Build a Social Auth App with Expo React Native
This tutorial demonstrates how to build a React Native app with Expo that implements social authentication. The app showcases a complete authentication flow with protected navigation using:
- Supabase Database - a Postgres database for storing your user data with Row Level Security to ensure data is protected and users can only access their own information.
- Supabase Auth - enables users to log in through social authentication providers (Apple and Google).
If you get stuck while working through this guide, refer to the full example on GitHub.
Project setup
Before you start building you need to set up the Database and API. You can do this by starting a new Project in Supabase and then creating a "schema" inside the database.
Create a project
- Create a new project in the Supabase Dashboard.
- Enter your project details.
- Wait for the new database to launch.
Set up the database schema
Now set up the database schema. You can use the "User Management Starter" quickstart in the SQL Editor, or you can copy/paste the SQL from below and run it.
- Go to the SQL Editor page in the Dashboard.
- Click User Management Starter under the Community > Quickstarts tab.
- Click Run.
You can pull the database schema down to your local project by running the db pull command. Read the local development docs for detailed instructions.
1supabase link --project-ref <project-id>2# You can get <project-id> from your project's dashboard URL: https://supabase.com/dashboard/project/<project-id>3supabase db pullGet API details
Now that you've created some database tables, you are ready to insert data using the auto-generated API.
To do this, you need to get the Project URL and key from the project Connect dialog.
Changes to API keys
Supabase is changing the way keys work to improve project security and developer experience. You can read the full announcement, but in the transition period, you can use both the current anon and service_role keys and the new publishable key with the form sb_publishable_xxx which will replace the older keys.
In most cases, you can get the correct key from the Project's Connect dialog, but if you want a specific key, you can find all keys in the API Keys section of a Project's Settings page:
- For legacy keys, copy the
anonkey for client-side operations and theservice_rolekey for server-side operations from the Legacy API Keys tab. - For new keys, open the API Keys tab, if you don't have a publishable key already, click Create new API Keys, and copy the value from the Publishable key section.
Read the API keys docs for a full explanation of all key types and their uses.
Building the app
Start by building the React Native app from scratch.
Initialize a React Native app
Use Expo to initialize an app called expo-social-auth with the standard template:
1npx create-expo-app@latest23cd expo-social-authInstall the additional dependencies:
- supabase-js
- @react-native-async-storage/async-storage - A key-value store for React Native.
- expo-secure-store - Provides a way to securely store key-value pairs locally on the device.
- expo-splash-screen - Provides a way to programmatically manage the splash screen.
1npx expo install @supabase/supabase-js @react-native-async-storage/async-storage expo-secure-store expo-splash-screenNow, create a helper file to initialize the Supabase client for both web and React Native platforms using platform-specific storage adapters: Expo SecureStore for mobile and AsyncStorage for web.
1import AsyncStorage from '@react-native-async-storage/async-storage';2import { createClient } from '@supabase/supabase-js';3import 'react-native-url-polyfill/auto';45const ExpoWebSecureStoreAdapter = {6 getItem: (key: string) => {7 console.debug("getItem", { key })8 return AsyncStorage.getItem(key)9 },10 setItem: (key: string, value: string) => {11 return AsyncStorage.setItem(key, value)12 },13 removeItem: (key: string) => {14 return AsyncStorage.removeItem(key)15 },16};1718export const supabase = createClient(19 process.env.EXPO_PUBLIC_SUPABASE_URL ?? '',20 process.env.EXPO_PUBLIC_SUPABASE_ANON_KEY ?? '',21 {22 auth: {23 storage: ExpoWebSecureStoreAdapter,24 autoRefreshToken: true,25 persistSession: true,26 detectSessionInUrl: false,27 },28 },29);Set up environment variables
You need the API URL and the anon key copied earlier.
These variables are safe to expose in your Expo app since Supabase has Row Level Security enabled on your database.
Create a .env file containing these variables:
1EXPO_PUBLIC_SUPABASE_URL=YOUR_SUPABASE_URL2EXPO_PUBLIC_SUPABASE_ANON_KEY=YOUR_SUPABASE_ANON_KEYSet up protected navigation
Next, you need to protect app navigation to prevent unauthenticated users from accessing protected routes. Use the Expo SplashScreen to display a loading screen while fetching the user profile and verifying authentication status.
Create the AuthContext
Create a React context to manage the authentication session, making it accessible from any component:
1import { Session } from '@supabase/supabase-js'2import { createContext, useContext } from 'react'34export type AuthData = {5 session?: Session | null6 profile?: any | null7 isLoading: boolean8 isLoggedIn: boolean9}1011export const AuthContext = createContext<AuthData>({12 session: undefined,13 profile: undefined,14 isLoading: true,15 isLoggedIn: false,16})1718export const useAuthContext = () => useContext(AuthContext)Create the AuthProvider
Next, create a provider component to manage the authentication session throughout the app:
1import { AuthContext } from '@/hooks/use-auth-context'2import { supabase } from '@/lib/supabase'3import type { Session } from '@supabase/supabase-js'4import { PropsWithChildren, useEffect, useState } from 'react'56export default function AuthProvider({ children }: PropsWithChildren) {7 const [session, setSession] = useState<Session | undefined | null>()8 const [profile, setProfile] = useState<any>()9 const [isLoading, setIsLoading] = useState<boolean>(true)1011 // Fetch the session once, and subscribe to auth state changes12 useEffect(() => {13 const fetchSession = async () => {14 setIsLoading(true)1516 const {17 data: { session },18 error,19 } = await supabase.auth.getSession()2021 if (error) {22 console.error('Error fetching session:', error)23 }2425 setSession(session)26 setIsLoading(false)27 }2829 fetchSession()3031 const {32 data: { subscription },33 } = supabase.auth.onAuthStateChange((_event, session) => {34 console.log('Auth state changed:', { event: _event, session })35 setSession(session)36 })3738 // Cleanup subscription on unmount39 return () => {40 subscription.unsubscribe()41 }42 }, [])4344 // Fetch the profile when the session changes45 useEffect(() => {46 const fetchProfile = async () => {47 setIsLoading(true)4849 if (session) {50 const { data } = await supabase51 .from('profiles')52 .select('*')53 .eq('id', session.user.id)54 .single()5556 setProfile(data)57 } else {58 setProfile(null)59 }6061 setIsLoading(false)62 }6364 fetchProfile()65 }, [session])6667 return (68 <AuthContext.Provider69 value={{70 session,71 isLoading,72 profile,73 isLoggedIn: session != undefined,74 }}75 >76 {children}77 </AuthContext.Provider>78 )79}Create the SplashScreenController
Create a SplashScreenController component to display the Expo SplashScreen while the authentication session is loading:
1import { useAuthContext } from '@/hooks/use-auth-context'2import { SplashScreen } from 'expo-router'34SplashScreen.preventAutoHideAsync()56export function SplashScreenController() {7 const { isLoading } = useAuthContext()89 if (!isLoading) {10 SplashScreen.hideAsync()11 }1213 return null14}Create a logout component
Create a logout button component to handle user sign-out:
And add it to the app/(tabs)/index.tsx file used to display the user profile data and the logout button:
1import { Image } from 'expo-image'2import { StyleSheet } from 'react-native'34import { HelloWave } from '@/components/hello-wave'5import ParallaxScrollView from '@/components/parallax-scroll-view'6import { ThemedText } from '@/components/themed-text'7import { ThemedView } from '@/components/themed-view'8import SignOutButton from '@/components/social-auth-buttons/sign-out-button'9import { useAuthContext } from '@/hooks/use-auth-context'1011export default function HomeScreen() {12 const { profile } = useAuthContext()1314 return (15 <ParallaxScrollView16 headerBackgroundColor={{ light: '#A1CEDC', dark: '#1D3D47' }}17 headerImage={18 <Image19 source={require('@/assets/images/partial-react-logo.png')}20 style={styles.reactLogo}21 />22 }23 >24 <ThemedView style={styles.titleContainer}>25 <ThemedText type="title">Welcome!</ThemedText>26 <HelloWave />27 </ThemedView>28 <ThemedView style={styles.stepContainer}>29 <ThemedText type="subtitle">Username</ThemedText>30 <ThemedText>{profile?.username}</ThemedText>31 <ThemedText type="subtitle">Full name</ThemedText>32 <ThemedText>{profile?.full_name}</ThemedText>33 </ThemedView>34 <SignOutButton />35 </ParallaxScrollView>36 )37}3839const styles = StyleSheet.create({40 titleContainer: {41 flexDirection: 'row',42 alignItems: 'center',43 gap: 8,44 },45 stepContainer: {46 gap: 8,47 marginBottom: 8,48 },49 reactLogo: {50 height: 178,51 width: 290,52 bottom: 0,53 left: 0,54 position: 'absolute',55 },56})Create a login screen
Next, create a basic login screen component:
1import { Link, Stack } from 'expo-router'2import { StyleSheet } from 'react-native'34import { ThemedText } from '@/components/themed-text'5import { ThemedView } from '@/components/themed-view'67export default function LoginScreen() {8 return (9 <>10 <Stack.Screen options={{ title: 'Login' }} />11 <ThemedView style={styles.container}>12 <ThemedText type="title">Login</ThemedText>13 <Link href="/" style={styles.link}>14 <ThemedText type="link">Try to navigate to home screen!</ThemedText>15 </Link>16 </ThemedView>17 </>18 )19}2021const styles = StyleSheet.create({22 container: {23 flex: 1,24 alignItems: 'center',25 justifyContent: 'center',26 padding: 20,27 },28 link: {29 marginTop: 15,30 paddingVertical: 15,31 },32})Implement protected routes
Wrap the navigation with the AuthProvider and SplashScreenController.
Using Expo Router's protected routes, you can secure navigation:
1import { DarkTheme, DefaultTheme, ThemeProvider } from '@react-navigation/native'2import { useFonts } from 'expo-font'3import { Stack } from 'expo-router'4import { StatusBar } from 'expo-status-bar'5import 'react-native-reanimated'67import { SplashScreenController } from '@/components/splash-screen-controller'89import { useAuthContext } from '@/hooks/use-auth-context'10import { useColorScheme } from '@/hooks/use-color-scheme'11import AuthProvider from '@/providers/auth-provider'1213// Separate RootNavigator so we can access the AuthContext14function RootNavigator() {15 const { isLoggedIn } = useAuthContext()1617 return (18 <Stack>19 <Stack.Protected guard={isLoggedIn}>20 <Stack.Screen name="(tabs)" options={{ headerShown: false }} />21 </Stack.Protected>22 <Stack.Protected guard={!isLoggedIn}>23 <Stack.Screen name="login" options={{ headerShown: false }} />24 </Stack.Protected>25 <Stack.Screen name="+not-found" />26 </Stack>27 )28}2930export default function RootLayout() {31 const colorScheme = useColorScheme()3233 const [loaded] = useFonts({34 SpaceMono: require('../assets/fonts/SpaceMono-Regular.ttf'),35 })3637 if (!loaded) {38 // Async font loading only occurs in development.39 return null40 }4142 return (43 <ThemeProvider value={colorScheme === 'dark' ? DarkTheme : DefaultTheme}>44 <AuthProvider>45 <SplashScreenController />46 <RootNavigator />47 <StatusBar style="auto" />48 </AuthProvider>49 </ThemeProvider>50 )51}You can now test the app by running:
1npx expo prebuild2npx expo start --clearVerify that the app works as expected. The splash screen displays while fetching the user profile, and the login page appears even when attempting to navigate to the home screen using the Link button.
By default Supabase Auth requires email verification before a session is created for the user. To support email verification you need to implement deep link handling!
While testing, you can disable email confirmation in your project's email auth provider settings.
Integrate social authentication
Now integrate social authentication with Supabase Auth, starting with Apple authentication. If you only need to implement Google authentication, you can skip to the Google authentication section.
Apple authentication
Start by adding the button inside the login screen:
1...2import AppleSignInButton from '@/components/social-auth-buttons/apple/apple-sign-in-button';3...4export default function LoginScreen() {5 return (6 <>7 <Stack.Screen options={{ title: 'Login' }} />8 <ThemedView style={styles.container}>9 ...10 <AppleSignInButton />11 ...12 </ThemedView>13 </>14 );15}16...For Apple authentication, you can choose between:
- Invertase's React Native Apple Authentication library - that supports iOS, Android
- react-apple-signin-auth - that supports Web, also suggested by Invertase
- Expo's AppleAuthentication library - that supports iOS only
For either option, you need to obtain a Service ID from the Apple Developer Console.
To enable Apple sign-up on Android and Web, you also need to register the tunnelled URL (e.g., https://arnrer1-anonymous-8081.exp.direct) obtained by running:
1npx expo start --tunnelAnd add it to the Redirect URLs field in your Supabase dashboard Authentication configuration.
For more information, follow the Supabase Login with Apple guide.
Prerequisites
Before proceeding, ensure you have followed the Invertase prerequisites documented in the Invertase Initial Setup Guide and the Invertase Android Setup Guide.
You need to add two new environment variables to the .env file:
1EXPO_PUBLIC_APPLE_AUTH_SERVICE_ID="YOUR_APPLE_AUTH_SERVICE_ID"2EXPO_PUBLIC_APPLE_AUTH_REDIRECT_URI="YOUR_APPLE_AUTH_REDIRECT_URI"iOS
Install the @invertase/react-native-apple-authentication library:
1npx expo install @invertase/react-native-apple-authenticationThen create the iOS specific button component AppleSignInButton:
To test functionality on the simulator, remove the getCredentialStateForUser check:
Enable the Apple authentication capability in iOS:
1{2 "expo": {3 ...4 "ios": {5 ...6 "usesAppleSignIn": true7 ...8 },9 ...10 }11}Add the capabilities to the Info.plist file by following the Expo documentation.
Before testing the app, if you've already built the iOS app, clean the project artifacts:
1npx react-native-clean-project clean-project-autoIf issues persist, try completely cleaning the cache, as reported by many users in this closed issue.
Finally, update the iOS project by installing the Pod library and running the Expo prebuild command:
1cd ios2pod install3cd ..4npx expo prebuildNow test the application on a physical device:
1npx expo run:ios --no-build-cache --deviceYou should see the login screen with the Apple authentication button.
If you get stuck while working through this guide, refer to the full Invertase example on GitHub.
Android
Install the required libraries:
1npx expo install @invertase/react-native-apple-authentication react-native-get-random-values uuidNext, create the Android-specific AppleSignInButton component:
You should now be able to test the authentication by running it on a physical device or simulator:
1npx expo run:android --no-build-cacheGoogle authentication
Start by adding the button to the login screen:
1...2import GoogleSignInButton from '@/components/social-auth-buttons/google/google-sign-in-button';3...4export default function LoginScreen() {5 return (6 <>7 <Stack.Screen options={{ title: 'Login' }} />8 <ThemedView style={styles.container}>9 ...10 <GoogleSignInButton />11 ...12 </ThemedView>13 </>14 );15}16...For Google authentication, you can choose between the following options:
- GN Google Sign In Premium - that supports iOS, Android, and Web by using the latest Google's One Tap sign-in (but it requires a subscription)
- @react-oauth/google - that supports Web (so it's not a good option for mobile, but it works)
- Relying on the ``signInWithOAuth function of the Supabase Auth - that also supports iOS, Android and Web (useful also to manage any other OAuth provider)
The GN Google Sign In Free doesn't support iOS or Android, as it doesn't allow to pass a custom nonce to the sign-in request.
For either option, you need to obtain a Web Client ID from the Google Cloud Engine, as explained in the Google Sign In guide.
This guide only uses the @react-oauth/google@latest option for the Web, and the signInWithOAuth for the mobile platforms.
Before proceeding, add a new environment variable to the .env file:
1EXPO_PUBLIC_GOOGLE_AUTH_WEB_CLIENT_ID="YOUR_GOOGLE_AUTH_WEB_CLIENT_ID"Install the @react-oauth/google library:
1npx expo install @react-oauth/googleEnable the expo-web-browser plugin in app.json:
1{2 "expo": {3 ...4 "plugins": {5 ...6 [7 "expo-web-browser",8 {9 "experimentalLauncherActivity": false10 }11 ]12 ...13 },14 ...15 }16}Then create the iOS specific button component GoogleSignInButton:
Test the authentication in your browser using the tunnelled HTTPS URL:
1npx expo start --tunnelTo allow the Google Sign In to work, as you did before for Apple, you need to register the tunnelled URL (e.g., https://arnrer1-anonymous-8081.exp.direct) obtained to the Authorized JavaScript origins list of your Google Cloud Console's OAuth 2.0 Client IDs configuration.