Skip to content

feat(expo): add hosted auth flow#8960

Draft
mikepitre wants to merge 4 commits into
mainfrom
mike/hosted-mobile-sign-in
Draft

feat(expo): add hosted auth flow#8960
mikepitre wants to merge 4 commits into
mainfrom
mike/hosted-mobile-sign-in

Conversation

@mikepitre

@mikepitre mikepitre commented Jun 23, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Summary

Adds the Expo client SDK surface for hosted auth through Account Portal.

  • Adds useHostedAuth() for Expo apps.
  • Opens Account Portal in expo-web-browser / expo-auth-session.
  • Generates and validates state for callback correlation.
  • Generates PKCE verifier/challenge pairs and passes the challenge to ClerkGo.
  • Redeems the hosted-auth rotating token nonce with the verifier on native client reload.
  • Updates the Clerk client and activates the returned session.
  • Plumbs optional codeVerifier through shared resource reload and ClerkJS FAPI URL building.

Motivation

Expo apps need a simple hosted-auth API that behaves like mobile WebAuth: use a secure system browser for the hosted UI, then return to the native app with a single native Clerk session.

Developer Experience

const { startHostedAuth } = useHostedAuth();

await startHostedAuth();
await startHostedAuth({ initialPage: 'sign-up' });

The hook handles opening the auth session, validating the callback, redeeming the native client nonce, updating Clerk state, and activating the created session. Apps may pass a custom redirectUrl or authSessionOptions, but the default Expo redirect URI is enough for the simulator/local flow.

Security

  • Uses a random state and verifies it on callback.
  • Uses PKCE so only the initiating native app can redeem the completed transfer.
  • Validates callback URL protocol/host/path against the initiated redirect URL.
  • Does not manually create a browser/web-view session in the SDK.
  • Relies on iOS/Expo auth-session dismissal when the native callback URL is returned.

Related PRs

@vercel

vercel Bot commented Jun 23, 2026
edited
Loading

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
clerk-js-sandbox Ready Ready Preview, Comment Jun 23, 2026 12:51am
swingset Ready Ready Preview, Comment Jun 23, 2026 12:51am

Request Review

@changeset-bot

changeset-bot Bot commented Jun 23, 2026

Copy link
Copy Markdown

🦋 Changeset detected

Latest commit: 2d082f8

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@clerk/expo Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@coderabbitai

coderabbitai Bot commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository YAML (base), Repository UI (inherited)

Review profile: CHILL

Plan: Pro

Run ID: 357a0b5d-dde2-400f-b97c-9c9b79dfe685

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@pkg-pr-new

pkg-pr-new Bot commented Jun 23, 2026

Copy link
Copy Markdown

Open in StackBlitz

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@8960

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@8960

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@8960

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@8960

@clerk/electron

npm i https://pkg.pr.new/@clerk/electron@8960

@clerk/electron-passkeys

npm i https://pkg.pr.new/@clerk/electron-passkeys@8960

@clerk/eslint-plugin

npm i https://pkg.pr.new/@clerk/eslint-plugin@8960

@clerk/expo

npm i https://pkg.pr.new/@clerk/expo@8960

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@8960

@clerk/express

npm i https://pkg.pr.new/@clerk/express@8960

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@8960

@clerk/hono

npm i https://pkg.pr.new/@clerk/hono@8960

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@8960

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@8960

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@8960

@clerk/react

npm i https://pkg.pr.new/@clerk/react@8960

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@8960

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@8960

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@8960

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@8960

@clerk/ui

npm i https://pkg.pr.new/@clerk/ui@8960

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@8960

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@8960

commit: 2d082f8

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

clerk-js expo

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mikepitre