Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@affinidi/affinidi-react-auth

Package Overview
Dependencies
Maintainers
3
Versions
13
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@affinidi/affinidi-react-auth

Affinidi react auth library for creating Affinidi Login Button

  • 1.0.12
  • latest
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
41
decreased by-16.33%
Maintainers
3
Weekly downloads
 
Created
Source

Overview

AUGMENT EXPERIENCES WITH A SAFER, SIMPLER AND MORE PRIVATE WAY TO LOGIN

A paradigm shift in the registration and sign-in process, Affinidi Login is a game-changing solution for developers. With our revolutionary passwordless authentication solution your user's first sign-in doubles as their registration, and all the necessary data for onboarding can be requested during this streamlined sign-in/signup process. End users are in full control, ensuring that they consent to the information shared in a transparent and user-friendly manner. This streamlined approach empowers developers to create efficient user experiences with data integrity, enhanced security and privacy, and ensures compatibility with industry standards.

Passwordless AuthenticationDecentralised Identity ManagementUses Latest Standards
Offers a secure and user-friendly alternative to traditional password-based authentication by eliminating passwords and thus removing the vulnerability to password-related attacks such as phishing and credential stuffing.Leverages OID4VP to enable users to control their data and digital identity, selectively share their credentials and authenticate themselves across multiple platforms and devices without relying on a centralised identity provider.Utilises OID4VP to enhance security of the authentication process by verifying user authenticity without the need for direct communication with the provider, reducing risk of tampering and ensuring data integrity.

Affinidi React Auth Plugin

Simplify the integration of Affinidi Login into your React Application with this plugin.

Prerequisites

Before getting started, make sure you have the following prerequisites:

  1. Install Affinidi Vault to discover, collect, store, share, and monetise your data with consent.

  2. Install the Affinidi CLI tool to interact with Affinidi services for managing projects, login configurations, user groups etc...

Application Folder Structure

Let's start by creating a folder structure for your project. Here's an example of the directory structure:

- affinidi-apps
    - client-app
    - server-app
  • affinidi-apps: The root folder for your project.
  • client-app: A frontend React application.
  • server-app: The backend API for your application.

Create a React Application

  1. Create a new React app named client-app using the following command:
npx create-react-app client-app
  1. Change to the client-app directory and open the project in your preferred code editor:
cd client-app
  1. Start the application to ensure it's working correctly:
npm start

Note: Your application will be available at http://localhost:3000/.

Integrate Affinidi Login

Now, let's integrate Affinidi Login into your React application using the following steps:

  1. Install the @affinidi/affinidi-react-auth npm package:
npm install @affinidi/affinidi-react-auth
  1. To proxy unknown requests to your API server during development, add a proxy field to your package.json like this:
 "proxy": "http://localhost:3001",

You can find a sample package.json here.

  1. In your src/App.js file, import the necessary components and hooks:
import React from "react";
import { AffinidiLoginButton, useAffinidiProfile } from '@affinidi/affinidi-react-auth'
  1. Use the useAffinidiProfile hook to retrieve profile information once the login flow is completed:
const { isLoading, error, profile, handleLogout } = useAffinidiProfile()

async function logout() {
    //clear session cookie
    handleLogout();
    window.location.href = "/";
}
  1. Add the following JSX code to display the Affinidi Login button, loading indicator, user profile, and error messages:
{!profile && <>
    <AffinidiLoginButton />
</>}

{isLoading && <p>Loading...</p>}

{profile && <>
    <button style={{ marginRight: 10 }} onClick={logout}>
    Logout
    </button>

    <h3>User Profile</h3>
    <pre style={{ textAlign: "left" }}>{JSON.stringify(profile, null, 4)}</pre>
</>}

{error && <><h2>error</h2>{error}</>}

You can find a sample App.js here.

  1. Restart your application using npm start. This time, you should see the Affinidi Login button.

Create an Express Server

Now, let's create a basic Express server for your backend API:

  1. Create a folder named server-app and navigate to it:
mkdir server-app
cd server-app
  1. Initialize the project by creating a package.json file:
npm init -y

You can find a sample package.json here.

  1. Install the required packages: express for creating the server, dotenv for managing environment variables, and nodemon for automatic reloading:
npm install express dotenv nodemon
  1. Create an index.js file and set up a basic Express server:
var express = require('express');
require('dotenv').config()

var app = express();
app.use(express.json());
app.use(express.urlencoded({ extended: false }));

const PORT = process.env.PORT || 3001;

const initializeServer = async () => {

    app.get('/', function (req, res, next) {
        res.json({ success: 'Express' });
    });

    app.listen(PORT, () => {
        console.log(`Server listening on ${PORT}`);
    });

}

initializeServer();

  1. Add the following script to your package.json to start the server with nodemon:
"start": "nodemon index.js"
  1. Start the server using the following command:
npm start

Your backend server will run on http://localhost:3001/.

Add Affinidi Provider to the Express Server

To complete the OAuth 2.0 Code Grant flow with Affinidi, follow these steps:

  1. Install the @affinidi/passport-affinidi package:
npm install @affinidi/passport-affinidi
  1. In your index.js file (inside the server-app folder), import the @affinidi/passport-affinidi package:
const { affinidiProvider } = require('@affinidi/passport-affinidi')
  1. Initialize the Affinidi provider with your configuration settings
await affinidiProvider(app, {
    id: "affinidi",
    issuer: process.env.PROVIDER_ISSUER,
    client_id: process.env.PROVIDER_CLIENT_ID,
    client_secret: process.env.PROVIDER_CLIENT_SECRET,
    redirect_uris: ['http://localhost:3000/auth/callback']
});

You can find a sample index.js file here.

  1. Create Login configuration using the link here by giving name as Affinidi Login App and redirect-uri as http://localhost:3000/auth/callback

    Sample CLI Command

    affinidi login create-config --name='Affinidi Login App' --redirect-uris='http://localhost:3000/auth/callback'
    

    Sample response

    {
        "ari:identity:ap-southeast-1:d085c5a5-5765-4d8f-b00e-398f0916a161:login_configuration/0143bf454065664893b030289ae17903",
        "projectId": "d085c5a5-5765-4d8f-b00e-398f0916a161",
        "id": "<LOGIN_CONFIG_ID>",
        "name": "Affinidi Login App",
        "auth": {
            "clientId": "<CLIENT_ID>",
            "clientSecret": "<CLIENT_SECRET>",
            "issuer": "<ISSUER>",
            "tokenEndpointAuthMethod": "client_secret_post"
        },
        "redirectUris": [
            "http://localhost:3000/auth/callback"
        ],
        "clientMetadata": {
            "name": "",
            "origin": "",
            "logo": ""
        },
        "creationDate": "2023-09-19T05:10:19Z"
    }
    
    

    Important: Keep the CLIENT_ID and CLIENT_SECRET safe that will be used later next step. Client Secret will only be displayed once.

  2. Create a .env file in the server-app folder and add your Affinidi configuration obtained from previous step:

PROVIDER_CLIENT_ID="<CLIENT_ID>"
PROVIDER_CLIENT_SECRET="<CLIENT_SECRET>"
PROVIDER_ISSUER="<ISSUER>"

Sample .env file displayed below after respective values of the CLIENT_ID, CLIENT_SECRET and ISSUER

PROVIDER_CLIENT_ID="13456678c-67ac-429a-b0d3-5c64ec4c0577"
PROVIDER_CLIENT_SECRET="AbcdeF-odZtJ9tc3oLuWVW.ECE_"
PROVIDER_ISSUER="https://apse1.api.affinidi.io/vpa/v1/login/project/d085c5a5-5765-4d8f-b00e-398f0916a161"
  1. Restart your server using npm start.

Testing the Application

  1. Open http://localhost:3000/ in your browser to check if the frontend application is running. If it's not running, go to the client-app folder in your terminal and run npm start.
  2. Open http://localhost:3001/ in your browser to check if the backend server is running. If it's not running, go to the server-app folder in your terminal and run npm start.
  3. Click the Affinidi Login button in the frontend app to start the login flow.

Update Login Configuration to Retrieve Profile Information

By default, the login configuration requests only Email data. To also retrieve the User Profile data, follow these steps:

  1. Create a file named profile-pex.json under server-app folder with the contents from this file and open terminal
  2. Execute the following command to update the login configuration, replacing LOGIN_CONFIG_ID with the value obtained in a previous step:
affinidi login update-config --id=LOGIN_CONFIG_ID --file=./profile-pex.json

Sample Command

affinidi login update-config --id=384192b3b3ea3df8cece307fda64cf98 --file=./profile-pex.json

Ensure that you have replaced LOGIN_CONFIG_ID with the actual ID from your configuration.

Testing the Application with User Profile

Now that your login configuration is set up to request both Email and User Profile data, you can test the login flow to obtain profile information. Here are the steps:

  1. Update your profile information in your Affinidi Vault.
  2. Open the frontend application by navigating to http://localhost:3000/ in your web browser.
  3. If you are already logged in, click on the Logout button to log out from the application.
  4. Now, click the Affinidi Login button again to initiate the login flow.
  5. This time, you will receive user profile information as part of the login response.

Keywords

FAQs

Package last updated on 06 Feb 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc