npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

fusionauth-react-sdk

v0.22.0

Published

FusionAuth solves the problem of building essential security without adding risk or distracting from your primary application

Downloads

8

Readme

FusionAuth React SDK

An SDK for using FusionAuth in React applications.

Table of Contents

Overview

This SDK supports authentication via the Authorization Code Grant. Once authentication succeeds, the following secure, HTTP-only cookies will be set:

  • access_token - an OpenID Id Token
  • refresh_token - a Refresh Token used to obtain a new access_token. This cookie will only be set if refresh tokens are enabled on your FusionAuth instance.

Note that this setup requires you to have a server that performs the OAuth token exchange. See Server Code Requirements for more details.

Getting Started

Installation

NPM:

npm install fusionauth-react-sdk

Yarn:

yarn add fusionauth-react-sdk

Configuring Provider

To configure the SDK, wrap your app with FusionAuthProvider:

import React from 'react';
import { createRoot } from 'react-dom/client';
import { FusionAuthProvider } from 'fusionauth-react-sdk';
import App from './App';

const container = document.getElementById('root');
const root = createRoot(container!);

root.render(
    <FusionAuthProvider
        baseUrl=""      // The base URL of your FusionAuth instance
        clientID=""     // Your FusionAuth client ID
        serverUrl=""    // The base URL of your server for the token exchange
        redirectUri=""  // The URI that the user is directed to after the login/register/logout action
    >
        <App />
    </FusionAuthProvider>
);

Server Code Requirements

Authenticating with FusionAuth requires you to set up a server that will be used to perform the OAuth token exchange. This server must have the following endpoints:

POST /token-exchange

This endpoint must:

  1. Call /oauth2/token to complete the Authorization Code Grant request. The code and code_verifier parameters should come from the request body, while the rest of the parameters should be set/configured on the server side.
  2. Once the token exchange succeeds, read the access_token from the response body and set it as a secure, HTTP-only cookie with the same name.
  3. If you wish to support refresh tokens, repeat step 2 for the refresh_token cookie.
  4. Call /oauth2/userinfo to retrieve the user info object and respond back to the client with this object.

Example implementation

POST /jwt-refresh (optional)

This endpoint is necessary if you wish to use refresh tokens. This endpoint must:

  1. Call /api/jwt/refresh to get a new access_token and refresh_token.
  2. Update the access_token and refresh_token cookies from the response.

Example implementation

Usage

Pre-built buttons

There are three pre-styled buttons that are configured to perform login/logout/registration. They can be placed anywhere in your app as is.

import {
    FusionAuthLoginButton,
    FusionAuthLogoutButton,
    FusionAuthRegisterButton
} from 'fusionauth-react-sdk';

export const LoginPage = () => (
    <>
        <h1>Welcome, please log in or register</h1>

        <FusionAuthLoginButton />

        <FusionAuthRegisterButton />
    </>
);

export const AccountPage = () => (
    <>
        <h1>Hello, user!</h1>

        <FusionAuthLogoutButton />
    </>
);

Programmatic usage

Alternatively, you may interact with the SDK programmatically using the useFusionAuth hook or withFusionAuth HOC.

useFusionAuth

Use the useFusionAuth hook with your functional components to get access to the properties exposed by FusionAuthContext:

import React from 'react';
import { useFusionAuth } from 'fusionauth-react-sdk';

const App = () => {
    const { login, logout, register, isAuthenticated } = useFusionAuth();

    return isAuthenticated ? (
        <div>
          <span>Hello, user!</span>
          <button onClick={() => logout()}>Logout</button>
        </div>
    ) : (
        <div>
          <button onClick={() => login()}>Log in</button>
          <button onClick={() => register()}>Register</button>
        </div>
    );
};

See useFusionAuth for more details.

withFusionAuth

The withFusionAuth higher-order component can be used to wrap your components and give them access to a fusionAuth prop which contains all the properties exposed by the FusionAuthContext. This works with both functional and class components:

Functional Component
import React from 'react';
import { withFusionAuth, WithFusionAuthProps } from 'fusionauth-react-sdk';

const LogoutButton: React.FC<WithFusionAuthProps> = props => {
    const { logout } = props.fusionAuth;

    return <button onClick={() => logout()}>Logout</button>;
}

export default withFusionAuth(LogoutButton);
Class Component
import React, { Component } from 'react';
import { withFusionAuth, WithFusionAuthProps } from 'fusionauth-react-sdk';

class LogoutButton extends Component<WithFusionAuthProps> {
    render() {
        const { logout } = this.props.fusionAuth;
        return <button onClick={() => logout()}>Logout</button>;
    }
}

export default withFusionAuth(LogoutButton);

See withFusionAuth for more details.

State parameter

The login and register functions both accept an optional string parameter called state. The state that is passed in to the function call will be passed back to the onRedirectSuccess handler on your FusionAuthProvider. Though you may pass any value you would like for the state parameter, it is often used to indicate which page the user was on before redirecting to login or registration, so that the user can be returned to that location after a successful authentication.

Protecting Content

The RequireAuth component can be used to protect information from unauthorized users. It takes an optional prop withRole that can be used to ensure the user has a specific role.

import { RequireAuth, useFusionAuth } from 'fusionauth-react-sdk';

const UserNameDisplay = () => {
    const { user } = useFusionAuth();

    return (
        <RequireAuth>
            <p>User: {user.name}</p> // Only displays if user is authenticated
        </RequireAuth>
    );
};

const AdminPanel = () => (
    <RequireAuth withRole="admin">
        <button>Delete User</button> // Only displays if user is authenticated and has 'admin' role
    </RequireAuth>
);

Example App

See the FusionAuth React SDK Example for functional example of a React client that utilizes the SDK as well as an Express server that performs the token exchange.

Documentation

Full library documentation