OAuth2 not implicit flow, POST username and password

I am a mobile dev, now for a project need to authenticate with a backend service using identityserver4 and OAuth2.

The project has things set up so it is using OIDC for authentication.


It is on a “password” flow, so is not implicit flow (login on a browser to FB, Google, and come back to the app after that).

So basically I just ended up using fetch request to do a POST to the server with the username and password…
Then get token and refresh token and take it from there…

So, my question is, what is the benefit of using OIDC? if the username and password will be sent anyway? (HTTPS)

Is this a common thing? I couldn’t find a library on react native for OIDC that didn’t use the browser. The most similar thing was a library on node

Go to Source
Author: manuelBetancurt

How to exclusively navigate to a route other than the default route in react-navigation via deeplink

I have a react-navigation navigator created as:

  a: {},
  b: {}
}, { initialRouteName: 'a' });

The default route “a” has some sideEffects on mount.

Now what I want is that when I open a deeplink to go directly to route “b”, route “a” is getting mounted first, since it’s the default route, and then it takes me to route “b”. But the problem is that I don’t want to execute the side-effects of route “a”. Is there any to exclusively open only the route “b”?

Go to Source
Author: mohsinulhaq

Cookie not persisting on iOS devices after app has shut down

I’m having an issue with persisting cookies in iOS on React Native/Expo using Axios.

I have a Nest.js server that is using passport to authenticate users and when a user logs in a cookie is placed on the device for all subsequent requests. I’m handling this behavior with the header credentials: 'include' on each request. This is all working fine and well on Android and even on iOS until the user closes the app and reopens it (on iOS) and the cookie sent to the server is null. At first I thought this an issue with React Native so I decided to handle the cookie myself;

Axios interceptor which retrieves and stores the cookie in local storage:

axios.interceptors.response.use(async response => {
        const cookie: Array<string> = response.headers['set-cookie'];
        if (cookie) {
            const cookieHeader: Array<string> = setCookie.splitCookiesString(cookie);
            const cookies: setCookie.Cookie[] = setCookie.parse(cookieHeader);
            await Cache.saveCookie(cookies);
        return response;
    }, async (error: AxiosError) => {
        // error handle

I’m using set-cookie-parser package recommended here. My Cache module just saves the value to the devices storage using AsyncStorage.

Then my request interceptor which adds the cookie to each request (if set):

axios.interceptors.request.use(async config => {
        const cookies: setCookie.Cookie[] = await Cache.getCookie();
        if (cookies) {
            const cookie: string = cookies.map(d => `${d.name}=${d.value}`).join(';');
            return  {
                Cookie: cookie,

        return config;

So my solution above works on Android and on iOS until the app is closed and reopened (on iOS, just like before).

Debugging on my server I can see the cookie in every request from the client but once the app is closed and reopened the cookie value in the request is null, but I have confirmed the cookie is retrieved and set in the interceptor above with no issue. So it’s almost like something else is tampering with my Http Request after my interceptor has added the cookie to the request.

As I’ve said before this only ever happens after the app has been closed and reopened. Happy to give more context about either the application code or the server code.

Thanks in advance.

Go to Source
Author: Harry Bendix-Lewis