Backend Setup
The boilerplate communicates with two backend services that work together:
- duo-server — the MPC cloud node. It holds the cloud-side keyshare and participates in every keygen and signing operation.
- auth-svc — the auth middleware. It handles user and device registration, and authorizes every operation duo-server performs by responding to hook calls.
Think of it this way: duo-server is the vault. auth-svc is the doorman. The vault calls the doorman before opening for any keygen or sign request.
For full auth-svc setup instructions (Docker Compose, environment variables, and hook configuration), see the auth-svc documentation.
How the services interact
The diagram below shows the full flow — from the user signing in, through device registration, to a keygen request being authorized by auth-svc.
Environment variables you need
Once your backend is running, collect these three values for the app's .env file:
| Variable | Where to find it |
|---|---|
EXPO_PUBLIC_CLOUD_NODE_URL | The URL of duo-server (e.g. https://your-node.example.com) |
EXPO_PUBLIC_CLOUD_NODE_VERIFYING_KEY | The hex verifying key printed in duo-server logs on startup |
EXPO_PUBLIC_BACKEND_BASE_URL | The HTTP base URL of auth-svc (e.g. https://your-auth-svc.example.com) |
Running locally? Use these addresses depending on your target:
| Target | Backend URL |
|---|---|
| iOS Simulator | http://localhost:9090 |
| Android Emulator | http://10.0.2.2:9090 |
| Physical device | Your machine's LAN IP (e.g. http://192.168.1.x:9090) or use ngrok |
The same rule applies to the duo-server WebSocket URL — replace localhost with 10.0.2.2 or your LAN IP accordingly.