@tapstack/auth
Advanced tools
Client-side SDK for Tapstack Auth. It wraps the existing Auth API routes and provides a small React integration.
npm install @tapstack/auth
import { createAuthClient, createLocalStorageTokenStore } from '@tapstack/auth';
const tokenStore = createLocalStorageTokenStore();
const auth = createAuthClient({
// Base URL where the auth routes are mounted
// Example for module routes: https://api.tapstack.com/api/m
baseUrl: 'http://localhost:3001/api/m',
getStoredTokens: tokenStore.getStoredTokens,
setStoredTokens: tokenStore.setStoredTokens,
});
const result = await auth.login('you@example.com', 'password');
if (!('requiresMfa' in result)) {
console.log('Logged in user:', result.account);
}
await auth.sendMagicLink('you@example.com', 'http://localhost:3000/auth/magic-link');
Handle the callback URL by extracting the token query param and verifying it:
const params = new URLSearchParams(window.location.search);
const token = params.get('token');
if (token) {
const result = await auth.verifyMagicLink(token);
console.log('Logged in with magic link:', result.account);
}
Notes:
redirectUrl you pass to sendMagicLink is used as the base URL, and the API appends ?token=....verifyMagicLink stores the access and refresh tokens just like login.const url = auth.getSocialAuthUrl('google', 'http://localhost:3000/auth/callback');
// Redirect the browser
window.location.assign(url);
import React from 'react';
import { AuthProvider, useAuth } from '@tapstack/auth';
function App() {
const auth = createAuthClient({ baseUrl: 'http://localhost:3001/api/m' });
return (
<AuthProvider client={auth}>
<LoginForm />
</AuthProvider>
);
}
function LoginForm() {
const { signIn, signInWithOAuth, isLoading, error, user } = useAuth();
if (isLoading) return <div>Loading...</div>;
if (user) return <div>Welcome {user.email}</div>;
return (
<div>
<button onClick={() => signIn('you@example.com', 'password')}>Sign in</button>
<button onClick={() => signInWithOAuth('google', 'http://localhost:3000/auth/callback')}>
Sign in with Google
</button>
{error && <div>{error.message}</div>}
</div>
);
}
import { createMemoryTokenStore, createLocalStorageTokenStore } from '@tapstack/auth';
const memoryStore = createMemoryTokenStore();
const localStore = createLocalStorageTokenStore({ key: 'tapstack_auth_tokens' });
autoRefresh is enabled by default and will refresh access tokens before expiry if expiresAt is provided.{ success: true, data: ... }.First-time publish for @tapstack/auth requires:
Create the npm organization (one-time): Go to Create organization – npm and create an organization with the scope tapstack. Without this, npm publish returns 404 for @tapstack/auth.
Authenticate:
npm login and sign in with an npm user that is a member of the tapstack org (or use a token in ~/.npmrc: //registry.npmjs.org/:_authToken=YOUR_TOKEN). Do not commit .npmrc or the token.NPM_TOKEN; the workflow uses it automatically.Publish: From the repo root, npm publish --workspace packages/auth --access public.
MIT
FAQs
Tapstack Auth Client - Official SDK for the Tapstack Auth API
We found that @tapstack/auth demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Open source is under attack because of how much value it creates. It has been the foundation of every major software innovation for the last three decades. This is not the time to walk away from it.
Security News
Socket CEO Feross Aboukhadijeh breaks down how North Korea hijacked Axios and what it means for the future of software supply chain security.
Security News
OpenSSF has issued a high-severity advisory warning open source developers of an active Slack-based campaign using impersonation to deliver malware.