Gathering detailed insights and metrics for @react-keycloak/web
Gathering detailed insights and metrics for @react-keycloak/web
React/React Native/NextJS/Razzle components for Keycloak
Installations
npm install @react-keycloak/webDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Node Version
12.18.4
NPM Version
lerna/3.22.1/node@v12.18.4+x64 (darwin)
Score
92.1
Supply Chain
93.5
Quality
78.2
Maintenance
100
Vulnerability
99.6
License
Releases
16
Languages
2
TypeScript
JavaScript
TypeScript (97.16%)
JavaScript (2.84%)
Developer
react-keycloak
Download Statistics
Total Downloads
11,514,564
Last Day
12,599
Last Week
63,622
Last Month
269,731
Last Year
3,400,489
GitHub Statistics
MIT License
561 Stars
432 Commits
131 Forks
12 Watchers
3 Branches
10 Contributors
Updated on Dec 06, 2024
Bundle Size
5.80 kB
Minified
1.89 kB
Minified + Gzipped
Sponsor this package
Maintainers
1
Package Meta Information
Latest Version
3.4.0
Package Id
@react-keycloak/web@3.4.0
Size
8.92 kB
NPM Version
lerna/3.22.1/node@v12.18.4+x64 (darwin)
Node Version
12.18.4
Published on
Oct 21, 2020
Total Downloads
Cumulative downloads
Total Downloads
11,514,564
Last Day
0%
12,599
Compared to previous day
Last Week
-1.6%
63,622
Compared to previous week
Last Month
-10.5%
269,731
Compared to previous month
Last Year
12.6%
3,400,489
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Peer Dependencies
4
React Keycloak
React bindings for Keycloak
Table of Contents
Install
React Keycloak requires:
- React 16.8 or later
keycloak-js9.0.2 or later
1yarn add @react-keycloak/web
or
1npm install --save @react-keycloak/web
Getting Started
Setup Keycloak instance
Create a keycloak.js file in the src folder of your project (where App.js is located) with the following content
1import Keycloak from 'keycloak-js' 2 3// Setup Keycloak instance as needed 4// Pass initialization options as required or leave blank to load from 'keycloak.json' 5const keycloak = new Keycloak() 6 7export default keycloak
Setup KeycloakProvider
Wrap your App inside ReactKeycloakProvider and pass the keycloak instance as prop
1import { ReactKeycloakProvider } from '@react-keycloak/web' 2 3import keycloak from './keycloak' 4 5// Wrap everything inside KeycloakProvider 6const App = () => { 7 return <ReactKeycloakProvider authClient={keycloak}>...</ReactKeycloakProvider> 8}
N.B. If your using other providers (such as react-redux) it is recommended to place them inside ReactKeycloakProvider.
ReactKeycloakProvider automatically invokes keycloak.init() method when needed and supports the following props:
-
initOptions, contains the object to be passed tokeycloak.init()method, by default the following is used{ onLoad: 'check-sso', }for more options see Keycloak docs.
-
LoadingComponent, a component to be displayed whilekeycloakis being initialized, if not provided child components will be rendered immediately. Defaults tonull -
isLoadingCheck, an optional loading check function to customize LoadingComponent display condition. Returntrueto display LoadingComponent,falseto hide it.Can be implemented as follow
1;(keycloak) => !keycloak.authenticated -
onEvent, an handler function that receives events launched bykeycloak, defaults tonull.It can be implemented as follow
1;(event, error) => { 2 console.log('onKeycloakEvent', event, error) 3}Published events are:
onReadyonInitErroronAuthSuccessonAuthErroronAuthRefreshSuccessonAuthRefreshErroronTokenExpiredonAuthLogout
-
onTokens, an handler function that receiveskeycloaktokens as an object every time they change, defaults tonull.Keycloak tokens are returned as follow
1{ 2 "idToken": string, 3 "refreshToken": string, 4 "token": string 5}
Hook Usage
When a component requires access to Keycloak, you can use the useKeycloak Hook.
1import { useKeycloak } from '@react-keycloak/web' 2 3export default () => { 4 // Using Object destructuring 5 const { keycloak, initialized } = useKeycloak() 6 7 // Here you can access all of keycloak methods and variables. 8 // See https://www.keycloak.org/docs/latest/securing_apps/index.html#javascript-adapter-reference 9 10 return ( 11 <div> 12 <div>{`User is ${ 13 !keycloak.authenticated ? 'NOT ' : '' 14 }authenticated`}</div> 15 16 {!!keycloak.authenticated && ( 17 <button type="button" onClick={() => keycloak.logout()}> 18 Logout 19 </button> 20 )} 21 </div> 22 ) 23}
External Usage (Advanced)
If you need to access keycloak instance from non-React files (such as sagas, utils, providers ...), you can import the instance directly from the keycloak.js file.
The instance will be initialized by react-keycloak but you'll need to be carefull when using the instance and avoid setting/overriding any props, you can however freely access the exposed methods (such as refreshToken, login, etc...).
Examples
See inside examples folder of @react-keycloak/react-keycloak-examples repository for various demo implementing this library main features.
Guides and Articles
-
Migration guide for
@react-keycloak/webv2.x to v3.xcan be found here MIGRATION.md. -
Secure React Routes & Component with Keycloak, a (slightly outdated) guide on how to setup
Keycloakand create secured contents in aReactapp, thanks to @cagline for the detailed article.
Contributing
See the contributing guide to learn how to contribute to the repository and the development workflow.
License
MIT
If you found this project to be helpful, please consider buying me a coffee.
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE.md:0
- Info: FSF or OSI recognized license: MIT License: LICENSE.md:0
Reason
0 existing vulnerabilities detected
Reason
Found 4/25 approved changesets -- score normalized to 1
Reason
project is archived
Details
- Warn: Repository is archived.
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/test-and-build.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-and-build.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/react-keycloak/react-keycloak/test-and-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-and-build.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/react-keycloak/react-keycloak/test-and-build.yml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/test-and-build.yml:22
- Warn: npmCommand not pinned by hash: .github/workflows/test-and-build.yml:42
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 2 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 10 are checked with a SAST tool
Score
3.5
/10
Last Scanned on 2025-05-12
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More