Are there any security concerns / stuff I should be aware of when using Supabase with React Native and Async Storage, regarding for example tokens?

The token that the user uses to log in with is stored in AsyncStorage in the same way that it's stored in localstorage in the browser. As far as I can tell, any concerns that you'd have with RN would exist with using SB in any other client-facing situation.

Hmm, right. The main thing I'm wondering is React Native's documentation says that AsyncStorage shouldn't be used for token storage. Do I just need to live with it or do you know any measures that one can take to improve security?

This is an example that I've used for some projects:

jsx
export const supabaseClient = createClient(
  Constants.manifest.extra.supabaseEndpoint,
  Constants.manifest.extra.supabaseClientKey,
  {
    localStorage: AsyncStorage as any,
    autoRefreshToken: true,
    persistSession: true,
  }
);

You might be able to switch out asyncStorage for secure storage (e.g. https://docs.expo.dev/versions/latest/sdk/securestore/) instead. I can't say I've tried, so I don't know for sure if it works. I believe the refresh token and auth token are both stored as separate keys, but it's also been a few months since I dug into it so I might be wrong about that.

I'll look into secure storage, seems like a viable option if it works! Anyways, thanks a lot for the tips, have a good one 🙏