Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
react-native-msal
Advanced tools
Requires React Native >=0.61
$ yarn add react-native-msal
msauth.<BUNDLE_ID>://auth
.
msauth.energy.stash.msal.example://auth
msauth://<PACKAGE>/<BASE64_URL_ENCODED_PACKAGE_SIGNATURE>
msauth://energy.stash.msal.example/ab%4E1lPIzBP2j9uELdUz%2BcarjgxQ%3D
*.keystore
, or from the Google Play console if you have automatic app signing turned on. For local debugging you can enter this command to read your debug.keystore
:keytool -list -v -keystore path/to/debug.keystore -alias androiddebugkey -storepass android -keypass android
echo -n "<YOUR_SHA1_SIGNATURE>" | openssl dgst -binary -sha1 | openssl base64
android/app/src/main/assets
) named msal_config.json
containing your MSAL configuration. If you don't have an assets
folder already, you will have to create oneSee example usage in App.tsx
in the example app
import MSALClient from 'react-native-msal';
const clientId = '<clientId>';
const authority = '<authority>';
const scopes = ['scope'];
const msalClient = new MSALClient(clientId);
// The first time signing in you must use this call to perform
// an interactive login
// Use the token from result.accessToken to call your API
// See when the token expires with result.expiresOn
// Store result.account.identifier for acquiring tokens silently or clearing the token cache
const result = await msalClient.acquireToken({
authority,
scopes,
});
// Acquire a token silently
// You may specify `forceRefresh: true` to force acquiring a brand new token
const result = await msalClient.acquireTokenSilent({
authority,
scopes,
accountIdentifier: result.account.identifier,
});
// Removes all tokens from the cache for the specified account
// A call to acquireToken will be required for acquiring subsequent access tokens
const result = await msalClient.removeAccount({
authority,
accountIdentifier: result.account.identifier,
});
To run the example, first:
yarn bootstrap
msauth://com.example/P6akJ4YYsuUDahjqGra9mAflzdA%3D
msauth.com.example://auth
msal_config.json
asset file to include your client id and authoritiesyarn example android
yarn example ios
FAQs
React Native wrapper for iOS and Android
The npm package react-native-msal receives a total of 728 weekly downloads. As such, react-native-msal popularity was classified as not popular.
We found that react-native-msal demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.