A small library for authenticating users in React using Auth0.
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
If the library has has helped you, please consider giving it a ⭐️
13 |
14 |
15 | ## Table of Content
16 |
17 | - [Getting Started](#getting-started)
18 | - [Usage](#usage)
19 | - [Documentation](#documentation)
20 | - [`AuthProvider`](#authprovider)
21 | - [`useAuth`](#useauth)
22 | - [`login`](#login)
23 | - [`logout`](#logout)
24 | - [`handleAuth`](#handleauth)
25 | - [`isAuthenticated`](#isauthenticated)
26 | - [`user`](#user)
27 | - [`authResult`](#authresult)
28 | - [Issues](#issues)
29 |
30 | ## Getting Started
31 |
32 | This module is distributed with [npm](https://www.npmjs.com) which is bundled with [node](https://nodejs.org) and should be installed as one of your projects `dependencies`:
33 |
34 | ```shell
35 | npm install --save react-auth-hook
36 | ```
37 |
38 | or using [yarn](https://yarnpkg.com)
39 |
40 | ```shell
41 | yarn add react-auth-hook
42 | ```
43 |
44 | This library includes `auth0-js` as a `dependency` and requires `react` as a `peerDependency`.
45 |
46 |
47 |
48 | You can find a simple example of a react application with typescript in the [examples](https://github.com/qruzz/react-auth-hook/tree/master/examples) folder in this repository.
49 |
50 | ### Configuring Auth0
51 |
52 | `react-auth-hook` is designed to be quick to setup and easy to use. All it requires is a [Auth0](https://auth0.com/) account with a application set up.
53 |
54 | There are a few required configurations to be done in your Auth0 application to make `react-auth-hook` work properly.
55 |
56 | #### Allowed Callback URLs
57 |
58 | To route back a user after she is authenticated you need to supply a list of URLs that are considered valid. This means that you should add all the URLs which you be authenticating your users from.
59 |
60 | 
61 |
62 | #### Allowed Web Origins
63 |
64 | To allow origins for use with Cross-Origin Authentication you should supply a list of URLs that the authentication request will come from.
65 |
66 | 
67 |
68 | #### Allowed Logout URLs
69 |
70 | After logging out your users will need to be redirected back from Auth0. Provide a list of valid URLs that Auth- can redirect them to with the `returnTo` query parameter.
71 |
72 | 
73 |
74 | ## Usage
75 |
76 | To use this library and the `useAuth` hook, you first need to wrap your application in an `AuthProvider` component to configure the Auth0 client and share state between components.
77 |
78 | ### 1. Configure `AuthProvider`
79 |
80 | In your application, wrap the parts you want to be "hidden" behind your authentication layer in the `AuthProvider` component. I recommend adding it around your root component in the `index.js` file (in React).
81 |
82 | ```js
83 | // src/index.tsx
84 |
85 | import React from 'react';
86 | import ReactDOM from 'react-dom';
87 | import { navigate } from '@reach/router';
88 | import { AuthProvider } from 'react-auth-hook';
89 |
90 | ReactDOM.render(
91 |
96 |
97 | ,
98 | document.getElementById('root')
99 | );
100 | ```
101 |
102 | The `AuthProvider` create the context, sets up an immutable state reducer, and instantiates the Auth0 client.
103 |
104 | ### 2. Handle the Callback
105 |
106 | Auth0 use [OAuth](https://oauth.net/2/) which required you to redirect your users to their login form. After the user has then been authenticated, the provider will redirect the user back to your application.
107 |
108 | The simplest way to handle the callback is to create a page for it:
109 |
110 | ```js
111 | // src/pages/AuthCallback
112 |
113 | import React from 'react';
114 | import { RouteComponentProps } from '@reach/router';
115 | import { useAuth } from 'react-auth-hook';
116 |
117 | export function AuthCallback(props: RouteComponentProps) {
118 | const { handleAuth } = useAuth();
119 |
120 | React.useEffect(() => {
121 | handleAuth();
122 | }, []);
123 |
124 | return (
125 | <>
126 |
You have reached the callback page
127 |
you will now be redirected
128 |
129 | );
130 | }
131 | ```
132 |
133 | The purpose of this page is to show some "loading" state and then run the `handleAuth` method from `useAuth` on page load. The function will automatically redirect the user to the root route (`/`).
134 |
135 | ### 3. Authenticating Users
136 |
137 | Now you are done with the hard part that is configuring the Auth0 and the library. Now all that is left to do, is to authenticate your users in your application:
138 |
139 | ```ts
140 | // src/pages/Home
141 |
142 | import React from 'react';
143 | import { useAuth } from 'react-auth-hook';
144 |
145 | export function Home() {
146 | const { isAuthenticated, login, logout } = useAuth();
147 | return isAuthenticated() ? (
148 |
149 | ) : (
150 |
151 | );
152 | }
153 | ```
154 |
155 | For a full example, check out the [examples](https://github.com/qruzz/react-auth-hook/tree/master/examples) folder in this repository.
156 |
157 | ## Documentation
158 |
159 | ### `AuthProvider`
160 |
161 | The `AuthProvider` component implements the `AuthProvider` interface and takes a number of props to initialise the Auth0 client and more.
162 |
163 | ```ts
164 | interface AuthProvider {
165 | auth0Domain: string;
166 | auth0ClientId: string;
167 | auth0Params?: Omit<
168 | Auth0.AuthOptions,
169 | | 'domain'
170 | | 'clientId'
171 | | 'redirectUri'
172 | | 'audience'
173 | | 'responseType'
174 | | 'scope'
175 | >;
176 | navigate: any;
177 | children: React.ReactNode;
178 | }
179 | ```
180 |
181 | As can be seen from the type interface, the `AuthProvider` API takes a couple of configuration options:
182 |
183 | - `auth0Domain` _the auth domain from your Auth0 application_
184 | - `auth0ClientId` _the client id from your Auth0 application_
185 | - `auth0Params` _additional parameters to pass to `Auth0.WebAuth`_
186 | - `navigate` _your routers navigation function used for redirects_
187 |
188 | #### Default Auth0 Configuration
189 |
190 | `react-auth-hook` infers and sets a few defaults for the configuration parameters required by `auth0-js`:
191 |
192 | ```ts
193 | // AuthProvider.tsx
194 |
195 | const callbackDomain = window
196 | ? `${window.location.protocol}//${window.location.host}`
197 | : 'http://localhost:3000';
198 |
199 | const auth0Client = new Auth0.WebAuth({
200 | domain: auth0Domain,
201 | clientID: auth0ClientId,
202 | redirectUri: `${callbackDomain}/auth_callback`,
203 | audience: `https://${auth0Domain}/api/v2/`,
204 | responseType: 'token id_token',
205 | scope: 'openid profile email',
206 | });
207 | ```
208 |
209 | The `domain` and `clientID` comes from the `AuthProvider` props.
210 |
211 | The `redirectUri` is configured to use the `/auth_callback` page on the current domain which is inferred automatically as can be seen above. Auth0 redirect your users to this page after login so you can set initialise the user session. `useAuth` handles all this for you.
212 |
213 | The `audience` is used for requesting API access and is set to `v2` of the Auth0 API by default.
214 |
215 | The `responseType` specifies which response we want back from the Auth0 API, here being the `token` and `id_token`.
216 |
217 | The `scope` is set here is the default in `auth0-js` as of version 9. It specifies what user resources you will gain access to on successful authentication.
218 |
219 | ### `useAuth`
220 |
221 | The `useAuth` hook implements the `UseAuth` interface and exposes a number of functions and data objects.
222 |
223 | ```ts
224 | interface UseAuth {
225 | login: () => void;
226 | logout: () => void;
227 | handleAuth: (returnRoute?: string) => void;
228 | isAuthenticated: () => boolean;
229 | user: Auth0.Auth0UserProfile | null;
230 | authResult: Auth0.Auth0DecodedHash | null;
231 | }
232 | ```
233 |
234 | #### `login`
235 |
236 | The `login` function calls the `authorize` function from Auth0 and redirects the user to the Auth0 hosted login page (`/authorize`) in order to initialize a new authN/authZ transaction using the [Universal Login]().
237 |
238 | #### `logout`
239 |
240 | The `logout` function calls the similarly named function from Auth0. After a successful logout, the users will be routed to the some-domain URLs that you whitelisted in the Auth0 configuration step.
241 |
242 | #### `handleAuth`
243 |
244 | The `handleAuth` function takes care of - as the name suggests - handling the authentication. The method will create a cookie in local storage with your user's information and redirect back to the homepage (`/`) by default.
245 |
246 | If your users have navigated directly to a nested route within your site, you are probably going to want to redirect them back to that route. Ro redirect to a route other than the homepage, supply the `returnRoute` argument with the associated route. For example, to dynamically redirect to a nested route after authentication, call `handleAuth` like so:
247 |
248 | ```js
249 | handleAuth(window.location.href.replace(window.location.origin, ''));
250 | ```
251 |
252 | #### `isAuthenticated`
253 |
254 | The `isAuthenticated` function returns a `boolean` depending on wether the users is authenticated or not. It utilises the expiration time for the auth token provided by `authResult` returned by a successful login. The `useAuth` reducer sets and read this token in `localStorage`.
255 |
256 | #### `user`
257 |
258 | The `user` object contains the Auth0 user profile returned when the users is successfully authenticated. It implements the `Auth0UserProfile` interface. A detailed description of the interface can be found in the [`auth0-js` types](https://github.com/DefinitelyTyped/DefinitelyTyped/blob/master/types/auth0-js/index.d.ts?ts=3#L644).
259 |
260 | #### `authResult`
261 |
262 | The `authResult` object contains the decoded Auth0 hash which is the object returned by the [`parseHash`]() function. It implements the `Auth0DecodedHash` interface which you can see here:
263 |
264 | ```ts
265 | interface Auth0DecodedHash {
266 | accessToken?: string;
267 | idToken?: string;
268 | idTokenPayload?: any;
269 | appState?: any;
270 | refreshToken?: string;
271 | state?: string;
272 | expiresIn?: number;
273 | tokenType?: string;
274 | scope?: string;
275 | }
276 | ```
277 |
278 | ## Issues
279 |
280 | If any issues occur using this library, please fill our a detailed bug report on [GitHub](https://github.com/qruzz/react-auth-hook/issues).
281 |
282 |
283 |
--------------------------------------------------------------------------------
5 |