New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

@osuresearch/auth

Package Overview
Dependencies
Maintainers
1
Versions
3
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@osuresearch/auth

React components for authentication and authorization

latest
Source
npmnpm
Version
3.2.2
Version published
Maintainers
1
Created
Source

🛡 OSU Research Auth

npm@latest

React components for authentication and authorization

Requirements

A backend API is required for user session handling.

For internal developers, these APIs are already provided with our GraphQL and REST application templates.

GitHub documentation is a work in progress.

Installation

npm install @osuresearch/auth

Usage

Wrap your main app with an AuthProvider to automatically handle session expirations:

import {
    AuthProvider,
    GraphQL,
    Profile
} from '@osuresearch/auth';

function App() {
    return (
        <AuthProvider driver={GraphQL()}>
            <header>
                ...
            </header>
            <main>
                ...
            </main>
        </AuthProvider>
    );
}

The useIdentity hook can then be used to provide logged in user information and the <Can> component can test for permissions:

import { useIdentity, Can } from '@osuresearch/auth';

function MyComponent() {
    const { user } = useIdentity();

    return (
        <div>
            <p>Hello {user.name}</p>

            <Can do="my-app.read-reports">
                <Link to="/reports">Read reports</Link>
            </Can>
        </div>
    );
}

For more comprehensive examples, see the wiki.

Testing SSO Expirations

Since local development does not have Shibboleth SSO installed - you need to perform some extra work to test a forced logout state for your application.

  • Log into your app normally and interact with it.
  • In your .htaccess file - add the below rule immediately following the RewriteCond for API requests and before any other RewriteRules:
# Fake a Shibboleth session timeout on API requests.
RedirectMatch ^ "https://webauth.service.ohio-state.edu/idp/profile/SAML2/Redirect/SSO?SAMLRequest=BadRequest"
  • Wait for your application to log the user out (can take upwards of 5 minutes). Meanwhile - you can interact with other requests to identify places where they will fail and add logic to handle it gracefully (as all API requests will give you failures during the window between the forced logout and @osuresearch/auth checking authentication state).
  • Remove the RedirectMatch to re-enable the application (would be equivalent to a user going through Shibboleth authentication again)

Changelog

The changelog can be found on the Releases page.

Changes prior to 3.2 can be found in CHANGELOG.md.

Authors and license

Chase McManning and contributors.

MIT License, see the included LICENSE file.

Keywords

ohio-state-university
shibboleth
authentication
authorization
react

FAQs

Package last updated on 24 Jul 2023

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

The Hidden Blast Radius of the Axios Compromise

Security News

The Hidden Blast Radius of the Axios Compromise

The Axios compromise shows how time-dependent dependency resolution makes exposure harder to detect and contain.

By Ahmad Nassri  -  Apr 01, 2026