Security News
The Push to Ban Ransom Payments Is Gaining Momentum
Ransomware costs victims an estimated $30 billion per year and has gotten so out of control that global support for banning payments is gaining momentum.
@auth0/auth0-react
Advanced tools
Changelog
v1.12.1 (2023-01-12)
Security
This patch release is identical to 1.12.0
but has been released to ensure tooling no longer detects a vulnerable version of jsonwebtoken being used by @auth0/auth0-spa-js
.
Even though 1.22.5
of @auth0/auth0-spa-js
was not vulnerable for the related CVE because of the fact that jsonwebtoken
is a devDependency of @auth0/auth0-spa-js
, we are cutting a release to ensure build tools no longer report our SDK's that use @auth0/auth0-spa-js
as vulnerable to the mentioned CVE.
Readme
📚 Documentation - 🚀 Getting Started - 💻 API Reference - 💬 Feedback
Using npm
npm install @auth0/auth0-react
Using yarn
yarn add @auth0/auth0-react
Create a Single Page Application in the Auth0 Dashboard.
If you're using an existing application, verify that you have configured the following settings in your Single Page Application:
- Click on the "Settings" tab of your application's page.
- Ensure that "Token Endpoint Authentication Method" under "Application Properties" is set to "None"
- Scroll down and click on the "Show Advanced Settings" link.
- Under "Advanced Settings", click on the "OAuth" tab.
- Ensure that "JsonWebToken Signature Algorithm" is set to
RS256
and that "OIDC Conformant" is enabled.
Next, configure the following URLs for your application under the "Application URIs" section of the "Settings" page:
http://localhost:3000
http://localhost:3000
http://localhost:3000
These URLs should reflect the origins that your application is running on. Allowed Callback URLs may also include a path, depending on where you're handling the callback.
Take note of the Client ID and Domain values under the "Basic Information" section. You'll need these values in the next step.
Configure the SDK by wrapping your application in Auth0Provider
:
// src/index.js
import React from 'react';
import ReactDOM from 'react-dom';
import { Auth0Provider } from '@auth0/auth0-react';
import App from './App';
ReactDOM.render(
<Auth0Provider
domain="YOUR_AUTH0_DOMAIN"
clientId="YOUR_AUTH0_CLIENT_ID"
redirectUri={window.location.origin}
>
<App />
</Auth0Provider>,
document.getElementById('app')
);
Use the useAuth0
hook in your components to access authentication state (isLoading
, isAuthenticated
and user
) and authentication methods (loginWithRedirect
and logout
):
// src/App.js
import React from 'react';
import { useAuth0 } from '@auth0/auth0-react';
function App() {
const { isLoading, isAuthenticated, error, user, loginWithRedirect, logout } =
useAuth0();
if (isLoading) {
return <div>Loading...</div>;
}
if (error) {
return <div>Oops... {error.message}</div>;
}
if (isAuthenticated) {
return (
<div>
Hello {user.name}{' '}
<button onClick={() => logout({ returnTo: window.location.origin })}>
Log out
</button>
</div>
);
} else {
return <button onClick={loginWithRedirect}>Log in</button>;
}
}
export default App;
For more code samples on how to integrate auth0-react SDK in your React application, have a look at our examples.
Explore public API's available in auth0-react.
We appreciate feedback and contribution to this repo! Before you get started, please see the following:
To provide feedback or report a bug, please raise an issue on our issue tracker.
Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.
Auth0 is an easy to implement, adaptable authentication and authorization platform. To learn more checkout Why Auth0?
This project is licensed under the MIT license. See the LICENSE file for more info.
FAQs
Auth0 SDK for React Single Page Applications (SPA)
The npm package @auth0/auth0-react receives a total of 332,301 weekly downloads. As such, @auth0/auth0-react popularity was classified as popular.
We found that @auth0/auth0-react demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 45 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Ransomware costs victims an estimated $30 billion per year and has gotten so out of control that global support for banning payments is gaining momentum.
Application Security
New SEC disclosure rules aim to enforce timely cyber incident reporting, but fear of job loss and inadequate resources lead to significant underreporting.
Security News
The Python Software Foundation has secured a 5-year sponsorship from Fastly that supports PSF's activities and events, most notably the security and reliability of the Python Package Index (PyPI).