Hi i'm curious about whether or not i should create native login or use my existing browser flow (kinda want to just reuse my browser logic), and how that might work regarding session for browser, but header for mobile. Using react native.

Hi @leandergan , One way to do this would be to first enable JWTs for the session recipe (you can refer to the docs for this). After you complete the sign in flow in the webview and have a session created you can send the JWT to native. Native would then call another API (say

/createsession

) sending the JWT

okey thx, that sounds like it should work 🙂

Happy to help, let us know if you run into issues setting it up and we can help out

sidestep: is there a clean way to exit webview once login is successfull?

By exit you mean close or logout and close?

just close the webview and go back to the app

Is this going to be an in app webview or launch the browser?

im only using the webview for the login/signup process

You could conditionally render the webview

{
    shouldShowWebview && <Webview />
}

And toggle

shouldShowWebview

to false once the login process is complete

i'll test it out! appreciate your help.

Happy to help

hi, did some testing this weekend and noticed that i would create two session for each login on mobile. one in the webview and one for api call to

/createsession

to solve this double session "problem", would it be fine to do smth like:`window.postMessage(session)` to send the needed data to react native to "reuse" the existing session instead of creating a "dead" sessions on each login? i havent seen any suggestion that a session is locked to either cookie or header type when created. (don't know if there are any security issues with sending the session in a

postMessage

tho) i haven't tested this out yet, but am guessing after the first request where i have to add stuff manually to the request, the following request will do it automatically for me since the supertokens interceptor for axios will catch the session from the first returned response? feel like this could potentially be a cleaner implementation and would not require the use of jwt's. i'm no auth expert, but would be interested in any feedback on this approach from someone who knows a bit more.

You could try setting

sharedCookiesEnabled={true}

to the webview instance (if you are using react-native-webview). That is supposed to make the webview share cookies with native

sharedCookiesEnabled

is only for IOS, so since i'm mostly using android studio in dev where this is set to

true

by default, it should have worked when testing earlier?

I would log in with the webview and use the cookie manager to print all cookies out to confirm but based on their docs it should have

ok i'll test further 🙂 ps: supertokens will still use "header" for outgoing requests by default?

That would require you to make that extra call from native to receive the headers from the server