Skip to main content

Mobile Common

Guidance shared across mobile platforms: webview headers, deep linking, and receipt handling.

Use secure WebView configs
Pass client_id via intent/URL parameters
Verify receipts server-side

Expo / React Native / Flutter Common Notes

Shared guidance across mobile frameworks:

Use deep links or custom URL schemes for callbacks (myapp://consent/callback?status=...).
Prefer server-side receipt verification; do not rely solely on client assertions.
When using WebView, ensure origin and postMessage are handled securely and only accept messages from the consent domain.

Expo Example (linking)

import * as Linking from 'expo-linking';
import { Button } from 'react-native';

export default function ConsentScreen() {
	return (
		<Button 
			title="Open Consent Window" 
			onPress={() => Linking.openURL('https://consent.example.com/consent?cr_id=...&mobile_app=true&app_scheme=myapp')} 
		/>
	);
}

Flutter Example (linking)

import 'package:url_launcher/url_launcher.dart';

void _openConsent() async {
	await launchUrl(Uri.parse('https://consent.example.com/consent?cr_id=...&mobile_app=true&app_scheme=myapp'));
}

Expo / React Native / Flutter Common Notes
- Expo Example (linking)
- Flutter Example (linking)