Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
ackee-redux-token-auth
Advanced tools
Redux and redux saga logic for token authentication with an auto token refresh.
The library tackles a token based communication flow between a redux app and an data resource provider.
The problem: Given an token based communication schema, e.g. OAuth2, where valid access token is required for each request. Once access token expires, a different endpoint is called with refresh token to refresh the token pair. The communication then continues with the access token.
The solution: requestFn
. A functional wrapper that does the refresh process for you and retries the wrapped function call when it failes due to an expired token.
authUser(state: Object) => user:any
Gets the user returned from authenticate
method.
isLoggedIn(state: Object) => bool
Returns true
whether user is logged in, false
otherwise.
isLoggingIn(state: Object) => bool
Returns true
whether the login process is taking place, false
otherwise.
configure(config: Object) => void
Sets the package configuration with an config object. Following config properties are supported:
authenticate: Function
,refreshTokens: Function
,shouldRefresh: Function
.Any of the functions can also be a saga generator.
authenticate(credentials: any) => {user: any, tokens: any }
Required. This method is called when a login(credentials)
action is dispatched. These credentials are passed to authenticate
method.
The method is exepected to return/or resolve with an Object with props user, tokens
or throw an error. User and tokens are then stored as is to the redux state for later use.
refreshTokens(tokens: Object) => tokens:Object
Optional. This method is called when the requestFn
catches an error and shouldRefresh
returns true. This triggers the token-refresh process.
Function is expected to return/or resolve with an tokens Object ({ [tokenName: string]: token }
)
All handlers passed to requestFn
are now blocked until the refresh process is complete. This is to prevent the refresh process to be started by simultaneous failing tasks. Default: no-op.
shouldRefresh(error: Error) => boolean
Optional. This function is called when the requestFn
catches an error and should decide, whether to refresh the tokens and retry the action or not. Default: () => true
.
saga() => ReduxSaga
Initializes the saga handlers generator. This should be passed along with your other sagas.
reducer: ReduxReducer
The lib reducer. Needs to be plugged in under the auth
key. Reducer name is not-yet configurable.
authorizedFn(handler: Function)
A saga wrapper for the given handler
Function or a saga generator.
The handler is called with { ...tokens, user }
you returned in configure.authenticate
and configure.refreshTokens
.
logout() => ReduxAction
Triggers a user logout. This clears the state of any auth data.
setTokens(tokens: Object) => ReduxAction
Sets the tokens to the state. In case you want to set them manually.
This should be used at application startup only. Using this elsewere is considered to be an anti-pattern.
refreshTokens() => ReduxAction
Triggers the refresh-tokens process.
FAQs
The library aims to handle authentication logic with token based flow.
We found that ackee-redux-token-auth demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.