react-native-keychain VS react-native-stripe-payments

Storing the secret key: Since our db requires a key, it is important to store that key somewhere secure, so we will use react-native-keychain which will store our key securely.

If you're saving simple, KV-like data, have a look at react-native-keychain. On the other side, if you want to save complex "relational" data, have a look at Realm.

by the way, if you want to access the native device keychain, react-native-keychain is the right tool.

What you’re looking for is something like Keychain on iOS: similar to what AsyncStorage is, but secure. Maybe https://github.com/oblador/react-native-keychain could be it for you?

If our application utilizes refresh tokens, we can smartly combine the two previous options together. Upon signup or login, we can store a new refresh token securely on the device using the react-native-keychain library mentioned in the mobile app implementation. Once our session expires, we prompt the user to retrieve the refresh token stored behind biometrics authentication. If the user passes the challenge, we use the refresh token to call the backend and refresh the session/get a new access token.

In the app I'm building, we use react-native-keychain. At its core it's meant to use with authentication, which we DO to store oauth tokens, but I also use it as a "re-entry" into the app after it's been put in background or inactive mode. It's the easiest implementation of biometric auth I've found for RN, and it has the ability to fallback to passcode should they fail biometric. Let me know if you have any questions, happy to help!

I would suggest using: react-native-keychain

So the only place your Peloton Credentials are handled is within the app itself. The app itself is built on React Native, and makes use of React Native Keychain which uses the underlying iOS Keychain/Android Secure Preferences (https://github.com/oblador/react-native-keychain#usage & https://blog.bitsrc.io/using-keychain-in-react-native-and-keeping-the-app-session-alive-ff8f8850119c if you're interested). The initial auth and all further requests are directly to the Peloton API from your device.

AsyncStorage is just an unencrypted text file. Rooted android devices can access and change it easily. For storing sensitive data, you should use react native keychain or expo secure store

Did someone already tried to use Mollie as payment gateway instead of Stripe ? They don't provide a library for React Native and I couldn't find any opensource like react-native-stripe-payments or tipsi-stripe does thus my question. Thank you.

Next thing, as we described in the "How it works" section, we'll send a request to your backend on route to create payment intent. In the request, you can pass the cart_id, or array of cart items that are being bought, as long as you can calculate the total price, you are good. If the request was successful, the backend should return you the client_secret, and you can prompt the user to enter his credit card details. You can create your own design of the credit card input, or you can use react-native-credit-card-input or some other credit card input package. You can check if the credit card is valid using the stripes isCardValid method. For testing you can find the test credit cards here.