npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@pga/auth-provider

v0.0.35

Published

PGA React Auth Provider Package for OneLogin

Downloads

74

Readme

PGA React AuthProvider for OneLogin

This package provides React functionality for handling OneLogin authentication via our backend.

Important

We will be using the new unified OneLogin app for our apps with this new auth. Since the auth is handled on the backend, we don't need all the REACT_APP_ONELOGIN_* env variables on the frontend anymore. However, we'll need to add REACT_APP_AUTH_BASE_URI=https://auth.sandboxpga.org to our .env files which is the unified auth base URI handling all auth-related callbacks and redirects (/login.html, /callback.html, /silent.html etc.) ~~Once we get the auth on the sandbox we should be able to use https://auth.sandboxpga.org for local development, just like we've been using https://developers.sanboxpga.org/graphql for the /graphql endpoint while developing locally.~~

It also may be a good time to switch and sync all our React apps to using *.pga.local:DIFFERENT_PORTS_FOR_DIFFERENT_REACT_APPS for local development so we can avoid the issues we've been having with using *.sandboxpga.org:SAME_PORT_FOR_DIFF_APPS.

<AuthProvider />

The <AuthProvider /> component is intended to be used once per app. It's basically a React Context Provider (similar to <ApolloProvider />, or React Router's <BrowserRouter />, which wraps the authentication state and passes it to its consuming children. It makes sense to have it once at the top level React Component tree, within the ./src/index.js (or ./src/App.js) for example:

ReactDOM.render(
  <ApolloProvider client={apolloClient}>
    <BrowserRouter>
      <AuthProvider apolloClient={apolloClient}>
        <App />
      </AuthProvider>
    </BrowserRouter>
  </ApolloProvider>,
  document.getElementById('root')
)

We need to pass our apolloClient as a prop because we use me to query for users data and log in status.

Logged in users have the JWT token stored in auth.pga.org's localStorage (for .pga.org). So what happens in the background, on AuthProvider's componentDidMount() method we start listening for messages from the auth relay iframe and query /graphql endpoint for me to get user data, along with user's data if logged in:

componentDidMount () {
  window.addEventListener('message', this.receiveAuthMessage)
}

async receiveAuthMessage (event) {
  const { data, origin } = event
  const { user, type } = data
  const isValidType = origin === process.env.REACT_APP_AUTH_BASE_URI && type === 'pgaAuth'

  if (isValidType) {
    const { apolloClient } = this.props
    const isLoggedIn = !!(user && user.id_token)
    const authReady = true

    if (!isLoggedIn) {
      this.setState({ authReady, isLoggedIn, user })
      clearToken()
    } else {
      setToken(user.id_token)

      try {
        const { data: { me }, errors } = await apolloClient.query({ query: GET_USER_DATA })

        if (errors || !me) throw new Error(`User not logged in`)

        this.setState({ authReady, isLoggedIn, user, me })
      } catch (err) {
        this.setState({ authReady, isLoggedIn: false, user: null, me: null })
        clearToken()
      }
    }
  }
}

Important to note that we do not wait for the query to resolve and then render the children (as we did with our previous frontend-based auth), but we render them instantly:

render () {
  const authRelayUrl = `${process.env.REACT_APP_AUTH_BASE_URI}/relay.html?parent=${window.location.origin}`

  return (
    <Provider value={this.state}>
      {this.props.children}
      <AuthRelayFrame src={authRelayUrl} />
    </Provider>
  )
}

However, we pass on the authReady property along with the provided auth state to be consumed by the children. This way we render the public routes asap regardless of the login status (as we should), and make it <PrivateRoute />'s responsibility to restrict the access to authenticated users only, and wait for authReady if needed.

withAuthProvider

A HOC wrapper around our AuthConsumer (a React Context Consumer) which passes the auth provider state to the wrapped component. This is helpful when we need to pass the auth state to our components. For example in our <AuthHeader />, where we need to know whether the user is logged in and access user's data (avatar, email, name etc.) we may use withAuthProvider(AuthHeader). Right now the data we are passing to the wrapped components looks like this:

{
  authReady: true,    // (true | false)   — whether we've loaded the initial session from the server
  isLoggedIn: false,  // (true | false)   — user's login status
  user: {/* ... */}   // (Object | null)  - OneLogin's token data (id_token, profile, custom_fields ...)
  me: {               // (Object | null)  — user's data
    class: 'B6',
    firstName: 'John',
    id: '12345678',
    lastName: 'Doe',
    phoneNumber: '5555555555',
    photo: null,
    primaryEmail: '[email protected]',
    type: 'MB',
    __typename: 'Member'
  }
}

<PrivateRoute />

<PrivateRoute /> requires authentication, or it redirects the user for login. It's basically a Route Component wrapped in a React Context Consumer (our AuthConsumer) with AuthProvider's withAuthProvider(). It gets AuthProvider's state ({ isLoggedIn, authReady, user, me }), and additionally we can pass in returnTo prop (if accessing the route without being authenticated) — the URL to return the users to once they log in at OneLogin — defaults to the route trying to access.