Skip to content

Auth: Mobile — SecureStore token management + API interceptor #131

Closed
Closed
Auth: Mobile — SecureStore token management + API interceptor#131
Labels
enhancementNew feature or request
@EricGrill

Description

@EricGrill
EricGrill
opened on Apr 5, 2026

Auth System — Mobile Step 2

Secure token storage and automatic token refresh for the mobile app.

Token storage (expo-secure-store):

  • Refresh token → SecureStore (iOS Keychain / Android Keystore)
  • User profile → SecureStore (cached for offline access)
  • Access token → React state only (memory)

API interceptor (mobile/utils/api.ts):

  • Attach Authorization: Bearer <token> to all requests
  • On 401 → attempt refresh from SecureStore → retry or navigate to LoginScreen
  • On network timeout → keep user authenticated with cached profile, retry on connectivity

Offline handling:

  • Use @react-native-community/netinfo to detect connectivity
  • If refresh fails due to network (not 401), stay authenticated
  • Queue refresh retry for when connectivity returns

Dependencies: expo-secure-store, @react-native-community/netinfo

Depends on: Mobile AuthStack
Design doc: docs/AUTH.md

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions