React/React Native/NextJS/Razzle components for Keycloak
Installations
npm install @react-keycloak/webDeveloper Guide
Typescript
No
Module System
CommonJS
Node Version
12.18.4
NPM Version
lerna/3.22.1/node@v12.18.4+x64 (darwin)
Score
83.5
Supply Chain
94.5
Quality
78.4
Maintenance
100
Vulnerability
99.6
License
Releases
Contributors
Unable to fetch Contributors
Languages
TypeScript (97.16%)
JavaScript (2.84%)
Developer
react-keycloak
Download Statistics
Total Downloads
10,107,868
Last Day
2,774
Last Week
70,484
Last Month
290,812
Last Year
3,229,022
GitHub Statistics
561 Stars
432 Commits
132 Forks
13 Watching
3 Branches
10 Contributors
Sponsor this package
Maintainers
Package Meta Information
Latest Version
3.4.0
Package Id
@react-keycloak/web@3.4.0
Size
8.92 kB
NPM Version
lerna/3.22.1/node@v12.18.4+x64 (darwin)
Node Version
12.18.4
Publised On
21 Oct 2020
Total Downloads
Cumulative downloads
Total Downloads
10,107,868
Last day
-11.5%
2,774
Compared to previous day
Last week
-9.1%
70,484
Compared to previous week
Last month
-3.4%
290,812
Compared to previous month
Last year
8.9%
3,229,022
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Peer Dependencies
4
React Keycloak
React bindings for Keycloak
Table of Contents
Install
React Keycloak requires:
- React 16.8 or later
keycloak-js9.0.2 or later
1yarn add @react-keycloak/web
or
1npm install --save @react-keycloak/web
Getting Started
Setup Keycloak instance
Create a keycloak.js file in the src folder of your project (where App.js is located) with the following content
1import Keycloak from 'keycloak-js' 2 3// Setup Keycloak instance as needed 4// Pass initialization options as required or leave blank to load from 'keycloak.json' 5const keycloak = new Keycloak() 6 7export default keycloak
Setup KeycloakProvider
Wrap your App inside ReactKeycloakProvider and pass the keycloak instance as prop
1import { ReactKeycloakProvider } from '@react-keycloak/web' 2 3import keycloak from './keycloak' 4 5// Wrap everything inside KeycloakProvider 6const App = () => { 7 return <ReactKeycloakProvider authClient={keycloak}>...</ReactKeycloakProvider> 8}
N.B. If your using other providers (such as react-redux) it is recommended to place them inside ReactKeycloakProvider.
ReactKeycloakProvider automatically invokes keycloak.init() method when needed and supports the following props:
-
initOptions, contains the object to be passed tokeycloak.init()method, by default the following is used{ onLoad: 'check-sso', }for more options see Keycloak docs.
-
LoadingComponent, a component to be displayed whilekeycloakis being initialized, if not provided child components will be rendered immediately. Defaults tonull -
isLoadingCheck, an optional loading check function to customize LoadingComponent display condition. Returntrueto display LoadingComponent,falseto hide it.Can be implemented as follow
1;(keycloak) => !keycloak.authenticated -
onEvent, an handler function that receives events launched bykeycloak, defaults tonull.It can be implemented as follow
1;(event, error) => { 2 console.log('onKeycloakEvent', event, error) 3}Published events are:
onReadyonInitErroronAuthSuccessonAuthErroronAuthRefreshSuccessonAuthRefreshErroronTokenExpiredonAuthLogout
-
onTokens, an handler function that receiveskeycloaktokens as an object every time they change, defaults tonull.Keycloak tokens are returned as follow
1{ 2 "idToken": string, 3 "refreshToken": string, 4 "token": string 5}
Hook Usage
When a component requires access to Keycloak, you can use the useKeycloak Hook.
1import { useKeycloak } from '@react-keycloak/web' 2 3export default () => { 4 // Using Object destructuring 5 const { keycloak, initialized } = useKeycloak() 6 7 // Here you can access all of keycloak methods and variables. 8 // See https://www.keycloak.org/docs/latest/securing_apps/index.html#javascript-adapter-reference 9 10 return ( 11 <div> 12 <div>{`User is ${ 13 !keycloak.authenticated ? 'NOT ' : '' 14 }authenticated`}</div> 15 16 {!!keycloak.authenticated && ( 17 <button type="button" onClick={() => keycloak.logout()}> 18 Logout 19 </button> 20 )} 21 </div> 22 ) 23}
External Usage (Advanced)
If you need to access keycloak instance from non-React files (such as sagas, utils, providers ...), you can import the instance directly from the keycloak.js file.
The instance will be initialized by react-keycloak but you'll need to be carefull when using the instance and avoid setting/overriding any props, you can however freely access the exposed methods (such as refreshToken, login, etc...).
Examples
See inside examples folder of @react-keycloak/react-keycloak-examples repository for various demo implementing this library main features.
Guides and Articles
-
Migration guide for
@react-keycloak/webv2.x to v3.xcan be found here MIGRATION.md. -
Secure React Routes & Component with Keycloak, a (slightly outdated) guide on how to setup
Keycloakand create secured contents in aReactapp, thanks to @cagline for the detailed article.
Contributing
See the contributing guide to learn how to contribute to the repository and the development workflow.
License
MIT
If you found this project to be helpful, please consider buying me a coffee.
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE.md:0
- Info: FSF or OSI recognized license: MIT License: LICENSE.md:0
Reason
Found 4/25 approved changesets -- score normalized to 1
Reason
project is archived
Details
- Warn: Repository is archived.
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/test-and-build.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-and-build.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/react-keycloak/react-keycloak/test-and-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-and-build.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/react-keycloak/react-keycloak/test-and-build.yml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/test-and-build.yml:22
- Warn: npmCommand not pinned by hash: .github/workflows/test-and-build.yml:42
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 2 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 10 are checked with a SAST tool
Score
3.5
/10
Last Scanned on 2024-12-16
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More