react-native-nitro-auth 0.3.0 → 0.4.0

package/README.md

@@ -29,19 +29,30 @@ Nitro Auth is designed to replace legacy modules like `@react-native-google-sign
 - **Auto-Refresh**: Synchronous access to tokens with automatic silent refresh.
 - **Google One-Tap / Sheet**: Modern login experience on Android (Credential Manager) and iOS (Sign-In Sheet).
 - **Error Metadata**: Detailed native error messages for easier debugging.
-- **Custom Storage**: Pluggable storage adapters for secure persistence (e.g., Keychain).
+- **Custom Storage**: Pluggable storage adapters for secure persistence (e.g. Keychain, MMKV, AsyncStorage).
 - **Refresh Interceptors**: Listen to token updates globally.
 
 ## Installation
 
 ```bash
 bun add react-native-nitro-auth react-native-nitro-modules
-bun prebuild
+# or
+npm install react-native-nitro-auth react-native-nitro-modules
+# or
+yarn add react-native-nitro-auth react-native-nitro-modules
+# or
+pnpm add react-native-nitro-auth react-native-nitro-modules
+```
+
+For Expo projects, rebuild native code after installation:
+
+```bash
+bunx expo prebuild
 ```
 
 ### Expo Setup
 
-Add the plugin to `app.json`:
+Add the plugin to `app.json` or `app.config.js`:
 
 ```json
 {
@@ -52,22 +63,70 @@ Add the plugin to `app.json`:
         {
           "ios": {
             "googleClientId": "YOUR_IOS_CLIENT_ID.apps.googleusercontent.com",
-            "googleServerClientId": "YOUR_WEB_CLIENT_ID.apps.googleusercontent.com",
             "googleUrlScheme": "com.googleusercontent.apps.YOUR_IOS_CLIENT_ID",
             "appleSignIn": true
           },
           "android": {
-            "googleClientId": "YOUR_ANDROID_CLIENT_ID.apps.googleusercontent.com"
+            "googleClientId": "YOUR_WEB_CLIENT_ID.apps.googleusercontent.com"
           }
         }
       ]
-    ]
+    ],
+    "extra": {
+      "googleWebClientId": "YOUR_WEB_CLIENT_ID.apps.googleusercontent.com"
+    }
   }
 }
 ```
 
-> [!NOTE] > `appleSignIn` on iOS is `false` by default to avoid unnecessary entitlements. Set it to `true` to enable Apple Sign-In.
-> `googleServerClientId` is only required if you need a `serverAuthCode` for backend integration.
+**Using environment variables (recommended):**
+
+Create a `.env.local` file:
+
+```bash
+# iOS Client ID
+GOOGLE_IOS_CLIENT_ID=your-ios-client-id.apps.googleusercontent.com
+GOOGLE_IOS_URL_SCHEME=com.googleusercontent.apps.your-ios-client-id
+
+# Web Client ID (used for Android OAuth flow)
+GOOGLE_WEB_CLIENT_ID=your-web-client-id.apps.googleusercontent.com
+```
+
+Then reference them in `app.config.js`:
+
+```javascript
+import "dotenv/config";
+
+export default {
+  expo: {
+    plugins: [
+      [
+        "react-native-nitro-auth",
+        {
+          ios: {
+            googleClientId: process.env.GOOGLE_IOS_CLIENT_ID,
+            googleUrlScheme: process.env.GOOGLE_IOS_URL_SCHEME,
+            appleSignIn: true,
+          },
+          android: {
+            googleClientId: process.env.GOOGLE_WEB_CLIENT_ID,
+          },
+        },
+      ],
+    ],
+    extra: {
+      googleWebClientId: process.env.GOOGLE_WEB_CLIENT_ID,
+    },
+  },
+};
+```
+
+> [!NOTE]
+>
+> - `appleSignIn` on iOS is `false` by default to avoid unnecessary entitlements. Set it to `true` to enable Apple Sign-In.
+> - For Android, use your **Web Client ID** (not Android Client ID) for proper OAuth flow.
+> - Add `googleWebClientId` to `expo.extra` for web platform support.
+> - The `serverAuthCode` is automatically included in `AuthUser` when available (requires backend integration setup in Google Cloud Console).
 
 ### Bare React Native
 
@@ -110,8 +169,96 @@ function LoginScreen() {
 }
 ```
 
+## Migration from @react-native-google-signin/google-signin
+
+If you are using `@react-native-google-signin/google-signin`, the migration to Nitro Auth is mostly a drop-in at the API level, but the setup is different because Nitro Auth uses a config plugin and JSI.
+
+### 1) Replace the dependency
+
+```bash
+bun remove @react-native-google-signin/google-signin
+bun add react-native-nitro-auth react-native-nitro-modules
+```
+
+### 2) Move configuration to the Nitro Auth plugin
+
+Nitro Auth does not use `GoogleSignin.configure(...)`. Instead, set your client IDs via the config plugin (Expo) or native config (bare).
+
+**Expo** (recommended):
+
+```json
+{
+  "expo": {
+    "plugins": [
+      [
+        "react-native-nitro-auth",
+        {
+          "ios": {
+            "googleClientId": "YOUR_IOS_CLIENT_ID.apps.googleusercontent.com",
+            "googleUrlScheme": "com.googleusercontent.apps.YOUR_IOS_CLIENT_ID"
+          },
+          "android": {
+            "googleClientId": "YOUR_WEB_CLIENT_ID.apps.googleusercontent.com"
+          }
+        }
+      ]
+    ],
+    "extra": {
+      "googleWebClientId": "YOUR_WEB_CLIENT_ID.apps.googleusercontent.com"
+    }
+  }
+}
+```
+
+**Bare React Native:**
+
+- iOS: add `GIDClientID` (and optionally `GIDServerClientID`) to `Info.plist` and set the URL scheme.
+- Android: add `nitro_auth_google_client_id` string resource in `res/values/strings.xml` (use your Web Client ID).
+
+### 3) Update API usage
+
+| @react-native-google-signin/google-signin | Nitro Auth                                                |
+| ----------------------------------------- | --------------------------------------------------------- |
+| `GoogleSignin.configure({...})`           | Configure in plugin / native config                       |
+| `GoogleSignin.signIn()`                   | `login("google")` or `<SocialButton provider="google" />` |
+| `GoogleSignin.signOut()`                  | `logout()`                                                |
+| `GoogleSignin.getTokens()`                | `getAccessToken()` or `refreshToken()`                    |
+| `GoogleSignin.hasPlayServices()`          | `hasPlayServices` from `useAuth()`                        |
+
+**Example migration:**
+
+```tsx
+// Before
+import { GoogleSignin } from "@react-native-google-signin/google-signin";
+
+await GoogleSignin.signIn();
+const tokens = await GoogleSignin.getTokens();
+
+// After
+import { useAuth } from "react-native-nitro-auth";
+
+const { login, getAccessToken } = useAuth();
+
+await login("google");
+const accessToken = await getAccessToken();
+```
+
+### 4) Remove manual init
+
+If you previously called `GoogleSignin.configure()` at app startup, remove it. Nitro Auth loads configuration from the plugin/native settings at runtime.
+
 ## Advanced Features
 
+### Silent Restore
+
+Automatically restore the user session on app startup. This is faster than a full login and works offline if the session is cached.
+
+```tsx
+useEffect(() => {
+  AuthService.silentRestore();
+}, []);
+```
+
 ### Global Auth State Listener
 
 Subscribe to authentication changes outside of React components:
@@ -131,6 +278,95 @@ const unsubscribe = AuthService.onAuthStateChanged((user) => {
 unsubscribe();
 ```
 
+### Global Token Refresh Listener
+
+Be notified whenever tokens are refreshed automatically (or manually):
+
+```ts
+import { AuthService } from "react-native-nitro-auth";
+
+const unsubscribe = AuthService.onTokensRefreshed((tokens) => {
+  console.log("New tokens:", tokens.accessToken);
+  // Update your API client / Apollo links
+});
+```
+
+### Incremental Authorization
+
+Request new scopes when you need them without logging the user out:
+
+```tsx
+const { requestScopes, revokeScopes, scopes } = useAuth();
+
+const handleCalendar = async () => {
+  try {
+    await requestScopes(["https://www.googleapis.com/auth/calendar.readonly"]);
+    console.log("Got calendar access!");
+  } catch (e) {
+    console.error("Scope request failed");
+  }
+};
+```
+
+### Pluggable Storage Adapters
+
+Nitro Auth persists the session automatically. By default, it uses simple file-based storage on native and `localStorage` on web.
+
+#### 1) JS Storage (AsyncStorage, MMKV, etc.)
+
+Easily swap the default storage with your preferred library from the JS layer:
+
+```ts
+import { AuthService, type JSStorageAdapter } from "react-native-nitro-auth";
+import { MMKV } from "react-native-mmkv";
+
+const storage = new MMKV();
+
+const mmkvAdapter: JSStorageAdapter = {
+  save: (key, value) => storage.set(key, value),
+  load: (key) => storage.getString(key),
+  remove: (key) => storage.delete(key),
+};
+
+// Set it once at app startup
+AuthService.setJSStorageAdapter(mmkvAdapter);
+```
+
+#### 2) Native Storage (Keychain, etc.)
+
+For maximum security, you can implement a native HybridObject (C++, Swift, or Kotlin) and pass it to Nitro. This runs directly in memory at the C++ layer.
+
+```ts
+import { AuthService } from "react-native-nitro-auth";
+// Import your native Nitro module
+import { KeychainStorage } from "./native/KeychainStorage";
+
+AuthService.setStorageAdapter(KeychainStorage);
+```
+
+### Logging & Debugging
+
+Enable verbose logging to see detailed OAuth flow information in the console:
+
+```ts
+import { AuthService } from "react-native-nitro-auth";
+
+AuthService.setLoggingEnabled(true);
+```
+
+### Sync Access to Tokens
+
+Nitro Auth provides synchronous access to the current state, while still supporting silent refresh:
+
+```ts
+// Quick access to what we have in memory
+const user = AuthService.currentUser;
+const scopes = AuthService.grantedScopes;
+
+// Async access ensures fresh tokens (will refresh if expired)
+const freshToken = await AuthService.getAccessToken();
+```
+
 ### Standardized Error Codes
 
 Handle failures reliably with predictable error strings:
@@ -139,29 +375,40 @@ Handle failures reliably with predictable error strings:
 try {
   await login("google");
 } catch (e) {
-  if (e.message === "cancelled") {
+  const error = e as Error;
+  if (error.message === "cancelled") {
     // User closed the popup/picker
-  } else if (e.message === "network_error") {
+  } else if (error.message === "network_error") {
     // Connection issues
   }
 }
 ```
 
-| `cancelled` | The user cancelled the sign-in flow |
-| `network_error` | A network error occurred |
-| `configuration_error` | Missing client IDs or invalid setup |
+| Error Code             | Description                                    |
+| ---------------------- | ---------------------------------------------- |
+| `cancelled`            | The user cancelled the sign-in flow            |
+| `network_error`        | A network error occurred                       |
+| `configuration_error`  | Missing client IDs or invalid setup            |
 | `unsupported_provider` | The provider is not supported on this platform |
+| `unknown`              | An unknown error occurred                      |
 
 ### Native Error Metadata
 
-For more detailed debugging, Nitro Auth captures the raw native error message in the `underlyingError` property of the `AuthUser` (on success) or surfaces it in the caught `Error` object:
+For more detailed debugging, Nitro Auth captures the raw native error message. You can access it from the authenticated user or cast the error:
 
 ```ts
+// From authenticated user (on success)
+const { user } = useAuth();
+if (user?.underlyingError) {
+  console.warn("Auth warning:", user.underlyingError);
+}
+
+// From error (on failure)
 try {
   await login("google");
 } catch (e) {
-  // Access raw native error message
-  console.log(e.underlyingError);
+  const error = e as Error & { underlyingError?: string };
+  console.log("Native error:", error.underlyingError);
 }
 ```
 
@@ -188,6 +435,9 @@ await requestScopes(["https://www.googleapis.com/auth/calendar.readonly"]);
 
 // Check granted scopes
 console.log("Granted:", scopes);
+
+// Revoke specific scopes
+await revokeScopes(["https://www.googleapis.com/auth/calendar.readonly"]);
 ```
 
 ### Offline Access (Server Auth Code)
@@ -205,24 +455,38 @@ if (user?.serverAuthCode) {
 
 ### Custom Storage Adapter
 
-By default, Nitro Auth uses standard local storage. You can provide a custom adapter for better security (e.g., using `react-native-keychain`):
+By default, Nitro Auth uses standard local storage. You can provide a custom adapter for better security.
+
+> [!IMPORTANT]
+> `AuthStorageAdapter` must be implemented as a **native Nitro HybridObject** in C++, Swift, or Kotlin. Plain JavaScript objects are not supported due to Nitro's type system. See [Nitro Hybrid Objects documentation](https://nitro.margelo.com/docs/hybrid-objects) for implementation details.
+
+**Example (Swift):**
+
+```swift
+class HybridKeychainStorage: HybridAuthStorageAdapterSpec {
+  func save(key: String, value: String) {
+    // Save to Keychain
+  }
+
+  func load(key: String) -> String? {
+    // Load from Keychain
+  }
+
+  func remove(key: String) {
+    // Remove from Keychain
+  }
+}
+```
+
+**Usage (TypeScript):**
 
 ```ts
+import { NitroModules } from "react-native-nitro-modules";
 import { AuthService, AuthStorageAdapter } from "react-native-nitro-auth";
 
-const myStorage: AuthStorageAdapter = {
-  save: (key, value) => {
-    /* Save to Keychain */
-  },
-  load: (key) => {
-    /* Load from Keychain */
-  },
-  remove: (key) => {
-    /* Clear from Keychain */
-  },
-};
-
-AuthService.setStorageAdapter(myStorage);
+const keychainStorage =
+  NitroModules.createHybridObject<AuthStorageAdapter>("KeychainStorage");
+AuthService.setStorageAdapter(keychainStorage);
 ```
 
 ### Token Refresh Listeners
@@ -232,9 +496,8 @@ Perfect for updating your API client (e.g., Axios/Fetch) whenever tokens are ref
 ```ts
 AuthService.onTokensRefreshed((tokens) => {
   console.log("Tokens were updated!", tokens.accessToken);
-  apiClient.defaults.headers.common[
-    "Authorization"
-  ] = `Bearer ${tokens.accessToken}`;
+  apiClient.defaults.headers.common["Authorization"] =
+    `Bearer ${tokens.accessToken}`;
 });
 ```
 
@@ -249,6 +512,23 @@ await login("google", {
 });
 ```
 
+### Force Account Picker
+
+When connecting additional services (like Google Calendar), you may want to let users pick a different account than the one they signed in with. Use `forceAccountPicker` to clear any cached session and show the account picker:
+
+```ts
+await login("google", {
+  scopes: ["https://www.googleapis.com/auth/calendar.readonly"],
+  forceAccountPicker: true, // Always show account picker
+});
+```
+
+This is useful for scenarios where:
+
+- Users want to connect a different Google account for calendar integration
+- You need to ensure the user can select any account they've added to their device
+- The cached session is interfering with the expected account selection UX
+
 ## API Reference
 
 ### useAuth Hook
@@ -262,18 +542,36 @@ await login("google", {
 | `hasPlayServices` | `boolean`                         | (Android) True if Play Services available              |
 | `login`           | `(provider, options?) => Promise` | Start login flow                                       |
 | `logout`          | `() => void`                      | Clear session (synchronous)                            |
+| `silentRestore`   | `() => Promise<void>`             | Restore session automatically on startup               |
 | `requestScopes`   | `(scopes) => Promise`             | Request additional OAuth scopes                        |
+| `revokeScopes`    | `(scopes) => Promise`             | Revoke previously granted scopes                       |
 | `getAccessToken`  | `() => Promise<string?>`          | Get current access token (auto-refreshes)              |
 | `refreshToken`    | `() => Promise<AuthTokens>`       | Explicitly refresh and return new tokens               |
 
+### LoginOptions
+
+| Option               | Type       | Platform | Description                                     |
+| -------------------- | ---------- | -------- | ----------------------------------------------- |
+| `scopes`             | `string[]` | All      | Required OAuth scopes (default: email, profile) |
+| `loginHint`          | `string`   | All      | Pre-fill email address in the login picker      |
+| `useOneTap`          | `boolean`  | Android  | Enable Google One-Tap (Credential Manager)      |
+| `useSheet`           | `boolean`  | iOS      | Enable iOS Google Sign-In Sheet                 |
+| `forceAccountPicker` | `boolean`  | All      | Always show the account selection screen        |
+| `webClientId`        | `string`   | Web      | Override the default Google Web Client ID       |
+
 ### SocialButton Props
 
-| Prop        | Type                                           | Default     | Description                      |
-| ----------- | ---------------------------------------------- | ----------- | -------------------------------- |
-| `provider`  | `"google" \| "apple"`                          | required    | Authentication provider          |
-| `variant`   | `"primary" \| "outline" \| "white" \| "black"` | `"primary"` | Button style variant             |
-| `onSuccess` | `(user: AuthUser) => void`                     | —           | Called with user data on success |
-| `onError`   | `(error: Error) => void`                       | —           | Called on failure                |
+| Prop           | Type                                           | Default     | Description                                   |
+| -------------- | ---------------------------------------------- | ----------- | --------------------------------------------- |
+| `provider`     | `"google" \| "apple"`                          | required    | Authentication provider                       |
+| `variant`      | `"primary" \| "outline" \| "white" \| "black"` | `"primary"` | Button style variant                          |
+| `onPress`      | `() => void`                                   | —           | Custom handler (disables default login)       |
+| `onSuccess`    | `(user: AuthUser) => void`                     | —           | Called with user data on success (auto-login) |
+| `onError`      | `(error: unknown) => void`                     | —           | Called on failure (auto-login)                |
+| `disabled`     | `boolean`                                      | `false`     | Disable button interaction                    |
+| `style`        | `ViewStyle`                                    | —           | Custom container styles                       |
+| `textStyle`    | `TextStyle`                                    | —           | Custom text styles                            |
+| `borderRadius` | `number`                                       | `8`         | Button border radius                          |
 
 ## Platform Support
 

package/android/src/main/cpp/PlatformAuth+Android.cpp

@@ -41,11 +41,13 @@ std::shared_ptr<Promise<AuthUser>> PlatformAuth::login(AuthProvider provider, co
     std::vector<std::string> scopes = {"email", "profile"};
     std::optional<std::string> loginHint;
     bool useOneTap = false;
+    bool forceAccountPicker = false;
 
     if (options) {
         if (options->scopes) scopes = *options->scopes;
         loginHint = options->loginHint;
         useOneTap = options->useOneTap.value_or(false);
+        forceAccountPicker = options->forceAccountPicker.value_or(false);
     }
 
     JNIEnv* env = Environment::current();
@@ -58,14 +60,15 @@ std::shared_ptr<Promise<AuthUser>> PlatformAuth::login(AuthProvider provider, co
     jstring jLoginHint = loginHint.has_value() ? make_jstring(loginHint.value()).get() : nullptr;
     jclass adapterClass = env->FindClass("com/auth/AuthAdapter");
     jmethodID loginMethod = env->GetStaticMethodID(adapterClass, "loginSync", 
-        "(Landroid/content/Context;Ljava/lang/String;Ljava/lang/String;[Ljava/lang/String;Ljava/lang/String;Z)V");
+        "(Landroid/content/Context;Ljava/lang/String;Ljava/lang/String;[Ljava/lang/String;Ljava/lang/String;ZZ)V");
     env->CallStaticVoidMethod(adapterClass, loginMethod, 
         contextPtr, 
         make_jstring(providerStr).get(),
         nullptr,
         jScopes,
         jLoginHint,
-        (jboolean)useOneTap);
+        (jboolean)useOneTap,
+        (jboolean)forceAccountPicker);
     
     return promise;
 }

package/android/src/main/java/com/auth/AuthAdapter.kt

@@ -96,7 +96,7 @@ object AuthAdapter {
     }
 
     @JvmStatic
-    fun loginSync(context: Context, provider: String, googleClientId: String?, scopes: Array<String>?, loginHint: String?, useOneTap: Boolean) {
+    fun loginSync(context: Context, provider: String, googleClientId: String?, scopes: Array<String>?, loginHint: String?, useOneTap: Boolean, forceAccountPicker: Boolean = false) {
         if (provider == "apple") {
             nativeOnLoginError("unsupported_provider", "Apple Sign-In is not supported on Android.")
             return
@@ -117,10 +117,10 @@ object AuthAdapter {
         val requestedScopes = scopes?.toList() ?: listOf("email", "profile")
         pendingScopes = requestedScopes
 
-        if (useOneTap) {
+        if (useOneTap && !forceAccountPicker) {
             loginOneTap(context, clientId, requestedScopes)
         } else {
-            val intent = GoogleSignInActivity.createIntent(ctx, clientId, requestedScopes.toTypedArray(), loginHint)
+            val intent = GoogleSignInActivity.createIntent(ctx, clientId, requestedScopes.toTypedArray(), loginHint, forceAccountPicker)
             intent.addFlags(android.content.Intent.FLAG_ACTIVITY_NEW_TASK)
             ctx.startActivity(intent)
         }

package/android/src/main/java/com/auth/GoogleSignInActivity.kt

@@ -18,12 +18,14 @@ class GoogleSignInActivity : ComponentActivity() {
         private const val EXTRA_CLIENT_ID = "client_id"
         private const val EXTRA_SCOPES = "scopes"
         private const val EXTRA_LOGIN_HINT = "login_hint"
+        private const val EXTRA_FORCE_PICKER = "force_picker"
         
-        fun createIntent(context: Context, clientId: String, scopes: Array<String>, loginHint: String?): Intent {
+        fun createIntent(context: Context, clientId: String, scopes: Array<String>, loginHint: String?, forcePicker: Boolean = false): Intent {
             return Intent(context, GoogleSignInActivity::class.java).apply {
                 putExtra(EXTRA_CLIENT_ID, clientId)
                 putExtra(EXTRA_SCOPES, scopes)
                 putExtra(EXTRA_LOGIN_HINT, loginHint)
+                putExtra(EXTRA_FORCE_PICKER, forcePicker)
                 addFlags(Intent.FLAG_ACTIVITY_NEW_TASK)
             }
         }
@@ -48,6 +50,7 @@ class GoogleSignInActivity : ComponentActivity() {
         val clientId = intent.getStringExtra(EXTRA_CLIENT_ID)
         val scopes = intent.getStringArrayExtra(EXTRA_SCOPES) ?: arrayOf("email", "profile")
         val loginHint = intent.getStringExtra(EXTRA_LOGIN_HINT)
+        val forcePicker = intent.getBooleanExtra(EXTRA_FORCE_PICKER, false)
         
         if (clientId == null) {
             AuthAdapter.onSignInError(8, "Missing client ID")
@@ -66,9 +69,21 @@ class GoogleSignInActivity : ComponentActivity() {
             }
         }
         
-        if (loginHint != null) gsoBuilder.setAccountName(loginHint)
+        // Only set account name if not forcing picker
+        if (!forcePicker && loginHint != null) {
+            gsoBuilder.setAccountName(loginHint)
+        }
         
         val client = GoogleSignIn.getClient(this, gsoBuilder.build())
-        signInLauncher.launch(client.signInIntent)
+        
+        if (forcePicker) {
+            // Sign out first to ensure account picker shows all accounts
+            client.signOut().addOnCompleteListener {
+                signInLauncher.launch(client.signInIntent)
+            }
+        } else {
+            signInLauncher.launch(client.signInIntent)
+        }
     }
 }
+

package/app.plugin.js

@@ -21,7 +21,7 @@ const withNitroAuth = (config, props = {}) => {
       const existingSchemes = config.modResults.CFBundleURLTypes || [];
       if (
         !existingSchemes.some((scheme) =>
-          scheme.CFBundleURLSchemes.includes(ios.googleUrlScheme)
+          scheme.CFBundleURLSchemes.includes(ios.googleUrlScheme),
         )
       ) {
         config.modResults.CFBundleURLTypes = [
@@ -53,7 +53,7 @@ const withNitroAuth = (config, props = {}) => {
             _: android.googleClientId,
           },
         ],
-        config.modResults
+        config.modResults,
       );
     }
     return config;
@@ -65,5 +65,5 @@ const withNitroAuth = (config, props = {}) => {
 module.exports = createRunOncePlugin(
   withNitroAuth,
   "react-native-nitro-auth",
-  "0.1.6"
+  "0.4.0",
 );

package/cpp/HybridAuth.cpp

@@ -110,6 +110,26 @@ void HybridAuth::logout() {
   notifyAuthStateChanged();
 }
 
+std::shared_ptr<Promise<void>> HybridAuth::silentRestore() {
+  auto promise = Promise<void>::create();
+  auto silentPromise = PlatformAuth::silentRestore();
+  silentPromise->addOnResolvedListener([this, promise](const std::optional<AuthUser>& user) {
+    if (user) {
+      std::lock_guard<std::mutex> lock(_mutex);
+      _currentUser = user;
+      if (user->scopes) _grantedScopes = *user->scopes;
+      saveToCache(_currentUser);
+    }
+    notifyAuthStateChanged();
+    promise->resolve();
+  });
+  
+  silentPromise->addOnRejectedListener([promise](const std::exception_ptr& error) {
+    promise->reject(error);
+  });
+  return promise;
+}
+
 std::shared_ptr<Promise<void>> HybridAuth::login(AuthProvider provider, const std::optional<LoginOptions>& options) {
   auto promise = Promise<void>::create();
   

package/cpp/HybridAuth.hpp

@@ -27,6 +27,7 @@ public:
   std::shared_ptr<Promise<AuthTokens>> refreshToken() override;
 
   void logout() override;
+  std::shared_ptr<Promise<void>> silentRestore() override;
   std::function<void()> onAuthStateChanged(const std::function<void(const std::optional<AuthUser>&)>& callback) override;
   std::function<void()> onTokensRefreshed(const std::function<void(const AuthTokens&)>& callback) override;
   void setLoggingEnabled(bool enabled) override;