This is an Expo project demonstrating a BFF (Backend-for-Frontend) architecture for Google authentication using Expo API Routes and JWTs.
Using JWT tokens works well for native platforms but isn't ideal for web applications. Using cookies on web has several important advantages:
The token api detects the platform and handle auth appropriately:
.env.local file in the root directory with:GOOGLE_CLIENT_ID=your_google_client_id
GOOGLE_CLIENT_SECRET=your_google_client_secret
JWT_SECRET=your_jwt_secret # use to sign jwt tokens
EXPO_PUBLIC_BASE_URL=your_base_url # e.g., http://localhost:8081
EXPO_PUBLIC_SCHEME=your_app_scheme:// # matches app.json scheme
# Generate yours at https://applekeygen.expo.app
APPLE_CLIENT_SECRET=
bash
bun install
bash
npx expo run:ios
/app - Main application code using file-based routing/app/api - Backend API routes (BFF)/auth - Authentication endpoints/public - Public endpoints/protected - Protected endpoints requiring JWT/components - Reusable React components/utils - Utility functions and middlewareThis setup supports Sign in with Apple for both iOS (native) and Web using Expo.
expo-apple-authentication)npx expo install expo-apple-authentication
To enable the Sign In with Apple capability in your app, set the ios.usesAppleSignIn property to true in your project's app config:
{
"expo": {
"ios": {
"usesAppleSignIn": true
}
}
}
Add the plugin:
{
"expo": {
"plugins": ["expo-apple-authentication"]
}
}
For web-based Apple Sign In, you'll need to generate a client secret. This is a JWT token that your server uses to validate requests with Apple's servers.
.env file:$ claude mcp add expo-oauth-example \
-- python -m otcore.mcp_server <graph>