This React code sample demonstrates how to implement authentication with Auth0 by Okta in a React Single-Page Application (SPA) that uses React Router 6 and powers up the "React Authentication By Example: React Router 6" guide.
React Code Sample Specs
This code sample uses the following tools:
- React
v18.2.0 - React Router
v6.3.0 - Auth0 React SDK
v2.0.0
The React project dependency installations were tested with npm v8.5.5. Running the React application was tested using Node.js v16.15.0.
Quick Auth0 Set Up
First and foremost, if you haven't already, sign up for an Auth0 account to connect your application with the Auth0 Identity Platform.
Next, you'll connect your Single-Page Application (SPA) with Auth0. You'll need to create an application registration in the Auth0 Dashboard and get two configuration values: the Auth0 Domain and the Auth0 Client ID. You'll also need to define an Auth0 Audience value within your project to practice making secure calls to an external API.
Get the Auth0 domain and client ID
-
Open the Applications section of the Auth0 Dashboard.
-
Click on the Create Application button and fill out the form with the following values:
Hello World Client
- Click on the Create button.
An Auth0 Application page loads up.
As such, click on the "Settings" tab of your Auth0 Application page, locate the "Application URIs" section, and fill in the following values:
http://localhost:4040/callback
http://localhost:4040
http://localhost:4040
Scroll down and click the "Save Changes" button.
Next, locate the "Basic Information" section.
When you enter a value in the input fields present on this page, any code snippet that uses such value updates to reflect it. Using the input fields makes it easy to copy and paste code as you follow along.
As such, enter the "Domain" and "Client ID" values in the following fields to set up your single-page application in the next section:
Set Up the React Code Sample
Start by cloning the project into your local machine:
git clone https://github.com/auth0-developer-hub/spa_react_javascript_hello-world.git
Make the project directory your current working directory:
cd spa_react_javascript_hello-world
Then, check out the basic-authentication branch, which holds all the React code related to implementing basic user authentication with Auth0:
git checkout basic-authentication
Next, install the React project dependencies:
npm install
Create a .env file under the root project directory:
touch .env
Populate it with the following environment variables:
REACT_APP_AUTH0_DOMAIN=AUTH0-DOMAINREACT_APP_AUTH0_CLIENT_ID=AUTH0-CLIENT-IDREACT_APP_AUTH0_CALLBACK_URL=http://localhost:4040/callbackREACT_APP_API_SERVER_URL=http://localhost:6060
This React code sample is compatible with any "Auth0 Hello World" API code samples, which run on http://localhost:6060 by default. However, the basic-authentication branch mocks the external API server using json-server.
Execute the following command to run the JSON server API:
npm run api
Finally, open another terminal tab and execute this command to run your React application:
npm start
Use the React Sample Application
You can now visit http://localhost:4040/ to access the application.
If you want to learn how to implement user authentication in React step by step, check out the "React Authentication By Example: React Router 6".
When you click on the "Log In" button, React takes you to the Auth0 Universal Login page. Your users can log in to your application through a page hosted by Auth0, which provides them with a secure, standards-based login experience that you can customize with your own branding and various authentication methods, such as logging in with a username and password or with a social provider like Facebook or Google.
Once you log in, visit the protected "Profile" page to see all the user profile information that Auth0 securely shares with your application using ID tokens:
You can test that the protected React routes require users to log in before accessing them. Click on the "Log Out" button and try to access the Profile page, Protected page, or the Admin page:
If everything is working as expected, React redirects you to log in with Auth0.
A note on React.StrictMode and React v18
While running this React v18 code sample locally in development mode, you'll notice that in some scenarios React makes the same API call twice. Open your browser's developer tools to analyze the network traffic and calls. Then, visit either the /public page, the /protected page, or the /admin page. You'll see that React calls your "Hello World" API twice.
React is working as expected. There is nothing wrong going on. React v18 makes React stricter by introducing a new development-only check to React.StrictMode, which this code sample application uses.
The React v18 changelog explains that "React will automatically unmount and remount every component, whenever a component mounts for the first time, restoring the previous state on the second mount. If this breaks your app, consider removing Strict Mode until you can fix the components to be resilient to remounting with existing state."
However, when you run your React v18 applications in production, React will only make one request.
Connect the React Code Sample with an API Server
Before you can practice requesting protected resources from an external API server using access tokens, you need to set up and configure an API with Auth0. You can pair this React code sample with any of our "Hello World" API server code samples.
Set up a Hello World API server
Pick an API code sample in your preferred backend framework and language from the list below and follow the instructions on the code sample page to set it up. Once you complete the sample API server set up, please return to this React code sample page to learn how to integrate that API server with your React application.
While setting up the API server code sample, you created an Auth0 Audience value. Store that value in the following field so that you can use it throughout the instructions present in this section easily:
Set up the React client application
If you haven't cloned the repository already, start by cloning the React project into your local machine:
git clone https://github.com/auth0-developer-hub/spa_react_javascript_hello-world.git
Make the project directory your current working directory:
cd spa_react_javascript_hello-world
Then, check out the basic-authentication-with-api-integration branch:
git checkout basic-authentication-with-api-integration
Next, install the React project dependencies:
npm install
Now, either create or update the .env file under the React project directory with the following:
REACT_APP_AUTH0_DOMAIN=AUTH0-DOMAINREACT_APP_AUTH0_CLIENT_ID=AUTH0-CLIENT-IDREACT_APP_AUTH0_CALLBACK_URL=http://localhost:4040/callbackREACT_APP_API_SERVER_URL=http://localhost:6060REACT_APP_AUTH0_AUDIENCE=AUTH0-AUDIENCE
This time around, you include a REACT_APP_AUTH0_AUDIENCE value, which is an identifier that represents the compatible Hello World API you just registered in your Auth0 tenant. This identifier is also known as the Auth0 audience. Your React application must provide this value to the Auth0 authorization server in order to get a valid access token to make authenticated requests to the compatible external API.
If you haven't started the React application yet, execute this command to run it:
npm start
Now your React is all set up to request protected data from the "Hello World" API server of your choice. Ensure that your API server is running and visit the Protected page or the Admin page of your React application:
Verify that these pages are displaying the relevant messages from the API.
This basic-authentication-with-api-integration branch of the code sample repository demonstrates how to request protected data from an API using access tokens in React.