Gathering detailed insights and metrics for react-native-axios-jwt
Gathering detailed insights and metrics for react-native-axios-jwt
Installations
npm install react-native-axios-jwtDeveloper
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
Typescript Support
Yes
Node Version
16.10.0
NPM Version
7.24.0
Statistics
33 Stars
59 Commits
10 Forks
3 Watching
1 Branches
4 Contributors
Updated on 01 Sept 2024
Languages
TypeScript (99%)
JavaScript (1%)
Total Downloads
Cumulative downloads
Total Downloads
30,848
Last day
42.4%
47
Compared to previous day
Last week
-49.4%
134
Compared to previous week
Last month
12.8%
889
Compared to previous month
Last year
-35.4%
7,181
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Peer Dependencies
2
Versions
react-native-axios-jwt
Store, clear, transmit and automatically refresh JWT authentication tokens in a React Native environment.
Looking for a web alternative? Check out axios-jwt
What does it do?
Applies a request interceptor to your axios instance.
The interceptor automatically adds a header (default: Authorization) with an access token to all requests.
It stores accessToken and refreshToken in AsyncStorage and reads them when needed.
It parses the expiration time of your access token and checks to see if it is expired before every request. If it has expired, a request to refresh and store a new access token is automatically performed before the request proceeds.
Installation
1. Install React Native Async Storage
2. Install this library
With npm:
1npm install react-native-axios-jwt
With Yarn:
1yarn add react-native-axios-jwt
How do I use it?
- Create an
axiosinstance. - Define a token refresh function.
- Configure the interceptor.
- Store tokens on login with
setAuthTokensfunction. - Clear tokens on logout with
clearAuthTokensfunction.
Applying the interceptor
1// api.ts 2 3import axios from 'axios' 4import { 5 type AuthTokenInterceptorConfig, 6 type AuthTokens, 7 type TokenRefreshRequest, 8 applyAuthTokenInterceptor, 9} from 'react-native-axios-jwt' 10 11const BASE_URL = 'https://api.example.com' 12 13// 1. Create an axios instance that you wish to apply the interceptor to 14export const axiosInstance = axios.create({ 15 baseURL: BASE_URL, 16}) 17 18// 2. Define token refresh function. 19// It is an async function that takes a refresh token and returns a promise 20// that resolves in fresh access token and refresh token. 21// You can also return only an access token in a case when a refresh token stays the same. 22const requestRefresh: TokenRefreshRequest = async ( 23 refreshToken: string, 24): Promise<AuthTokens> => { 25 // Important! Do NOT use the axios instance that you supplied to applyAuthTokenInterceptor 26 // because this will result in an infinite loop when trying to refresh the token. 27 // Use the global axios client or a different instance. 28 const response = await axios.post(`${BASE_URL}/auth/refresh_token`, { 29 token: refreshToken, 30 }) 31 32 const { 33 access_token: newAccessToken, 34 refresh_token: newRefreshToken, 35 } = response.data 36 37 return { 38 accessToken: newAccessToken, 39 refreshToken: newAccessToken, 40 } 41} 42 43const config: AuthTokenInterceptorConfig = { 44 requestRefresh, 45} 46 47// 3. Add interceptor to your axios instance 48applyAuthTokenInterceptor(axiosInstance, config)
Login
1// login.ts 2 3import { setAuthTokens } from 'react-native-axios-jwt' 4 5import { axiosInstance } from './api' 6 7// 4. Log in with POST request with the email and password. 8// Get access token and refresh token in response. 9// Call `setAuthTokens` with the tokens. 10const login = async (params: LoginRequestParams): void => { 11 const response = await axiosInstance.post('/auth/login', params) 12 13 const { 14 access_token: accessToken, 15 refresh_token: refreshToken, 16 } = response.data 17 18 // Save tokens to AsyncStorage. 19 await setAuthTokens({ 20 accessToken, 21 refreshToken, 22 }) 23}
Usage
1// usage.ts 2 3import { 4 getAccessToken, 5 getRefreshToken, 6 isLoggedIn, 7} from 'react-native-axios-jwt'; 8 9// Check if the user is logged in. 10if (isLoggedIn()) { 11 // Assume the user is logged in because we have a refresh token stored in AsyncStorage. 12} 13 14// Use access token. 15const doSomethingWithAccessToken = async (): void => { 16 const accessToken = await getAccessToken() 17 18 console.log(accessToken) 19} 20 21// Use refresh token. 22const doSomethingWithRefreshToken = async (): void => { 23 const refreshToken = await getRefreshToken() 24 25 console.log(refreshToken) 26}
Logout
1// logout.ts 2 3import { clearAuthTokens } from 'react-native-axios-jwt' 4 5// 5. Log out by clearing the auth tokens from AsyncStorage. 6const logout = async (): void => { 7 await clearAuthTokens() 8}
Configuration
1applyAuthTokenInterceptor(axiosInstance, { 2 header = 'Authorization', // header name 3 headerPrefix = 'Bearer ', // header value prefix 4 requestRefresh, // async function that resolves in fresh access token (and refresh token) 5})
Caveats
- Your backend should allow a few seconds of leeway between when the token expires and when it actually becomes unusable.
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
Found 2/20 approved changesets -- score normalized to 1
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/push.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/mvanroon/react-native-axios-jwt/push.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/mvanroon/react-native-axios-jwt/push.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/mvanroon/react-native-axios-jwt/push.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/mvanroon/react-native-axios-jwt/push.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/mvanroon/react-native-axios-jwt/push.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/mvanroon/react-native-axios-jwt/push.yml/main?enable=pin
- Info: 0 out of 6 GitHub-owned GitHubAction dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
license file not detected
Details
- Warn: project does not have a license file
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 13 are checked with a SAST tool
Reason
15 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
- Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-8cf7-32gw-wr33
- Warn: Project is vulnerable to: GHSA-hjrf-2m68-5959
- Warn: Project is vulnerable to: GHSA-qwph-4952-7xr6
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Score
2.3
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More