Hey everyone, I recently open-sourced the mobile client of Toqen.app - an access-first authentication system I am building. One thing that matters to me here: the app does not collect personal or sensitive user data (no email, phone number, location, etc.). It only uses device-bound identifiers and cryptographic keys required for authorization - you can verify this directly in the code. This mobile layer is where access actually gets confirmed: - user decision - device signature - real-time verification The app itself does not grant access - everything is verified on the backend after the device signs a short-lived challenge. Repository: https://github.com/toqenapp/mobile-react-native Product access: iOS (App Store): search for “ toqen.app ” Android (closed testing): https://forms.gle/f9FcbHyHJiajmFWV7 Typical use cases include: SaaS platforms gated digital content memberships online education environments event access systems other products requiring time-bound and policy-defined authorization I would really appreciate any feedback or honest critique.
