A complete authentication system built for real-world production use
cases.
Biometric Login
Face ID and Touch ID via react-native-keychain. Opt-in modal on
first login, persistent decline preference, and automatic biometric
prompt on every app launch.
OAuth Providers
Sign in with Google, GitHub (PKCE — no client secret), and Apple. No
secrets stored in the app. Provider conflicts and token rotation
handled gracefully.
JWT Token Management
Axios interceptor proactively refreshes access tokens 5 min before
expiry. A shared refresh promise deduplicates concurrent requests —
no double-refresh race conditions.
Push Notifications
Firebase Cloud Messaging for iOS and Android. Foreground,
background, and quit-state handling. In-app inbox with live unread
badge count and automatic sync.
Deep Linking
Universal links and custom URL schemes. Password reset and OAuth
callback flows work correctly from cold start, background, and while
the app is already open.
Secure Keychain Storage
All tokens and sensitive flags stored in react-native-keychain with
scoped accessibility levels. Zero sensitive data in plain
AsyncStorage. SSL pinning enabled in production.