npm
Sign UpSign In

@pga/auth-provider

0.0.35 • Public • Published

PGA React AuthProvider for OneLogin

This package provides React functionality for handling OneLogin authentication via our backend.

Important

We will be using the new unified OneLogin app for our apps with this new auth. Since the auth is handled on the backend, we don't need all the REACT_APP_ONELOGIN_* env variables on the frontend anymore. However, we'll need to add REACT_APP_AUTH_BASE_URI=https://auth.sandboxpga.org to our .env files which is the unified auth base URI handling all auth-related callbacks and redirects (/login.html, /callback.html, /silent.html etc.) Once we get the auth on the sandbox we should be able to use https://auth.sandboxpga.org for local development, just like we've been using https://developers.sanboxpga.org/graphql for the /graphql endpoint while developing locally.

It also may be a good time to switch and sync all our React apps to using *.pga.local:DIFFERENT_PORTS_FOR_DIFFERENT_REACT_APPS for local development so we can avoid the issues we've been having with using *.sandboxpga.org:SAME_PORT_FOR_DIFF_APPS.

<AuthProvider />

The <AuthProvider /> component is intended to be used once per app. It's basically a React Context Provider (similar to <ApolloProvider />, or React Router's <BrowserRouter />, which wraps the authentication state and passes it to its consuming children. It makes sense to have it once at the top level React Component tree, within the ./src/index.js (or ./src/App.js) for example:

ReactDOM.render(
  <ApolloProvider client={apolloClient}>
    <BrowserRouter>
      <AuthProvider apolloClient={apolloClient}>
        <App />
      </AuthProvider>
    </BrowserRouter>
  </ApolloProvider>,
  document.getElementById('root')
)

We need to pass our apolloClient as a prop because we use me to query for users data and log in status.

Logged in users have the JWT token stored in auth.pga.org's localStorage (for .pga.org). So what happens in the background, on AuthProvider's componentDidMount() method we start listening for messages from the auth relay iframe and query /graphql endpoint for me to get user data, along with user's data if logged in:

componentDidMount () {
  window.addEventListener('message', this.receiveAuthMessage)
}

async receiveAuthMessage (event) {
  const { data, origin } = event
  const { user, type } = data
  const isValidType = origin === process.env.REACT_APP_AUTH_BASE_URI && type === 'pgaAuth'

  if (isValidType) {
    const { apolloClient } = this.props
    const isLoggedIn = !!(user && user.id_token)
    const authReady = true

    if (!isLoggedIn) {
      this.setState({ authReady, isLoggedIn, user })
      clearToken()
    } else {
      setToken(user.id_token)

      try {
        const { data: { me }, errors } = await apolloClient.query({ query: GET_USER_DATA })

        if (errors || !me) throw new Error(`User not logged in`)

        this.setState({ authReady, isLoggedIn, user, me })
      } catch (err) {
        this.setState({ authReady, isLoggedIn: false, user: null, me: null })
        clearToken()
      }
    }
  }
}

Important to note that we do not wait for the query to resolve and then render the children (as we did with our previous frontend-based auth), but we render them instantly:

render () {
  const authRelayUrl = `${process.env.REACT_APP_AUTH_BASE_URI}/relay.html?parent=${window.location.origin}`

  return (
    <Provider value={this.state}>
      {this.props.children}
      <AuthRelayFrame src={authRelayUrl} />
    </Provider>
  )
}

However, we pass on the authReady property along with the provided auth state to be consumed by the children. This way we render the public routes asap regardless of the login status (as we should), and make it <PrivateRoute />'s responsibility to restrict the access to authenticated users only, and wait for authReady if needed.

withAuthProvider

A HOC wrapper around our AuthConsumer (a React Context Consumer) which passes the auth provider state to the wrapped component. This is helpful when we need to pass the auth state to our components. For example in our <AuthHeader />, where we need to know whether the user is logged in and access user's data (avatar, email, name etc.) we may use withAuthProvider(AuthHeader). Right now the data we are passing to the wrapped components looks like this:

{
  authReady: true,    // (true | false)   — whether we've loaded the initial session from the server
  isLoggedIn: false,  // (true | false)   — user's login status
  user: {/* ... */}   // (Object | null)  - OneLogin's token data (id_token, profile, custom_fields ...)
  me: {               // (Object | null)  — user's data
    class: 'B6',
    firstName: 'John',
    id: '12345678',
    lastName: 'Doe',
    phoneNumber: '5555555555',
    photo: null,
    primaryEmail: 'jdoe@example.com',
    type: 'MB',
    __typename: 'Member'
  }
}

<PrivateRoute />

<PrivateRoute /> requires authentication, or it redirects the user for login. It's basically a Route Component wrapped in a React Context Consumer (our AuthConsumer) with AuthProvider's withAuthProvider(). It gets AuthProvider's state ({ isLoggedIn, authReady, user, me }), and additionally we can pass in returnTo prop (if accessing the route without being authenticated) — the URL to return the users to once they log in at OneLogin — defaults to the route trying to access.

Readme

Keywords

Package Sidebar

Install

npm i @pga/auth-provider

Weekly Downloads

100

Version

0.0.35

License

ISC

Unpacked Size

71.5 kB

Total Files

32

Last publish

Collaborators

  • silvait
  • bsubedi26
  • jasonwalkow
  • kevinjscott
  • pgamachineuser
Try on RunKit
Report malware