@ackee/petrus
v7.0.2
Published
A tool for handling token-based authentication in React/Redux/Redux-Saga applications
Downloads
655
Keywords
Readme
Petrus
A tool for handling token-based authentication in react
, redux
, redux-saga
applications.
It automatically refreshes an access token based on provided expiration timestamp, persists state, so the authentication session can last longer.
Table of contents
Installation
$ yarn add @ackee/petrus
Stack Dependencies
@ackee/petrus
requires a following peer dependencies:
"core-js": "3.x",
"react": "16.x | 17.x | 18.x",
"react-redux": "7.x | 8.x",
"redux": "4.x",
"redux-saga": "1.x"
Usage examples
Authentication flows
Direct authentication (with password)
- Basic config
- Obtaining tokens with
authenticate
method by sending credentials to an endpoint fromloginRequest
Redux action. - Fetching authorized user with
getAuthUser
method. - Automatically refreshing
accessToken
based on providedexpiration
prop. - Tokens and auth. user local persistence in IndexedDB.
- Using custom TS types for auth user, tokens, and credentials.
- Obtaining tokens with
- Basic config
Federated authentication (with a token)
OAuth 2.0 – Authorization Code Flow
What's an authorization code flow?
- The front channel flow is used by the client application to obtain an authorization code grant.
- The back channel is used by the client application to exchange the authorization code grant for an access token (and optionally a refresh token).
- High security flow.
OAuth 2.0 – Implicit Flow
What's an implicit flow?
- An access token is returned directly from the authorization request (front channel only). It typically does not support refresh tokens.
- This flow is also called 2 Legged OAuth.
- Low security by default, make sure to follow at least these security rules.
Of course, you can choose from any other numerous flows available. Learn more about OAuth flows in "What the heck is OAuth?" article.
Other examples
- Usage with
@ackee/antonio
API client