@streamplace/atproto-oauth-client-react-native 0.0.1 → 0.7.0

package/LICENSE

@@ -0,0 +1,18 @@
+Copyright (c) 2025 Streamplace.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

package/README.md

@@ -0,0 +1,89 @@
+# atproto OAuth Client for React Native
+
+This package implements an atproto OAuth client usable on the React Native
+platform. It uses [react-native-quick-crypto] for cryptographic operations and
+[expo-sqlite] for persistence. Its usage is very similar to the atproto OAuth
+client for the browser, so refer to that [README] and [example] for general
+usage. Some differences are noted below.
+
+## expo-sqlite
+
+This library uses [expo-sqlite] to store the OAuth state and session data in a
+SQLite database. The schema is automatically created when the client is
+instantiated.
+
+Because this database is storing sensitive cryptographic keys, it is highly
+reccomended to use the optional SQLCipher extension. This can be accomplished in
+your app.json file:
+
+```json
+{
+  "expo": {
+    "plugins": [
+      [
+        "expo-sqlite",
+        {
+          "useSQLCipher": true
+        }
+      ]
+    ]
+  }
+}
+```
+
+## Login and session restore flow
+
+The basic login flow will involve popping up a web browser and allowing users to
+authenticate with their selected PDS. This can be accomplished with the
+`expo-web-browser` library:
+
+```tsx
+import { openAuthSessionAsync } from "expo-web-browser";
+
+// inside your login onPress, perhaps:
+const loginUrl = await oauthClient.authorize(pds);
+const res = await openAuthSessionAsync(loginUrl);
+if (res.type === "success") {
+  const params = new URLSearchParams(url.split("?")[1]);
+  const { session, state } = await oauthClient.callback(params);
+  console.log(`logged in as ${session.sub}`);
+}
+```
+
+## Development on localhost
+
+The atproto OAuth specification has a special case for development on localhost,
+but it is required to use a redirectUrl that returns to `127.0.0.1` or `[::1]`.
+This prevents the localhost OAuth flow from returning you directly to your app.
+As a workaround, you can host a static HTML server on 127.0.0.1 that recieves
+the incoming OAuth callback and then redirects to your app. (If you have a web
+version of your React Native app, you can just use that.) Such a redirect page
+might look something like this:
+
+```tsx
+import { useEffect } from "react";
+import { View, Text } from "react-native";
+
+export default function AppReturnScreen({ route }) {
+  useEffect(() => {
+    document.location.href = `com.example.app:/app-return${document.location.search}`;
+  }, []);
+  return (
+    <View style={{ flex: 1, alignItems: "center", justifyContent: "center" }}>
+      <Text>Redirecting you back to the app...</Text>
+    </View>
+  );
+}
+```
+
+This flow will work on the iOS simulator and on Android devices provided you've
+forwarded the port with `adb reverse`. For testing on iOS hardware, you'll
+instead need to set up TLS.
+
+[react-native-quick-crypto]:
+  https://github.com/margelo/react-native-quick-crypto
+[expo-sqlite]: https://docs.expo.dev/versions/latest/sdk/sqlite/
+[README]:
+  https://github.com/bluesky-social/atproto/tree/main/packages/oauth/oauth-client-browser
+[example]:
+  https://github.com/bluesky-social/atproto/tree/main/packages/oauth/oauth-client-browser-example

package/dist/index.d.ts

@@ -0,0 +1,3 @@
+import "./polyfills";
+export * from "@atproto/oauth-client";
+export * from "./oauth-client-react-native";

package/dist/index.js

@@ -0,0 +1,3 @@
+import "./polyfills";
+export * from "@atproto/oauth-client";
+export * from "./oauth-client-react-native";

package/dist/oauth-client-react-native.d.ts

@@ -0,0 +1,2 @@
+import { BrowserOAuthClient } from "@atproto/oauth-client-browser";
+export { BrowserOAuthClient as ReactNativeOAuthClient };

package/dist/oauth-client-react-native.js

@@ -0,0 +1,4 @@
+// browser fallback
+// export * from "@atproto/oauth-client-browser";
+import { BrowserOAuthClient } from "@atproto/oauth-client-browser";
+export { BrowserOAuthClient as ReactNativeOAuthClient };

package/dist/oauth-client-react-native.native.d.ts

@@ -0,0 +1,24 @@
+import { SimpleStore } from "@atproto-labs/simple-store";
+import { OAuthClient, OAuthClientFetchMetadataOptions, OAuthClientOptions, OAuthSession, SessionStore, StateStore } from "@atproto/oauth-client";
+import { SubtleAlgorithm } from "react-native-quick-crypto/lib/typescript/src/keys";
+export type ReactNativeOAuthClientOptions = Omit<OAuthClientOptions, "runtimeImplementation" | "sessionStore" | "stateStore"> & {
+    sessionStore?: SessionStore;
+    stateStore?: StateStore;
+    didStore?: SimpleStore<string, string>;
+};
+export type ReactNativeOAuthClientFromMetadataOptions = OAuthClientFetchMetadataOptions & Omit<ReactNativeOAuthClientOptions, "clientMetadata">;
+export declare class ReactNativeOAuthClient extends OAuthClient {
+    didStore: SimpleStore<string, string>;
+    static fromClientId(options: ReactNativeOAuthClientFromMetadataOptions): Promise<ReactNativeOAuthClient>;
+    constructor({ fetch, responseMode, ...options }: ReactNativeOAuthClientOptions);
+    init(refresh?: boolean): Promise<{
+        session: OAuthSession;
+    } | undefined>;
+    callback(params: URLSearchParams): Promise<{
+        session: OAuthSession;
+        state: string | null;
+    }>;
+}
+export declare function toSubtleAlgorithm(alg: string, crv?: string, options?: {
+    modulusLength?: number;
+}): SubtleAlgorithm;

package/dist/oauth-client-react-native.native.js

@@ -0,0 +1,123 @@
+import { jwkValidator } from "@atproto/jwk";
+import { JoseKey } from "@atproto/jwk-jose";
+import { OAuthClient, } from "@atproto/oauth-client";
+import QuickCrypto from "react-native-quick-crypto";
+import { JoseKeyStore, SQLiteKVStore } from "./sqlite-keystore";
+export class ReactNativeOAuthClient extends OAuthClient {
+    static async fromClientId(options) {
+        const clientMetadata = await OAuthClient.fetchMetadata(options);
+        return new ReactNativeOAuthClient({ ...options, clientMetadata });
+    }
+    constructor({ fetch, responseMode = "query", ...options }) {
+        if (!options.stateStore) {
+            options.stateStore = new JoseKeyStore(new SQLiteKVStore("state"));
+        }
+        if (!options.sessionStore) {
+            options.sessionStore = new JoseKeyStore(new SQLiteKVStore("session"));
+        }
+        if (!options.didStore) {
+            options.didStore = new SQLiteKVStore("did");
+        }
+        super({
+            ...options,
+            sessionStore: options.sessionStore,
+            stateStore: options.stateStore,
+            fetch,
+            responseMode,
+            runtimeImplementation: {
+                createKey: async (algs) => {
+                    console.log("GOT HEREEEE!");
+                    const errors = [];
+                    for (const alg of algs) {
+                        try {
+                            let subtle = QuickCrypto?.webcrypto?.subtle;
+                            const subalg = toSubtleAlgorithm(alg);
+                            const keyPair = (await subtle.generateKey(subalg, true, [
+                                "sign",
+                                "verify",
+                            ]));
+                            const ex = (await subtle.exportKey("jwk", keyPair.privateKey));
+                            ex.alg = alg;
+                            // these have trailing periods sometimes for some reason
+                            for (const k of ["x", "y", "d"]) {
+                                if (ex[k].endsWith(".")) {
+                                    ex[k] = ex[k].slice(0, -1);
+                                }
+                            }
+                            // RNQC doesn't give us a kid, so let's do a quick hash of the key
+                            const kid = QuickCrypto.createHash("sha256")
+                                .update(JSON.stringify(ex))
+                                .digest("hex");
+                            const use = "sig";
+                            return new JoseKey(jwkValidator.parse({ ...ex, kid, use }));
+                        }
+                        catch (err) {
+                            errors.push(err);
+                        }
+                    }
+                    throw new Error("None of the algorithms worked");
+                },
+                getRandomValues: (length) => new Uint8Array(QuickCrypto.randomBytes(length)),
+                digest: (bytes, algorithm) => QuickCrypto.createHash(algorithm.name)
+                    .update(bytes)
+                    .digest(),
+            },
+            clientMetadata: options.clientMetadata,
+        });
+        this.didStore = options.didStore;
+    }
+    async init(refresh) {
+        const sub = await this.didStore.get(`(sub)`);
+        if (sub) {
+            try {
+                const session = await this.restore(sub, refresh);
+                return { session };
+            }
+            catch (err) {
+                this.didStore.del(`(sub)`);
+                throw err;
+            }
+        }
+    }
+    async callback(params) {
+        const { session, state } = await super.callback(params);
+        await this.didStore.set(`(sub)`, session.sub);
+        return { session, state };
+    }
+}
+export function toSubtleAlgorithm(alg, crv, options) {
+    switch (alg) {
+        case "PS256":
+        case "PS384":
+        case "PS512":
+            return {
+                name: "RSA-PSS",
+                hash: `SHA-${alg.slice(-3)}`,
+                modulusLength: options?.modulusLength ?? 2048,
+                publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
+            };
+        case "RS256":
+        case "RS384":
+        case "RS512":
+            return {
+                name: "RSASSA-PKCS1-v1_5",
+                hash: `SHA-${alg.slice(-3)}`,
+                modulusLength: options?.modulusLength ?? 2048,
+                publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
+            };
+        case "ES256":
+        case "ES384":
+            return {
+                name: "ECDSA",
+                namedCurve: `P-${alg.slice(-3)}`,
+            };
+        case "ES512":
+            return {
+                name: "ECDSA",
+                namedCurve: "P-521",
+            };
+        default:
+            // https://github.com/w3c/webcrypto/issues/82#issuecomment-849856773
+            throw new TypeError(`Unsupported alg "${alg}"`);
+    }
+}

package/dist/polyfills.native.d.ts

@@ -0,0 +1 @@
+import "abortcontroller-polyfill/dist/polyfill-patch-fetch";

package/dist/polyfills.native.js

@@ -0,0 +1,32 @@
+import { Event, EventTarget } from "event-target-shim";
+import { install as installRNQC } from "react-native-quick-crypto";
+// Polyfill for the `throwIfAborted` method of the AbortController
+// used in @atproto/oauth-client
+import "abortcontroller-polyfill/dist/polyfill-patch-fetch";
+// Polyfill for jose. It tries to detect whether it's been passed a CryptoKey
+// instance, and isn't willing to accept RNQC's equivalent. So, this ensures that
+// `key instanceof CryptoKey` will always be true.
+// @ts-ignore
+global.CryptoKey = Object;
+// This is needed to populate the `crypto` global for jose's export here
+// https://github.com/panva/jose/blob/1e8b430b08a18a18883a69e7991832c9c602ca1a/src/runtime/browser/webcrypto.ts#L1
+installRNQC();
+// These two are needed for @atproto/oauth-client's `CustomEventTarget` to work.
+// @ts-ignore
+global.EventTarget = EventTarget;
+// @ts-ignore
+global.Event = Event;
+// And finally, this happens on React Native with every possible input:
+// URL.canParse("http://example.com") => false
+// I do not know why. Used in @atproto/oauth and @atproto/common-web
+if (!URL.canParse("http://example.com")) {
+    URL.canParse = (url, base) => {
+        try {
+            new URL(url, base);
+            return true;
+        }
+        catch (e) {
+            return false;
+        }
+    };
+}

package/dist/sqlite-keystore.d.ts

@@ -0,0 +1,29 @@
+import { SimpleStore } from "@atproto-labs/simple-store";
+import { Key } from "@atproto/jwk";
+interface HasDPoPKey {
+    dpopKey: Key | undefined;
+}
+/**
+ * An expo-sqlite store that handles serializing and deserializing
+ * our Jose DPoP keys. Wraps SQLiteKVStore or whatever other SimpleStore
+ * that a user might provide.
+ */
+export declare class JoseKeyStore<T extends HasDPoPKey> {
+    private store;
+    constructor(store: SimpleStore<string, string>);
+    get(key: string): Promise<T | undefined>;
+    set(key: string, value: T): Promise<void>;
+    del(key: string): Promise<void>;
+}
+/**
+ * Simple wrapper around expo-sqlite's KVStore. Default implementation
+ * unless a user brings their own KV store.
+ */
+export declare class SQLiteKVStore implements SimpleStore<string, string> {
+    private namespace;
+    constructor(namespace: string);
+    get(key: string): Promise<string | undefined>;
+    set(key: string, value: string): Promise<void>;
+    del(key: string): Promise<void>;
+}
+export {};

package/dist/sqlite-keystore.js

@@ -0,0 +1,54 @@
+import { jwkValidator } from "@atproto/jwk";
+import { JoseKey } from "@atproto/jwk-jose";
+import Storage from "expo-sqlite/kv-store";
+const NAMESPACE = `@@atproto/oauth-client-react-native`;
+/**
+ * An expo-sqlite store that handles serializing and deserializing
+ * our Jose DPoP keys. Wraps SQLiteKVStore or whatever other SimpleStore
+ * that a user might provide.
+ */
+export class JoseKeyStore {
+    constructor(store) {
+        this.store = store;
+    }
+    async get(key) {
+        const itemStr = await this.store.get(key);
+        if (!itemStr)
+            return undefined;
+        const item = JSON.parse(itemStr);
+        if (item.dpopKey) {
+            item.dpopKey = new JoseKey(jwkValidator.parse(item.dpopKey));
+        }
+        return item;
+    }
+    async set(key, value) {
+        if (value.dpopKey) {
+            value = {
+                ...value,
+                dpopKey: value.dpopKey.privateJwk,
+            };
+        }
+        return await this.store.set(key, JSON.stringify(value));
+    }
+    async del(key) {
+        return await this.store.del(key);
+    }
+}
+/**
+ * Simple wrapper around expo-sqlite's KVStore. Default implementation
+ * unless a user brings their own KV store.
+ */
+export class SQLiteKVStore {
+    constructor(namespace) {
+        this.namespace = `${NAMESPACE}:${namespace}`;
+    }
+    async get(key) {
+        return (await Storage.getItem(`${this.namespace}:${key}`)) ?? undefined;
+    }
+    async set(key, value) {
+        return await Storage.setItem(`${this.namespace}:${key}`, value);
+    }
+    async del(key) {
+        return await Storage.removeItem(`${this.namespace}:${key}`);
+    }
+}

package/package.json

@@ -1,13 +1,58 @@
 {
   "name": "@streamplace/atproto-oauth-client-react-native",
-  "version": "0.0.1",
-  "description": "",
-  "main": "package.json",
+  "version": "0.7.0",
+  "license": "MIT",
+  "description": "ATProto OAuth client for React Native",
+  "keywords": [
+    "atproto",
+    "oauth",
+    "client",
+    "node"
+  ],
+  "homepage": "https://atproto.com",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/bluesky-social/atproto",
+    "directory": "packages/oauth/oauth-client-react-native"
+  },
+  "type": "commonjs",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "default": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist",
+    "src"
+  ],
+  "dependencies": {
+    "@atproto-labs/did-resolver": "0.1.12",
+    "@atproto-labs/handle-resolver-node": "0.1.15",
+    "@atproto-labs/simple-store": "0.2.0",
+    "@atproto-labs/simple-store-memory": "0.1.3",
+    "@atproto/did": "0.1.5",
+    "@atproto/jwk": "0.1.5",
+    "@atproto/jwk-jose": "0.1.6",
+    "@atproto/jwk-webcrypto": "0.1.6",
+    "@atproto/oauth-client": "0.3.16",
+    "@atproto/oauth-client-browser": "0.3.16",
+    "@atproto/oauth-types": "0.2.7",
+    "abortcontroller-polyfill": "^1.7.6",
+    "event-target-shim": "^6.0.2",
+    "expo-sqlite": "^15.0.3",
+    "jose": "^5.2.0",
+    "react-native-quick-crypto": "^0.7.7"
+  },
+  "devDependencies": {
+    "@types/node": "^22.10.1",
+    "typescript": "^5.6.3"
+  },
   "scripts": {
-    "test": "echo \"Error: no test specified\" && exit 1"
+    "build": "tsc --build tsconfig.build.json",
+    "postinstall": "pnpm run build"
   },
-  "keywords": [],
-  "author": "",
-  "license": "ISC",
-  "packageManager": "pnpm@9.14.4+sha512.c8180b3fbe4e4bca02c94234717896b5529740a6cbadf19fa78254270403ea2f27d4e1d46a08a0f56c89b63dc8ebfd3ee53326da720273794e6200fcf0d184ab"
+  "gitHead": "c0b9266fbc2cb2a643203e8c0450980c1bd29635"
 }

package/src/index.ts

@@ -0,0 +1,4 @@
+import "./polyfills";
+
+export * from "@atproto/oauth-client";
+export * from "./oauth-client-react-native";

package/src/oauth-client-react-native.native.ts

@@ -0,0 +1,188 @@
+import { SimpleStore } from "@atproto-labs/simple-store";
+import { jwkValidator } from "@atproto/jwk";
+import { JoseKey } from "@atproto/jwk-jose";
+import {
+  InternalStateData,
+  OAuthClient,
+  OAuthClientFetchMetadataOptions,
+  OAuthClientOptions,
+  OAuthSession,
+  Session,
+  SessionStore,
+  StateStore,
+} from "@atproto/oauth-client";
+import { JWK } from "jose";
+import QuickCrypto from "react-native-quick-crypto";
+import {
+  CryptoKey,
+  SubtleAlgorithm,
+} from "react-native-quick-crypto/lib/typescript/src/keys";
+import { JoseKeyStore, SQLiteKVStore } from "./sqlite-keystore";
+
+export type ReactNativeOAuthClientOptions = Omit<
+  OAuthClientOptions,
+  // Provided by this lib
+  | "runtimeImplementation"
+  // Provided by this lib but can be overridden
+  | "sessionStore"
+  | "stateStore"
+> & {
+  sessionStore?: SessionStore;
+  stateStore?: StateStore;
+  didStore?: SimpleStore<string, string>;
+};
+
+export type ReactNativeOAuthClientFromMetadataOptions =
+  OAuthClientFetchMetadataOptions &
+    Omit<ReactNativeOAuthClientOptions, "clientMetadata">;
+
+export class ReactNativeOAuthClient extends OAuthClient {
+  didStore: SimpleStore<string, string>;
+
+  static async fromClientId(
+    options: ReactNativeOAuthClientFromMetadataOptions,
+  ) {
+    const clientMetadata = await OAuthClient.fetchMetadata(options);
+    return new ReactNativeOAuthClient({ ...options, clientMetadata });
+  }
+
+  constructor({
+    fetch,
+    responseMode = "query",
+
+    ...options
+  }: ReactNativeOAuthClientOptions) {
+    if (!options.stateStore) {
+      options.stateStore = new JoseKeyStore<InternalStateData>(
+        new SQLiteKVStore("state"),
+      );
+    }
+    if (!options.sessionStore) {
+      options.sessionStore = new JoseKeyStore<Session>(
+        new SQLiteKVStore("session"),
+      );
+    }
+    if (!options.didStore) {
+      options.didStore = new SQLiteKVStore("did");
+    }
+    super({
+      ...options,
+
+      sessionStore: options.sessionStore,
+      stateStore: options.stateStore,
+      fetch,
+      responseMode,
+      runtimeImplementation: {
+        createKey: async (algs): Promise<JoseKey> => {
+          console.log("GOT HEREEEE!");
+          const errors: unknown[] = [];
+          for (const alg of algs) {
+            try {
+              let subtle = QuickCrypto?.webcrypto?.subtle;
+              const subalg = toSubtleAlgorithm(alg);
+              const keyPair = (await subtle.generateKey(subalg, true, [
+                "sign",
+                "verify",
+              ])) as CryptoKeyPair;
+
+              const ex = (await subtle.exportKey(
+                "jwk",
+                keyPair.privateKey as unknown as CryptoKey,
+              )) as JWK;
+              ex.alg = alg;
+              // these have trailing periods sometimes for some reason
+              for (const k of ["x", "y", "d"]) {
+                if (ex[k].endsWith(".")) {
+                  ex[k] = ex[k].slice(0, -1);
+                }
+              }
+
+              // RNQC doesn't give us a kid, so let's do a quick hash of the key
+              const kid = QuickCrypto.createHash("sha256")
+                .update(JSON.stringify(ex))
+                .digest("hex");
+              const use = "sig";
+
+              return new JoseKey(jwkValidator.parse({ ...ex, kid, use }));
+            } catch (err) {
+              errors.push(err);
+            }
+          }
+          throw new Error("None of the algorithms worked");
+        },
+        getRandomValues: (length) =>
+          new Uint8Array(QuickCrypto.randomBytes(length)),
+        digest: (bytes, algorithm) =>
+          QuickCrypto.createHash(algorithm.name)
+            .update(bytes as unknown as ArrayBuffer)
+            .digest(),
+      },
+      clientMetadata: options.clientMetadata,
+    });
+    this.didStore = options.didStore;
+  }
+
+  async init(refresh?: boolean) {
+    const sub = await this.didStore.get(`(sub)`);
+    if (sub) {
+      try {
+        const session = await this.restore(sub, refresh);
+        return { session };
+      } catch (err) {
+        this.didStore.del(`(sub)`);
+        throw err;
+      }
+    }
+  }
+
+  async callback(params: URLSearchParams): Promise<{
+    session: OAuthSession;
+    state: string | null;
+  }> {
+    const { session, state } = await super.callback(params);
+    await this.didStore.set(`(sub)`, session.sub);
+    return { session, state };
+  }
+}
+
+export function toSubtleAlgorithm(
+  alg: string,
+  crv?: string,
+  options?: { modulusLength?: number },
+): SubtleAlgorithm {
+  switch (alg) {
+    case "PS256":
+    case "PS384":
+    case "PS512":
+      return {
+        name: "RSA-PSS",
+        hash: `SHA-${alg.slice(-3) as "256" | "384" | "512"}`,
+        modulusLength: options?.modulusLength ?? 2048,
+        publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
+      };
+    case "RS256":
+    case "RS384":
+    case "RS512":
+      return {
+        name: "RSASSA-PKCS1-v1_5",
+        hash: `SHA-${alg.slice(-3) as "256" | "384" | "512"}`,
+        modulusLength: options?.modulusLength ?? 2048,
+        publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
+      };
+    case "ES256":
+    case "ES384":
+      return {
+        name: "ECDSA",
+        namedCurve: `P-${alg.slice(-3) as "256" | "384"}`,
+      };
+    case "ES512":
+      return {
+        name: "ECDSA",
+        namedCurve: "P-521",
+      };
+    default:
+      // https://github.com/w3c/webcrypto/issues/82#issuecomment-849856773
+
+      throw new TypeError(`Unsupported alg "${alg}"`);
+  }
+}

package/src/oauth-client-react-native.ts

@@ -0,0 +1,4 @@
+// browser fallback
+// export * from "@atproto/oauth-client-browser";
+import { BrowserOAuthClient } from "@atproto/oauth-client-browser";
+export { BrowserOAuthClient as ReactNativeOAuthClient };

package/src/polyfills.native.ts

@@ -0,0 +1,36 @@
+import { Event, EventTarget } from "event-target-shim";
+import { install as installRNQC } from "react-native-quick-crypto";
+
+// Polyfill for the `throwIfAborted` method of the AbortController
+// used in @atproto/oauth-client
+import "abortcontroller-polyfill/dist/polyfill-patch-fetch";
+
+// Polyfill for jose. It tries to detect whether it's been passed a CryptoKey
+// instance, and isn't willing to accept RNQC's equivalent. So, this ensures that
+// `key instanceof CryptoKey` will always be true.
+// @ts-ignore
+global.CryptoKey = Object;
+
+// This is needed to populate the `crypto` global for jose's export here
+// https://github.com/panva/jose/blob/1e8b430b08a18a18883a69e7991832c9c602ca1a/src/runtime/browser/webcrypto.ts#L1
+installRNQC();
+
+// These two are needed for @atproto/oauth-client's `CustomEventTarget` to work.
+// @ts-ignore
+global.EventTarget = EventTarget;
+// @ts-ignore
+global.Event = Event;
+
+// And finally, this happens on React Native with every possible input:
+// URL.canParse("http://example.com") => false
+// I do not know why. Used in @atproto/oauth and @atproto/common-web
+if (!URL.canParse("http://example.com")) {
+  URL.canParse = (url: string | URL, base?: string) => {
+    try {
+      new URL(url, base);
+      return true;
+    } catch (e) {
+      return false;
+    }
+  };
+}

package/src/sqlite-keystore.ts

@@ -0,0 +1,69 @@
+import { SimpleStore } from "@atproto-labs/simple-store";
+import { jwkValidator, Key } from "@atproto/jwk";
+import { JoseKey } from "@atproto/jwk-jose";
+import Storage from "expo-sqlite/kv-store";
+
+interface HasDPoPKey {
+  dpopKey: Key | undefined;
+}
+
+const NAMESPACE = `@@atproto/oauth-client-react-native`;
+
+/**
+ * An expo-sqlite store that handles serializing and deserializing
+ * our Jose DPoP keys. Wraps SQLiteKVStore or whatever other SimpleStore
+ * that a user might provide.
+ */
+export class JoseKeyStore<T extends HasDPoPKey> {
+  private store: SimpleStore<string, string>;
+  constructor(store: SimpleStore<string, string>) {
+    this.store = store;
+  }
+
+  async get(key: string): Promise<T | undefined> {
+    const itemStr = await this.store.get(key);
+    if (!itemStr) return undefined;
+    const item = JSON.parse(itemStr) as T;
+    if (item.dpopKey) {
+      item.dpopKey = new JoseKey(jwkValidator.parse(item.dpopKey));
+    }
+    return item;
+  }
+
+  async set(key: string, value: T): Promise<void> {
+    if (value.dpopKey) {
+      value = {
+        ...value,
+        dpopKey: (value.dpopKey as JoseKey).privateJwk,
+      };
+    }
+    return await this.store.set(key, JSON.stringify(value));
+  }
+
+  async del(key: string): Promise<void> {
+    return await this.store.del(key);
+  }
+}
+
+/**
+ * Simple wrapper around expo-sqlite's KVStore. Default implementation
+ * unless a user brings their own KV store.
+ */
+export class SQLiteKVStore implements SimpleStore<string, string> {
+  private namespace: string;
+  constructor(namespace: string) {
+    this.namespace = `${NAMESPACE}:${namespace}`;
+  }
+
+  async get(key: string): Promise<string | undefined> {
+    return (await Storage.getItem(`${this.namespace}:${key}`)) ?? undefined;
+  }
+
+  async set(key: string, value: string): Promise<void> {
+    return await Storage.setItem(`${this.namespace}:${key}`, value);
+  }
+
+  async del(key: string): Promise<void> {
+    return await Storage.removeItem(`${this.namespace}:${key}`);
+  }
+}