Roadmap
Help Center
Changelog
← Back to all posts

Auth for app

Objective

Introduce Better Auth-based authentication for the Attik mobile app so users can sign in either with email/SMS one-time passwords or with their Google accounts, while leveraging the existing backend user/session models.

Background

The current Expo app hardcodes EMPLOYEE_ID, API_BASE_URL, and API_KEY inside inspector-app/constants/config.ts, which bypasses real authentication flows. Backend routes already manage users (src/models/userSchema.ts), sessions (src/routes/authenticate.ts), and passwordless tokens, but they are coupled to magic-link flows. We want to reuse the same data sources while shifting to Better Auth for session management.

Scope

Backend

  • Stand up a Better Auth instance (e.g. src/lib/auth.ts) using the MongoDB adapter so user data remains in userSchema and sessions in sessionSchema with Redis caching.
  • Enable Email OTP and Google OAuth via Better Auth plugins, using sendResendTemplate for email delivery and wiring an SMS provider so OTP delivery can be email or text per user choice.
  • Configure trustedOrigins for Expo deep-links and mount the Better Auth handler (either new /api/auth/* route or an extension of routes/authenticate.ts) without breaking existing session consumers.

Mobile (Expo)

  • Add a Better Auth Expo client (better-auth/react, @better-auth/expo/client) that stores session cookies with expo-secure-store and exposes hooks like useSession for screens.
  • Create onboarding screens for OTP request/verification and Google sign-in, plus optional Google account linking inside settings.
  • Replace usages of constants/config.ts by deriving IDs, company membership, and API access details from the authenticated session.

Configuration & Rollout

  • Document new env vars (BETTER_AUTH_SECRET, Google OAuth IDs, SMS credentials, updated Expo scheme) and update Expo/Metro configs as required by the Better Auth Expo integration.
  • Plan migrations/tests covering OTP, Google sign-in, session refresh, and regression of existing /authenticate flows. Roll out behind a feature flag before removing the legacy config constants.

References

Please authenticate to join the conversation.

Upvoters
Status

Completed

Board
🏠

Main App

Date

5 months ago

Author

Linear

Subscribe to post

Get notified by email when there are changes.