How to use a private App Client ID w/ Client Secret in a React Native Mobile App

Question

I have a Native iOS codebase using Amplify for Authentication. The project was set up (before me) using a Private Client ID with a Client Secret. I am now in the process of re-writing the front-end in React Native. However, the Amplify Javascript SDK does not support Private App Client's with Client Secrets. (I am not sure why the Swift SDK does if the Javascript one doesn't...)

I would like the React Native app to maintain the Authentication Session created from the Private App Client, but am unable to do so because of the Client Secret. I would like to NOT log the users out, so creating a new Public App Client is not an option.

What are my available options to use a Private App Client in a Front-end Mobile app or other solutions to maintain the existing Auth Session?

Answer

Hello,

Thank you for reaching out to us.

Amplify Javascript SDK does not currently support Private App Client, i.e, a client secret enabled app client. You may also refer below GitHub issue that discusses the same.

- https://github.com/aws-amplify/amplify-js/issues/3455

Moving ahead, if your Cognito user pool app client are created via Amplify CLI then it would have both public and private client. Thus we would not require recreation of Public App Client. Additionally, please note that switching App client for the application can cause authentication issues for the signed in users and ask them for re-authentication with the modified/new Public App Client.

In case you require further troubleshooting specific to the resources in your account, feel free to raise a support case with us. It is always our pleasure to assist you.

How to use a private App Client ID w/ Client Secret in a React Native Mobile App

Relevant content