@osuresearch/auth
TypeScript icon, indicating that this package has built-in type declarations

3.2.2 • Public • Published

🛡 OSU Research Auth

npm@latest

React components for authentication and authorization

Requirements

A backend API is required for user session handling.

For internal developers, these APIs are already provided with our GraphQL and REST application templates.

GitHub documentation is a work in progress.

Installation

npm install @osuresearch/auth

Usage

Wrap your main app with an AuthProvider to automatically handle session expirations:

import {
    AuthProvider,
    GraphQL,
    Profile
} from '@osuresearch/auth';

function App() {
    return (
        <AuthProvider driver={GraphQL()}>
            <header>
                ...
            </header>
            <main>
                ...
            </main>
        </AuthProvider>
    );
}

The useIdentity hook can then be used to provide logged in user information and the <Can> component can test for permissions:

import { useIdentity, Can } from '@osuresearch/auth';

function MyComponent() {
    const { user } = useIdentity();

    return (
        <div>
            <p>Hello {user.name}</p>

            <Can do="my-app.read-reports">
                <Link to="/reports">Read reports</Link>
            </Can>
        </div>
    );
}

For more comprehensive examples, see the wiki.

Testing SSO Expirations

Since local development does not have Shibboleth SSO installed - you need to perform some extra work to test a forced logout state for your application.

  1. Log into your app normally and interact with it.
  2. In your .htaccess file - add the below rule immediately following the RewriteCond for API requests and before any other RewriteRules:
# Fake a Shibboleth session timeout on API requests.
RedirectMatch ^ "https://webauth.service.ohio-state.edu/idp/profile/SAML2/Redirect/SSO?SAMLRequest=BadRequest"
  1. Wait for your application to log the user out (can take upwards of 5 minutes). Meanwhile - you can interact with other requests to identify places where they will fail and add logic to handle it gracefully (as all API requests will give you failures during the window between the forced logout and @osuresearch/auth checking authentication state).
  2. Remove the RedirectMatch to re-enable the application (would be equivalent to a user going through Shibboleth authentication again)

Changelog

The changelog can be found on the Releases page.

Changes prior to 3.2 can be found in CHANGELOG.md.

Authors and license

Chase McManning and contributors.

MIT License, see the included LICENSE file.

Package Sidebar

Install

npm i @osuresearch/auth

Weekly Downloads

5

Version

3.2.2

License

MIT

Unpacked Size

98.8 kB

Total Files

75

Last publish

Collaborators

  • mcmanning