https://supertokens.com/ logo
Join Discord
Powered by
Hi i'm curious about whether or not i should creat...
# support-questions-legacy
l
Hi i'm curious about whether or not i should create native login or use my existing browser flow (kinda want to just reuse my browser logic), and how that might work regarding session for browser, but header for mobile. Using react native.
n
Hi @leandergan , One way to do this would be to first enable JWTs for the session recipe (you can refer to the docs for this). After you complete the sign in flow in the webview and have a session created you can send the JWT to native. Native would then call another API (say 
/createsession
) sending the JWT
The API verifies the JWT using the JWKS flow (explained in the docs) and reads the user id from it
And then you can create a new session for that user id which will use headers instead of cookies
l
okey thx, that sounds like it should work 🙂
n
Happy to help, let us know if you run into issues setting it up and we can help out
l
sidestep: is there a clean way to exit webview once login is successfull?
n
By exit you mean close or logout and close?
l
just close the webview and go back to the app
n
Is this going to be an in app webview or launch the browser?
l
im only using the webview for the login/signup process
- the webview is in app
n
You could conditionally render the webview
Copy code
{
    shouldShowWebview && <Webview />
}
And toggle 
shouldShowWebview
to false once the login process is complete
That should dismiss it (with the exit animation if im not wrong)
l
i'll test it out! appreciate your help.
n
Happy to help
l
hi, did some testing this weekend and noticed that i would create two session for each login on mobile. one in the webview and one for api call to 
/createsession
to solve this double session "problem", would it be fine to do smth like:`window.postMessage(session)` to send the needed data to react native to "reuse" the existing session instead of creating a "dead" sessions on each login? i havent seen any suggestion that a session is locked to either cookie or header type when created. (don't know if there are any security issues with sending the session in a 
postMessage
tho) i haven't tested this out yet, but am guessing after the first request where i have to add stuff manually to the request, the following request will do it automatically for me since the supertokens interceptor for axios will catch the session from the first returned response? feel like this could potentially be a cleaner implementation and would not require the use of jwt's. i'm no auth expert, but would be interested in any feedback on this approach from someone who knows a bit more.
n
You could try setting 
sharedCookiesEnabled={true}
to the webview instance (if you are using react-native-webview). That is supposed to make the webview share cookies with native
In theory that should mean that you dont need to do anything additional for the token after signin in on the webview (other than closing the webview after login)
l
sharedCookiesEnabled
is only for IOS, so since i'm mostly using android studio in dev where this is set to 
true
by default, it should have worked when testing earlier?
n
I would log in with the webview and use the cookie manager to print all cookies out to confirm but based on their docs it should have
l
ok i'll test further 🙂 ps: supertokens will still use "header" for outgoing requests by default?
n
That would require you to make that extra call from native to receive the headers from the server
5 Views
PreviousNext
Powered by