Mobile Auth Setup (Backend Side)

The MysticX mobile app (Expo) authenticates against this Next.js backend using Better Auth's Expo integration.

What's done

@better-auth/expo server plugin installed and added to lib/auth.tsx
trustedOrigins updated with mysticx:// scheme and dev exp:// patterns
Google OAuth already works (same client ID)
Email/password login already works
Optional env vars added to env.ts for Apple and Facebook (see below)

What's TODO

Get credentials from Apple Developer Portal (see mysticx-app/docs/mobile-auth-setup.md)

Add to .env:

APPLE_CLIENT_ID=com.mysticx.app.si
APPLE_TEAM_ID=XXXXXXXXXX
APPLE_KEY_ID=YYYYYYYYYY
APPLE_PRIVATE_KEY="-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----"

Install jose: pnpm add jose
Uncomment Apple provider in lib/auth.tsx and implement generateAppleClientSecret()
Uncomment 'https://appleid.apple.com' in trustedOrigins

Get credentials from Facebook Developer Portal (see mysticx-app/docs/mobile-auth-setup.md)

Add to .env:

FACEBOOK_CLIENT_ID=your_app_id
FACEBOOK_CLIENT_SECRET=your_app_secret

Uncomment Facebook provider in lib/auth.tsx

Google (mobile-specific)

The existing GOOGLE_CLIENT_ID works for idToken verification from the mobile app
Mobile app uses @react-native-google-signin/google-signin for native sign-in flow
The native SDK gets an idToken, which is sent to our backend via signIn.social({ provider: 'google', idToken: { token } })
Backend verifies the token with Google and creates a session

Mobile Auth Setup (Backend Side) ​

What's done ​

What's TODO ​

Apple Sign In ​

Facebook Login ​

Google (mobile-specific) ​

Mobile Auth Setup (Backend Side)

What's done

What's TODO

Apple Sign In

Facebook Login

Google (mobile-specific)