npmpackage.info

Gathering detailed insights and metrics for react-pkce-coustome

react-pkce-coustome - 0.9.12 | npmpackage.info

react-pkce-coustome

OAuth2 authentication for React, using the PKCE flow

0.9.12

JavaScript

45.70 kB

1.3

Installations

npm install react-pkce-coustome

Developer Guide

BETA

Typescript

No

Module System

CommonJS

Node Version

10.16.3

NPM Version

6.11.3 Pull Requests

Open

3

Total

5

Closed

2

Issues

Open

1

Total

5

Closed

4

Releases

Unable to fetch releases

Languages

JavaScript

HTML

JavaScript (84.55%)

HTML (15.45%)

Developer

Uber5

Download Statistics

Total Downloads

Last Day

Last Week

Last Month

Last Year

GitHub Statistics

20 Stars

115 Commits

13 Forks

4 Watchers

2 Branches

2 Contributors

Updated on Feb 20, 2025

Maintainers

View All 2 Contributors

Package Meta Information

Latest Version

0.9.12

Package Id

react-pkce-coustome@0.9.12

Unpacked Size

45.70 kB

Size

14.03 kB

File Count

NPM Version

6.11.3

Node Version

10.16.3

Total Downloads

Cumulative downloads

Total Downloads

NaN

Last Day

NaN

Compared to previous day

Last Week

NaN

Compared to previous week

Last Month

NaN

Compared to previous month

Last Year

NaN

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Peer Dependencies

react

Dev Dependencies

@babel/cli @babel/core @babel/plugin-proposal-class-properties @babel/preset-env @babel/preset-react babel-loader prop-types react react-dom react-scripts rimraf source-map-support

What is It?

This zero-dependency package enables React applications to use an OAuth2 provider for authentication. The OAuth2 provider must support the PKCE Spec.

(TODO: Links to resources that explain why this is a good idea / better than using the implicit flow.)

Check the live demo (source). When prompted to login, you can signup with email (use link at the bottom of the form).

Prerequisites

The provider url, e.g. https://login.u5auth.com
OAuth2 client credentials (client id and secret), where the client is allowed to use the Authorization code grant.
A React application, which is supposed to be secured via OAuth2 (or rather, needs an access_token to authenticate e.g. calls to APIs).

How

Install

npm i react-pkce

Use

First, create an auth context (and related things):

1const clientId = "8cb4904ae5581ecc2b3a1774"
2const clientSecret = "b683283462070edbac15a8fdab751ada0f501ab48a5f06aa20aee3be24eac9cc"
3const provider = "https://authenticate.u5auth.com"
4
5const {AuthContext, Authenticated, useToken} = createAuthContext({
6  clientId,
7  clientSecret, // optional, only specify if provider requires it
8  provider,
9  scopes: [ 'profile', 'otherScope' ]
10})

You probably need those in other files, so you may want to export them:

1export { AuthContext, Authenticated, useToken }

Next, use the AuthContext to wrap anything that may require an authenticated user / an access token for an authenticated user. Typically, you would wrap the whole app inside of an AuthContext:

1function App() {
2  return (
3    <AuthContext>
4      // ... all my other components, e.g. router, pages, etc.
5    </AuthContext>
6  )
7}

Thirdly, when implementing a component that requires an authenticated user, wrap anything you want to protect from the public in an Authenticated component. This will ensure the user gets authanticated, before anything wrapped by Authenticated gets mounted / rendered:

1function ProtectedComponent() {
2  return (
3    <Authenticated>
4      <ProtectedComponent />
5    </Authenticated>
6  )
7}

Lastly, if you require the access token, you can use the useToken() hook:

1function ComponentWithToken() {
2  const { access_token } = useToken()
3  const [data, setData] = useState(null)
4  useEffect(() => {
5    if (!data) {
6      fetchData({ token: access_token }).then(setData)
7    }
8  }, [access_token])
9  return (
10    // render the data (or a loading indicator, while data === null)
11  )
12}

Note: You need to provide your own fetchData() function.

Options

In addition to the required properties (clientId etc), the following properties can be specified when calling createAuthContext():

busyIndicator: A React element to be rendered while logging in, e.g. <Spinner />.
fetch: HTTP requests to talk to the OAuth2 provider are done using window.fetch, unless you specify your own fetch function as a property.
storage: By default, authentication information (the token) is kept in window.sessionStorage. If you want to use different storage (e.g. window.localStorage), set this property. (TODO: won't work yet, as we don't check expiry of tokens!)
tokenEndpoint: The default token endpoint is ${provider}/token. Configure a different token endpoint here, if your OAuth2 provider does not follow this convention.

Example

Check the live demo (see above), also checkout the test app.

You can run the example, after cloning the repo, and:

1npm i
2npm run start

... then connect to http://localhost:3001.

Develop

Run the example, see above. As the example runs via react-scripts, you can live-edit the sample, and the code of this package, which lives under ./src/lib.

Status

It's fully functional, but does not deal with token expiry and/or certain error conditions yet. See the issues and/or add a new issue.

No vulnerabilities found.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

0

Maintained

Determines if the project is "actively maintained".

0

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

SAST

Determines if the project uses static code analysis.

0

Security-Policy

Determines if the project has published a security policy.

0

License

Determines if the project has defined a license.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Fuzzing

Determines if the project uses fuzzing.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Reason

104 existing vulnerabilities detected

Details

Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
Warn: Project is vulnerable to: GHSA-whgm-jr23-g3j9
Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25
Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
Warn: Project is vulnerable to: GHSA-x9w5-v3q2-3rhw
Warn: Project is vulnerable to: GHSA-w8qv-6jwh-64r5
Warn: Project is vulnerable to: GHSA-257v-vj4p-3w2h
Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
Warn: Project is vulnerable to: GHSA-3wcq-x3mq-6r9p
Warn: Project is vulnerable to: GHSA-r9p9-mrjm-926w
Warn: Project is vulnerable to: GHSA-434g-2637-qmqr
Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m
Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw
Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p
Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747
Warn: Project is vulnerable to: GHSA-vjh7-7g9h-fjfh
Warn: Project is vulnerable to: GHSA-4gmj-3p3h-gm8h
Warn: Project is vulnerable to: GHSA-6h5x-7c5m-7cr7
Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
Warn: Project is vulnerable to: GHSA-74fj-2j2h-c42q
Warn: Project is vulnerable to: GHSA-pw2r-vq6v-hr8c
Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
Warn: Project is vulnerable to: GHSA-8r6j-v8pm-fqw3
Warn: Project is vulnerable to: MAL-2023-462
Warn: Project is vulnerable to: GHSA-ww39-953v-wcq6
Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj
Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27
Warn: Project is vulnerable to: GHSA-qqgx-2p2h-9c37
Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
Warn: Project is vulnerable to: GHSA-7r28-3m3f-r2pr
Warn: Project is vulnerable to: GHSA-r8j5-h5cx-65gg
Warn: Project is vulnerable to: GHSA-896r-f27r-55mw
Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq
Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488
Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g
Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
Warn: Project is vulnerable to: GHSA-r6rj-9ch6-g264
Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m
Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
Warn: Project is vulnerable to: GHSA-92xj-mqp7-vmcj
Warn: Project is vulnerable to: GHSA-wxgw-qj99-44c2
Warn: Project is vulnerable to: GHSA-5rrq-pxf6-6jx5
Warn: Project is vulnerable to: GHSA-8fr3-hfg3-gpgp
Warn: Project is vulnerable to: GHSA-gf8q-jrpm-jvxq
Warn: Project is vulnerable to: GHSA-2r2c-g63r-vccr
Warn: Project is vulnerable to: GHSA-cfm4-qjh2-4765
Warn: Project is vulnerable to: GHSA-x4jg-mjrx-434g
Warn: Project is vulnerable to: GHSA-5fw9-fq32-wv5p
Warn: Project is vulnerable to: GHSA-rp65-9cf3-cjxr
Warn: Project is vulnerable to: GHSA-cwx2-736x-mf6w
Warn: Project is vulnerable to: GHSA-v39p-96qg-c8rf
Warn: Project is vulnerable to: GHSA-8v63-cqqc-6r2c
Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
Warn: Project is vulnerable to: GHSA-h7cp-r72f-jxh6
Warn: Project is vulnerable to: GHSA-v62p-rq8g-8h59
Warn: Project is vulnerable to: GHSA-566m-qj78-rww5
Warn: Project is vulnerable to: GHSA-hwj9-h5mp-3pm3
Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
Warn: Project is vulnerable to: GHSA-5q6m-3h65-w53x
Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
Warn: Project is vulnerable to: GHSA-g4rg-993r-mgx7
Warn: Project is vulnerable to: GHSA-vx3p-948g-6vhq
Warn: Project is vulnerable to: GHSA-3jfq-g458-7qm9
Warn: Project is vulnerable to: GHSA-r628-mhmh-qjhw
Warn: Project is vulnerable to: GHSA-9r2w-394v-53qc
Warn: Project is vulnerable to: GHSA-5955-9wpr-37jh
Warn: Project is vulnerable to: GHSA-qq89-hq3f-393p
Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc
Warn: Project is vulnerable to: GHSA-jgrx-mgxx-jf9v
Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
Warn: Project is vulnerable to: GHSA-9m6j-fcg5-2442
Warn: Project is vulnerable to: GHSA-hh27-ffr2-f2jc
Warn: Project is vulnerable to: GHSA-rqff-837h-mm52
Warn: Project is vulnerable to: GHSA-8v38-pw62-9cw2
Warn: Project is vulnerable to: GHSA-hgjh-723h-mx2j
Warn: Project is vulnerable to: GHSA-jf5r-8hm2-f872
Warn: Project is vulnerable to: GHSA-wr3j-pwj9-hqq6
Warn: Project is vulnerable to: GHSA-4v9v-hfq4-rm2v
Warn: Project is vulnerable to: GHSA-9jgg-88mc-972h
Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
Warn: Project is vulnerable to: GHSA-6fc8-4gx4-v693
Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Warn: Project is vulnerable to: GHSA-c4w7-xm78-47vh

Score

1.3

/10

Last Scanned on 2025-07-07

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More