Hey! Thanks for the response.
Using the react-native-auth0 lib is not possible for us because it’s not supported by Expo, so we are forced to use the http API for all the operations.
So in summary, all I’m looking for is a way to log in my users through the http API using username/password. We would prefer not to do it directly in the client since it’ll require to store the client_secret in the expo app. So that’s why I was thinking of a server-side login flow. The problem with this scenario is the impossibility to configure brute-force protection as a Native App that is trying to do server-side login. I know this is like so because auth0 expects me to use a Native SDK, but this is impossible in Expo.
We also need to get a refresh token for biometric login.
I know browser based authentication is recommended but I would really like to try as hard as I can to find a way of doing native login in the app with username/password in a way that does not compromise my app auth0’s client_secret.
Switching my auth0 app from native to regular web application could fix the issue since I would theoretically be able to enable IP forwarding and I should be able to log in my users and receive both the access and refresh token. However, I’m not sure about the implications of such change since the app in question is an Expo App, not a regular web application and Expo Apps should be considered native at the end of the day, since that’s what they are after compiling.
If this is simply impossible I guess we will have to compromise and switch to browser based auth.
Thank you for your kindness,
Henry