-
Notifications
You must be signed in to change notification settings - Fork 232
@okta/okta-react@1.2.1 #517
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -44,13 +44,13 @@ yarn add @okta/okta-react | |
|
||
## Create Routes | ||
|
||
Here are the minimum requirements for a working example: | ||
Here is a minimal working example. This example defines 3 routes: | ||
|
||
* **/** - Anyone can access the home page | ||
* **/protected** - Protected is only visible to authenticated users | ||
* **/implicit/callback** - This is where auth is handled for you after redirection | ||
|
||
```typescript | ||
```jsx | ||
// src/App.js | ||
|
||
import React, { Component } from 'react'; | ||
|
@@ -64,8 +64,8 @@ class App extends Component { | |
return ( | ||
<Router> | ||
<Security issuer='https://{yourOktaDomain}.com/oauth2/default' | ||
client_id='{clientId}' | ||
redirect_uri={window.location.origin + '/implicit/callback'} > | ||
clientId='{clientId}' | ||
redirectUri={window.location.origin + '/implicit/callback'} > | ||
<Route path='/' exact={true} component={Home}/> | ||
<SecureRoute path='/protected' component={Protected}/> | ||
<Route path='/implicit/callback' component={ImplicitCallback} /> | ||
|
@@ -81,7 +81,7 @@ export default App; | |
## Show Login and Logout Buttons | ||
In the relevant location in your application, you will want to provide `Login` and `Logout` buttons for the user. You can show/hide the correct button by using the `auth.isAuthenticated()` method. For example: | ||
|
||
```typescript | ||
```jsx | ||
// src/Home.js | ||
|
||
import React, { Component } from 'react'; | ||
|
@@ -134,7 +134,7 @@ When your users are authenticated, your React application has an access token th | |
|
||
Here is what the React component could look like for this hypothetical example: | ||
|
||
```typescript | ||
```jsx | ||
import fetch from 'isomorphic-fetch'; | ||
import React, { Component } from 'react'; | ||
import { withAuth } from '@okta/okta-react'; | ||
|
@@ -179,33 +179,24 @@ Security is the top-most component of okta-react. This is where most of the conf | |
|
||
#### Configuration options | ||
|
||
These options are used by `Security` to configure the [Auth](https://github.com/okta/okta-oidc-js/blob/master/packages/okta-react/src/Auth.js) object. The most commonly used options are shown here. See [Configuration Reference](https://github.com/okta/okta-auth-js#configuration-reference) for an extended set of supported options. | ||
|
||
- **issuer** (required) - The OpenId Connect `issuer` | ||
- **client_id** (required) - The OpenId Connect `client_id` | ||
- **redirect_uri** (required) - Where the callback handler is hosted | ||
- **clientId** (required) - The OpenId Connect `client_id` | ||
- **redirectUri** (required) - Where the callback handler is hosted | ||
- **scope** *(optional)* - Reserved or custom claims to be returned in the tokens. Default: `['openid', 'email', 'profile']` | ||
- **response_type** *(optional)* - Desired token types. Default: `['id_token', 'token']` | ||
- **grantType** *(optional)* - Can be `implicit` (default) or `authorization_code` (for PKCE flow) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Was grantType ever published for okta-react, or is this leftover from earlier work in this same release? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. its left over, we have not released pkce support for react yet |
||
- **responseType** *(optional)* - Desired token types. Default: `['id_token', 'token']`. | ||
For PKCE flow, this should be left undefined or set to `['code']`. | ||
- **pkce** *(optional)* - If `true`, PKCE flow will be used | ||
- **onAuthRequired** *(optional)* - callback function | ||
|
||
Accepts a callback to make a decision when authentication is required. If this is not supplied, `okta-react` redirects to Okta. This callback will receive `auth` and `history` parameters. This is triggered when: | ||
1. `auth.login` is called | ||
2. SecureRoute is accessed without authentication | ||
|
||
- **storage** *(optional)*: | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. These moved to the Auth config, right? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. These, and all other supported options are part of the "Configuration refernence" (I point them to okta-auth-js). pkce, secure, etc. are also located here. |
||
Specify the type of storage for tokens. The types are: | ||
- [`localStorage`](https://developer.mozilla.org/en-US/docs/Web/API/Window/localStorage) | ||
- [`sessionStorage`](https://developer.mozilla.org/en-US/docs/Web/API/Window/sessionStorage) | ||
- [`cookie`](https://developer.mozilla.org/en-US/docs/Web/API/Document/cookie) | ||
|
||
Defaults to `localStorage`. If [local storage](https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API/Local_storage) is not available, falls back to `sessionStorage` or `cookie`. | ||
- **auto_renew** *(optional)*: | ||
By default, the library will attempt to renew expired tokens. When an expired token is requested by the library, a renewal request is executed to update the token. If you wish to to disable auto renewal of tokens, set `auto_renew` to `false`. | ||
|
||
- **auth** *(optional)* - Provide an [Auth](https://github.com/okta/okta-auth-js) object instead of the options above. This is helpful when integrating `okta-react` with external libraries that need access to the tokens. | ||
|
||
#### Example | ||
|
||
```typescript | ||
```jsx | ||
function customAuthHandler({auth, history}) { | ||
// Redirect to the /login page that has a CustomLoginComponent | ||
history.push('/login'); | ||
|
@@ -216,8 +207,8 @@ class App extends Component { | |
return ( | ||
<Router> | ||
<Security issuer='https://{yourOktaDomain}.com/oauth2/default' | ||
client_id='{clientId}' | ||
redirect_uri={window.location.origin + '/implicit/callback'} | ||
clientId='{clientId}' | ||
redirectUri={window.location.origin + '/implicit/callback'} | ||
onAuthRequired={customAuthHandler} > | ||
<Router path='/login' component={CustomLoginComponent}> | ||
{/* some routes here */} | ||
|
@@ -228,9 +219,18 @@ class App extends Component { | |
} | ||
``` | ||
|
||
#### Alternate configuration using `Auth` object | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. +1 on this section - very clear, very helpful |
||
|
||
When the `auth` option is passed, all other configuration options passed to `Security` will be ignored. The `Auth` object should be configured directly before being passed to `Security`. | ||
|
||
- **auth** *(optional)* - Provide an [Auth](https://github.com/okta/okta-oidc-js/blob/master/packages/okta-react/src/Auth.js) object instead of the options above. This is the most direct way to use methods on the `Auth` object outside of your components and is helpful when integrating `okta-react` with external libraries that need access to the tokens. | ||
|
||
|
||
#### Example with Auth object | ||
|
||
```typescript | ||
Configure an instance of the `Auth` object and pass it to the `Security` component. | ||
|
||
```jsx | ||
// src/App.js | ||
|
||
import React, { Component } from 'react'; | ||
|
@@ -245,9 +245,8 @@ const history = createBrowserHistory(); | |
const auth = new Auth({ | ||
history, | ||
issuer: 'https://{yourOktaDomain}.com/oauth2/default', | ||
client_id: '{clientId}', | ||
redirect_uri: window.location.origin + '/implicit/callback', | ||
onAuthRequired: ({history}) => history.push('/login') | ||
clientId: '{clientId}', | ||
redirectUri: window.location.origin + '/implicit/callback', | ||
}); | ||
|
||
class App extends Component { | ||
|
@@ -267,6 +266,55 @@ class App extends Component { | |
export default App; | ||
``` | ||
|
||
#### PKCE Example | ||
|
||
Assuming you have configured your application to allow the `Authorization code` grant type, simply pass `pkce=true` to the `Security` component. This will configure the `Auth` object to perform PKCE flow for both login and token refresh. | ||
|
||
```jsx | ||
|
||
class App extends Component { | ||
render() { | ||
return ( | ||
<Router> | ||
<Security issuer='https://{yourOktaDomain}.com/oauth2/default' | ||
clientId='{clientId}' | ||
pkce={true} | ||
redirectUri={window.location.origin + '/implicit/callback'}> | ||
<Router path='/login' component={CustomLoginComponent}> | ||
{/* some routes here */} | ||
</Security> | ||
</Router> | ||
); | ||
} | ||
} | ||
``` | ||
|
||
You may also configure an `Auth` object directly and pass it to the Security component. | ||
|
||
```jsx | ||
|
||
const auth = new Auth({ | ||
issuer: 'https://{yourOktaDomain}.com/oauth2/default', | ||
clientId: '{clientId}', | ||
pkce: true, | ||
redirectUri: window.location.origin + '/implicit/callback', | ||
}); | ||
|
||
class App extends Component { | ||
render() { | ||
return ( | ||
<Router history={history}> | ||
<Security auth={auth} > | ||
<Route path='/' exact={true} component={Home}/> | ||
<Route path='/implicit/callback' component={ImplicitCallback} /> | ||
</Security> | ||
</Router> | ||
); | ||
} | ||
} | ||
|
||
``` | ||
|
||
### `SecureRoute` | ||
|
||
`SecureRoute` ensures that a route is only rendered if the user is authenticated. If the user is not authenticated, it calls `onAuthRequired` if it exists, otherwise, it redirects to Okta. | ||
|
@@ -315,7 +363,7 @@ Performs a full-page redirect to Okta with optional request parameters. | |
|
||
The `additionalParams` are mapped to Okta's [`/authorize` request parameters](https://developer.okta.com/docs/api/resources/oidc#authorize). This will override any existing [configuration](#configuration-options). As an example, if you have an Okta `sessionToken`, you can bypass the full-page redirect by passing in this token. This is recommended when using the [Okta Sign-In Widget](https://github.com/okta/okta-signin-widget). Simply pass in a `sessionToken` into the `redirect` method as follows: | ||
|
||
```typescript | ||
```jsx | ||
auth.redirect({ | ||
sessionToken: '{sampleSessionToken}' | ||
}); | ||
|
@@ -335,6 +383,7 @@ See the [getting started](/README.md#getting-started) section for step-by-step i | |
|
||
| Command | Description | | ||
|--------------|------------------------------------| | ||
| `yarn install`| Install dependencies | | ||
| `yarn start` | Start the sample app using the SDK | | ||
| `yarn test` | Run unit and integration tests | | ||
| `yarn lint` | Run eslint linting tests | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm 90% sure I know the answer, but what happens to users of the old standard?
If we're deprecating the old snake_case method, we should indicate that somewhere so users understand why their code works (per above) when it doesn't match the docs. The changelog would satisfy me on that if it shows up there (and thus not in this PR), but we need to make sure it does show up there in that case.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I will add note to the changelog