Authentication

ScaleRocket Mobile includes a complete authentication flow with email/password, Google OAuth, and Apple Sign-In.

Auth Screens

The boilerplate includes three auth screens in app/(auth)/:

Screen	File	Description
Login	`login.tsx`	Email/password + Google/Apple OAuth buttons
Register	`register.tsx`	Account creation with optional full name
Forgot Password	`forgot-password.tsx`	Password reset via email

Email/Password

Email and password authentication works out of the box. The login and register screens include validation and error handling.

// lib/auth.ts
import { supabase } from "./supabase";

export async function signIn(email: string, password: string) {
  const { error } = await supabase.auth.signInWithPassword({ email, password });
  if (error) throw error;
}

export async function signUp(email: string, password: string, fullName?: string) {
  const { error } = await supabase.auth.signUp({
    email,
    password,
    options: { data: { full_name: fullName } },
  });
  if (error) throw error;
}

// lib/auth.ts
import { useConvexAuth } from "convex/react";

export function useSession() {
  const { isAuthenticated, isLoading } = useConvexAuth();
  return { isAuthenticated, loading: isLoading };
}

// Sign in and sign up are handled by the Convex auth provider
// configured in convex/auth.ts

Google OAuth

Google OAuth opens the device browser for sign-in and redirects back to the app via the scalerocket:// deep link scheme.

Setup

Go to Supabase Dashboard > Authentication > Providers > Google
Enable the Google provider
Create OAuth credentials in Google Cloud Console
Add the Client ID and Secret to Supabase
Add scalerocket:// to your Supabase Redirect URLs

Code

import { makeRedirectUri } from "expo-linking";

export async function signInWithOAuth(provider: "google" | "apple") {
  const redirectUrl = makeRedirectUri({ scheme: "scalerocket" });
  const { error } = await supabase.auth.signInWithOAuth({
    provider,
    options: { redirectTo: redirectUrl },
  });
  if (error) throw error;
}

Setup

Configure Google OAuth in your Convex dashboard
Add the OAuth credentials to your Convex auth configuration in convex/auth.ts
Set the redirect URL to scalerocket://

Code

// Google OAuth is configured in convex/auth.ts
// The login screen calls the Convex auth provider directly

Apple Sign-In is required for iOS apps that offer third-party sign-in. It is conditionally rendered only on iOS devices.

import { Platform } from "react-native";

{Platform.OS === "ios" && (
  <TouchableOpacity onPress={() => signInWithOAuth("apple")}>
    <Text>Sign in with Apple</Text>
  </TouchableOpacity>
)}

Setup

Enable Apple provider in your backend dashboard
Configure a Service ID in your Apple Developer account
Add the Service ID to your backend provider settings

Important: Apple requires that any app offering third-party sign-in (like Google) must also offer Apple Sign-In. Your app may be rejected from the App Store without it.

Session Management

Sessions are managed automatically:

Storage — Tokens are stored in expo-secure-store (encrypted on device)
Auto-refresh — Tokens are refreshed before expiry
Persistence — Sessions survive app restarts
State listener — onAuthStateChange updates the UI in real time
Sign out — Clears the session and redirects to login

Auth Guard

The root layout (app/_layout.tsx) contains the auth guard:

On launch, useSession() checks for an existing session
While checking, a loading spinner is displayed
No session found — redirects to /(auth)/login
Session found — redirects to /(tabs) (home dashboard)
Session changes are handled automatically via the state listener

Authentication

On this page