev |
tokenIssuer |
https://api.1pass.dev |
Apache-2.0