auth

Author: skoob13

apps/mobile/App.tsx

@@ -1,19 +1,50 @@
 import { StatusBar } from 'expo-status-bar';
-import { StyleSheet, Text, View } from 'react-native';
+import { StyleSheet, View, ActivityIndicator } from 'react-native';
+import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
+import { useEffect } from 'react';
+import { useAuthStore } from './src/stores/authStore';
+import { AuthScreen } from './src/screens/AuthScreen';
+import { HomeScreen } from './src/screens/HomeScreen';
+
+const queryClient = new QueryClient();
+
+function AppContent() {
+  const { isAuthenticated, isLoading, initializeAuth } = useAuthStore();
+
+  useEffect(() => {
+    initializeAuth();
+  }, [initializeAuth]);
+
+  if (isLoading) {
+    return (
+      <View style={styles.loadingContainer}>
+        <ActivityIndicator size="large" color="#f97316" />
+      </View>
+    );
+  }
+
+  return isAuthenticated ? <HomeScreen /> : <AuthScreen />;
+}
 
 export default function App() {
   return (
-    <View style={styles.container}>
-      <Text>Open up App.tsx to start working on your app!</Text>
-      <StatusBar style="auto" />
-    </View>
+    <QueryClientProvider client={queryClient}>
+      <View style={styles.container}>
+        <AppContent />
+        <StatusBar style="light" />
+      </View>
+    </QueryClientProvider>
   );
 }
 
 const styles = StyleSheet.create({
   container: {
     flex: 1,
-    backgroundColor: '#fff',
+    backgroundColor: '#0f0f0f',
+  },
+  loadingContainer: {
+    flex: 1,
+    backgroundColor: '#0f0f0f',
     alignItems: 'center',
     justifyContent: 'center',
   },

apps/mobile/app.json

@@ -1,30 +1,34 @@
 {
   "expo": {
-    "name": "mobile",
-    "slug": "mobile",
+    "name": "PostHog Mobile",
+    "slug": "posthog-mobile",
     "version": "1.0.0",
     "orientation": "portrait",
     "icon": "./assets/icon.png",
-    "userInterfaceStyle": "light",
+    "userInterfaceStyle": "dark",
     "newArchEnabled": true,
+    "scheme": "posthog-mobile",
     "splash": {
       "image": "./assets/splash-icon.png",
       "resizeMode": "contain",
-      "backgroundColor": "#ffffff"
+      "backgroundColor": "#0f0f0f"
     },
     "ios": {
-      "supportsTablet": true
+      "supportsTablet": true,
+      "bundleIdentifier": "com.posthog.mobile"
     },
     "android": {
       "adaptiveIcon": {
         "foregroundImage": "./assets/adaptive-icon.png",
-        "backgroundColor": "#ffffff"
+        "backgroundColor": "#0f0f0f"
       },
       "edgeToEdgeEnabled": true,
-      "predictiveBackGestureEnabled": false
+      "predictiveBackGestureEnabled": false,
+      "package": "com.posthog.mobile"
     },
     "web": {
       "favicon": "./assets/favicon.png"
     }
+
   }
 }

apps/mobile/src/constants/oauth.ts

@@ -0,0 +1,37 @@
+import type { CloudRegion } from '../types/oauth';
+
+export const POSTHOG_US_CLIENT_ID = 'HCWoE0aRFMYxIxFNTTwkOORn5LBjOt2GVDzwSw5W';
+export const POSTHOG_EU_CLIENT_ID = 'AIvijgMS0dxKEmr5z6odvRd8Pkh5vts3nPTzgzU9';
+export const POSTHOG_DEV_CLIENT_ID = 'DC5uRLVbGI02YQ82grxgnK6Qn12SXWpCqdPb60oZ';
+
+export const OAUTH_SCOPES = [
+  'user:read',
+  'project:read',
+  'task:write',
+  'integration:read',
+];
+
+// Token refresh settings
+export const TOKEN_REFRESH_BUFFER_MS = 5 * 60 * 1000; // 5 minutes before expiry
+
+export function getCloudUrlFromRegion(region: CloudRegion): string {
+  switch (region) {
+    case 'us':
+      return 'https://us.posthog.com';
+    case 'eu':
+      return 'https://eu.posthog.com';
+    case 'dev':
+      return 'http://localhost:8010';
+  }
+}
+
+export function getOauthClientIdFromRegion(region: CloudRegion): string {
+  switch (region) {
+    case 'us':
+      return POSTHOG_US_CLIENT_ID;
+    case 'eu':
+      return POSTHOG_EU_CLIENT_ID;
+    case 'dev':
+      return POSTHOG_DEV_CLIENT_ID;
+  }
+}

apps/mobile/src/hooks/useAuth.ts

@@ -0,0 +1,33 @@
+import { useAuthStore } from '../stores/authStore';
+
+/**
+ * A convenience hook for accessing common auth state and methods.
+ */
+export function useAuth() {
+  const {
+    isAuthenticated,
+    isLoading,
+    oauthAccessToken,
+    cloudRegion,
+    projectId,
+    loginWithOAuth,
+    logout,
+    refreshAccessToken,
+    initializeAuth,
+  } = useAuthStore();
+
+  return {
+    // State
+    isAuthenticated,
+    isLoading,
+    accessToken: oauthAccessToken,
+    cloudRegion,
+    projectId,
+
+    // Methods
+    login: loginWithOAuth,
+    logout,
+    refresh: refreshAccessToken,
+    initialize: initializeAuth,
+  };
+}

apps/mobile/src/index.ts

@@ -0,0 +1,30 @@
+// Types
+export type { CloudRegion, OAuthTokenResponse, OAuthConfig, StoredTokens } from './types/oauth';
+
+// Constants
+export {
+  POSTHOG_US_CLIENT_ID,
+  POSTHOG_EU_CLIENT_ID,
+  POSTHOG_DEV_CLIENT_ID,
+  OAUTH_SCOPES,
+  TOKEN_REFRESH_BUFFER_MS,
+  getCloudUrlFromRegion,
+  getOauthClientIdFromRegion,
+} from './constants/oauth';
+
+// OAuth utilities
+export {
+  performOAuthFlow,
+  refreshAccessToken,
+  getRedirectUri,
+} from './lib/oauth';
+
+// Secure storage
+export { saveTokens, getTokens, deleteTokens } from './lib/secureStorage';
+
+// Store
+export { useAuthStore } from './stores/authStore';
+
+// Screens
+export { AuthScreen } from './screens/AuthScreen';
+export { HomeScreen } from './screens/HomeScreen';

apps/mobile/src/lib/oauth.ts

@@ -0,0 +1,172 @@
+import * as AuthSession from 'expo-auth-session';
+import * as WebBrowser from 'expo-web-browser';
+import * as Crypto from 'expo-crypto';
+import {
+  getCloudUrlFromRegion,
+  getOauthClientIdFromRegion,
+  OAUTH_SCOPES,
+} from '../constants/oauth';
+import type { CloudRegion, OAuthTokenResponse, OAuthConfig } from '../types/oauth';
+
+// Required for web browser auth session to work properly
+WebBrowser.maybeCompleteAuthSession();
+
+// Generate PKCE code verifier and challenge
+async function generateCodeVerifier(): Promise<string> {
+  const randomBytes = await Crypto.getRandomBytesAsync(32);
+  return btoa(String.fromCharCode(...randomBytes))
+    .replace(/\+/g, '-')
+    .replace(/\//g, '_')
+    .replace(/=/g, '');
+}
+
+async function generateCodeChallenge(verifier: string): Promise<string> {
+  const encoder = new TextEncoder();
+  const data = encoder.encode(verifier);
+  const digest = await Crypto.digest(Crypto.CryptoDigestAlgorithm.SHA256, data);
+  
+  return btoa(String.fromCharCode(...new Uint8Array(digest)))
+    .replace(/\+/g, '-')
+    .replace(/\//g, '_')
+    .replace(/=/g, '');
+}
+
+export function getRedirectUri(): string {
+  return AuthSession.makeRedirectUri({
+    scheme: 'posthog-mobile',
+    path: 'callback',
+  });
+}
+
+export function getAuthorizationEndpoint(region: CloudRegion): string {
+  return `${getCloudUrlFromRegion(region)}/oauth/authorize`;
+}
+
+export function getTokenEndpoint(region: CloudRegion): string {
+  return `${getCloudUrlFromRegion(region)}/oauth/token`;
+}
+
+export async function exchangeCodeForToken(
+  code: string,
+  codeVerifier: string,
+  config: OAuthConfig
+): Promise<OAuthTokenResponse> {
+  const cloudUrl = getCloudUrlFromRegion(config.cloudRegion);
+  const redirectUri = getRedirectUri();
+
+  const response = await fetch(`${cloudUrl}/oauth/token`, {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+    },
+    body: JSON.stringify({
+      grant_type: 'authorization_code',
+      code,
+      redirect_uri: redirectUri,
+      client_id: getOauthClientIdFromRegion(config.cloudRegion),
+      code_verifier: codeVerifier,
+    }),
+  });
+
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Token exchange failed: ${response.statusText} - ${errorText}`);
+  }
+
+  return response.json();
+}
+
+export async function refreshAccessToken(
+  refreshToken: string,
+  region: CloudRegion
+): Promise<OAuthTokenResponse> {
+  const cloudUrl = getCloudUrlFromRegion(region);
+
+  const response = await fetch(`${cloudUrl}/oauth/token`, {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+    },
+    body: JSON.stringify({
+      grant_type: 'refresh_token',
+      refresh_token: refreshToken,
+      client_id: getOauthClientIdFromRegion(region),
+    }),
+  });
+
+  if (!response.ok) {
+    throw new Error(`Token refresh failed: ${response.statusText}`);
+  }
+
+  return response.json();
+}
+
+export interface OAuthFlowResult {
+  success: boolean;
+  data?: OAuthTokenResponse;
+  error?: string;
+}
+
+export async function performOAuthFlow(config: OAuthConfig): Promise<OAuthFlowResult> {
+  try {
+    const codeVerifier = await generateCodeVerifier();
+    const codeChallenge = await generateCodeChallenge(codeVerifier);
+    const redirectUri = getRedirectUri();
+    const clientId = getOauthClientIdFromRegion(config.cloudRegion);
+    
+    const discovery: AuthSession.DiscoveryDocument = {
+      authorizationEndpoint: getAuthorizationEndpoint(config.cloudRegion),
+      tokenEndpoint: getTokenEndpoint(config.cloudRegion),
+    };
+
+    const authRequest = new AuthSession.AuthRequest({
+      clientId,
+      scopes: config.scopes,
+      redirectUri,
+      codeChallenge,
+      codeChallengeMethod: AuthSession.CodeChallengeMethod.S256,
+      extraParams: {
+        required_access_level: 'project',
+      },
+    });
+
+    const authResult = await authRequest.promptAsync(discovery);
+
+    if (authResult.type === 'cancel' || authResult.type === 'dismiss') {
+      return {
+        success: false,
+        error: 'Authorization cancelled',
+      };
+    }
+
+    if (authResult.type === 'error') {
+      return {
+        success: false,
+        error: authResult.error?.message || 'Authorization failed',
+      };
+    }
+
+    if (authResult.type !== 'success' || !authResult.params.code) {
+      return {
+        success: false,
+        error: 'No authorization code received',
+      };
+    }
+
+    const tokenResponse = await exchangeCodeForToken(
+      authResult.params.code,
+      codeVerifier,
+      config
+    );
+
+    return {
+      success: true,
+      data: tokenResponse,
+    };
+  } catch (error) {
+    return {
+      success: false,
+      error: error instanceof Error ? error.message : 'Unknown error',
+    };
+  }
+}

apps/mobile/src/lib/secureStorage.ts

@@ -0,0 +1,23 @@
+import * as SecureStore from 'expo-secure-store';
+import type { StoredTokens } from '../types/oauth';
+
+const TOKENS_KEY = 'posthog_oauth_tokens';
+
+export async function saveTokens(tokens: StoredTokens): Promise<void> {
+  await SecureStore.setItemAsync(TOKENS_KEY, JSON.stringify(tokens));
+}
+
+export async function getTokens(): Promise<StoredTokens | null> {
+  const value = await SecureStore.getItemAsync(TOKENS_KEY);
+  if (!value) return null;
+  
+  try {
+    return JSON.parse(value) as StoredTokens;
+  } catch {
+    return null;
+  }
+}
+
+export async function deleteTokens(): Promise<void> {
+  await SecureStore.deleteItemAsync(TOKENS_KEY);
+}