Auth0 SDK for React Single Page Applications (SPA).
- Documentation
- Installation
- Getting Started
- Contributing
- Support + Feedback
- Troubleshooting
- Vulnerability Reporting
- What is Auth0
- License
Using npm
npm install @auth0/auth0-react
Using yarn
yarn add @auth0/auth0-react
Configure the SDK by wrapping your application in Auth0Provider
:
// src/index.js
import React from 'react';
import ReactDOM from 'react-dom';
import { Auth0Provider } from '@auth0/auth0-react';
import App from './App';
ReactDOM.render(
<Auth0Provider
domain="YOUR_AUTH0_DOMAIN"
clientId="YOUR_AUTH0_CLIENT_ID"
redirectUri={window.location.origin}
>
<App />
</Auth0Provider>,
document.getElementById('app')
);
Use the useAuth0
hook in your components to access authentication state (isLoading
, isAuthenticated
and user
) and authentication methods (loginWithRedirect
and logout
):
// src/App.js
import React from 'react';
import { useAuth0 } from '@auth0/auth0-react';
function App() {
const {
isLoading,
isAuthenticated,
error,
user,
loginWithRedirect,
logout,
} = useAuth0();
if (isLoading) {
return <div>Loading...</div>;
}
if (error) {
return <div>Oops... {error.message}</div>;
}
if (isAuthenticated) {
return (
<div>
Hello {user.name}{' '}
<button onClick={() => logout({ returnTo: window.location.origin })}>
Log out
</button>
</div>
);
} else {
return <button onClick={loginWithRedirect}>Log in</button>;
}
}
export default App;
Use the withAuth0
higher order component to add the auth0
property to Class components:
import React, { Component } from 'react';
import { withAuth0 } from '@auth0/auth0-react';
class Profile extends Component {
render() {
// `this.props.auth0` has all the same properties as the `useAuth0` hook
const { user } = this.props.auth0;
return <div>Hello {user.name}</div>;
}
}
export default withAuth0(Profile);
Protect a route component using the withAuthenticationRequired
higher order component. Visits to this route when unauthenticated will redirect the user to the login page and back to this page after login:
import React from 'react';
import { withAuthenticationRequired } from '@auth0/auth0-react';
const PrivateRoute = () => <div>Private</div>;
export default withAuthenticationRequired(PrivateRoute, {
// Show a message while the user waits to be redirected to the login page.
onRedirecting: () => <div>Redirecting you to the login page...</div>,
});
Note If you are using a custom router, you will need to supply the Auth0Provider
with a custom onRedirectCallback
method to perform the action that returns the user to the protected page. See examples for react-router, Gatsby and Next.js.
Call a protected API with an Access Token:
import React, { useEffect, useState } from 'react';
import { useAuth0 } from '@auth0/auth0-react';
const Posts = () => {
const { getAccessTokenSilently } = useAuth0();
const [posts, setPosts] = useState(null);
useEffect(() => {
(async () => {
try {
const token = await getAccessTokenSilently({
audience: 'https://api.example.com/',
scope: 'read:posts',
});
const response = await fetch('https://api.example.com/posts', {
headers: {
Authorization: `Bearer ${token}`,
},
});
setPosts(await response.json());
} catch (e) {
console.error(e);
}
})();
}, [getAccessTokenSilently]);
if (!posts) {
return <div>Loading...</div>;
}
return (
<ul>
{posts.map((post, index) => {
return <li key={index}>{post}</li>;
})}
</ul>
);
};
export default Posts;
For a more detailed example see how to create a useApi
hook for accessing protected APIs with an access token.
We appreciate feedback and contribution to this repo! Before you get started, please see the following:
- Auth0's general contribution guidelines
- Auth0's code of conduct guidelines
- This repo's contribution guide
For support or to provide feedback, please raise an issue on our issue tracker.
For information on how to solve common problems, check out the Troubleshooting guide
Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.
Auth0 helps you to easily:
- Implement authentication with multiple identity providers, including social (e.g., Google, Facebook, Microsoft, LinkedIn, GitHub, Twitter, etc), or enterprise (e.g., Windows Azure AD, Google Apps, Active Directory, ADFS, SAML, etc.)
- Log in users with username/password databases, passwordless, or multi-factor authentication
- Link multiple user accounts together
- Generate signed JSON Web Tokens to authorize your API calls and flow the user identity securely
- Access demographics and analytics detailing how, when, and where users are logging in
- Enrich user profiles from other data sources using customizable JavaScript rules
This project is licensed under the MIT license. See the LICENSE file for more info.