React User Authentication - JWT Token Authentication
This article explains how to enhance any React template with JWT (Json WEB Tokens) authentication using a simple Node JS API Backend.
Hello!
This article explains how to Add User Authentication to React using JSON Web Tokens (JWT). We will start using an open-source template and mention all implementation steps that enhance the codebase. In the end, the project will be able to register and authenticate users using an open-source Node JS API Server that exposes authentication routes and manages the persistence in the same way as this LIVE DEMO.
Thanks for reading! Content provided by App Generator
- ✨ Section #1: Clone the React Template
- ✨ Section #2: Analyze the Codebase
- ✨ Section #3: Code the API for backend communication
- ✨ Section #4: Code the React Store (frontend persistence)
- ✨ Section #5: Code the Authentication Flow
- ✨ Section #6: Start the Node JS API Backend
- ✨ Section #7: Start the React UI and test the authentication
- ✨ Section #8: Open-source React Samples
- ✨ Section #9: Links & Resources
✨ #1 - Download the React Template
The template used in this article is React Soft Dashboard, an open-source product crafted by Creative-Tim and the source code can be downloaded from the product page. In case this design is not what you're looking for, feel free to use another one and adapt the code instructions to the new structure.
- React Soft Dashboard - product page
- React Soft Dashboard - source code (Github)
To successfully compile and run the project, the workstation should have a decent version of Node JS (12.x or above), GIT, and a modern code editor like VsCode or Atom. Here are the steps to compile the template using the source code published on Github:
👉 Step #1 - Clone sources using GIT
$ git clone https://github.com/creativetimofficial/soft-ui-dashboard-react.git
$ cd soft-ui-dashboard-react
👉 Step #2 - Install modules
$ npm i
// OR
$ yarn
👉 Step #3 - Start for development (with LIVE reload)
$ npm run start
// OR
$ yarn start
✨ #2 - Analyze the Codebase
After the download, the first logical step is to look around and see how the project is structured.
- Detect master pages (layouts)
- Locate the authentication pages: SignIN, Register.
Sometimes, such pages aren't provided but in this case, we can use the default versions shipped by the template.
soft-ui-dashboard-react
├── public
│ ├── index.html <!-- Page where the app is injected -->
├── src
│ ├── assets
│ │ ├── images
│ │ └── theme
│ ├── components
│ ├── examples
│ │ ├── Charts <!-- Charts component -->
│ │ ├── Footer <!-- Footer component -->
│ │ ├── Navbars
│ ├── layouts
│ │ ├── authentication
│ │ │ ├── sign-in <!-- Login Page -->
│ │ │ └── sign-up <!-- SignUP Page -->
│ │ ├── billing
│ │ ├── dashboard <!-- Dashboard Layout -->
│ │ ├── profile
│ │ ├── rtl <!-- RTL Layout -->
│ │ ├── tables
│ │ └── virtual-reality
│ ├── App.js
│ ├── index.js
│ └── routes.js
├── package.json <!-- Project Builder -->
└── README.md <!-- Contains Build Info -->
✨ #3 - Code the Client API
This section presents the necessary code that provides network communication with the API backend using Axios, a popular HTTP client. For newcomers, Axios is a library executable on the client and server-side (Node JS) using the same codebase. For more information about Axios, feel free to access the official docs or play with the free samples. Let's move forward and code our simple API interface:
👉 Step #1 - Create a configuration file used by the API
The file defines all the constants used in different places and contexts. For now, we need only the API_SERVER address:
// File: src/config/constant.js
export const API_SERVER = "http://localhost:5000/api/";
👉 Step #2 - Create a new folder
apiinsrcfolder👉 Step #3 - Create an
index.jsfile with API configuration
import Axios from "axios";
import { API_SERVER } from "../config/constant";
const axios = Axios.create({
baseURL: `${API_SERVER}`,
headers: { "Content-Type": "application/json" },
});
axios.interceptors.request.use(
(config) => {
return Promise.resolve(config);
},
(error) => Promise.reject(error)
);
axios.interceptors.response.use(
(response) => Promise.resolve(response),
(error) => {
return Promise.reject(error);
}
);
export default axios;
});
👉 Step #4 - Create
auth.jsthat contains all API calls
import axios from "./index";
class AuthApi {
static Login = (data) => {
return axios.post(`users/login`, data);
};
// don't forget to add the register and logout methods
}
export default AuthApi;
At this point, our client-side API is coded and configured to communicate with the backend.
✨ #4 - Code the React Store
In many React Apps, you will find that their store is based on React-Redux. Here we use React Context. We need to create the store in order to keep track of the user's account and determine whether we should allow the user on certain pages if they are not logged in.
👉 Step #1 - Create a new
contextfolder insrc
The file src/context/auth.context.js contains the following code:
const AuthContext = React.createContext(null);
export const AuthProvider = ({ userData, children }) => {
let [user, setUser] = React.useState(userData);
return (
<AuthContext.Provider value={{ user, setUser }}>
{children}
</AuthContext.Provider>
);
};
export const useAuth = () => React.useContext(AuthContext);
👉 Step #2 - Bind together
Context Providerand theAppobject
const App = () => {
// we get the user from the localStorage because that's where we will save their account on the login process
let user = localStorage.getItem("user");
user = JSON.parse(user);
return (
<AuthProvider userData={user}>
<Routes />
</AuthProvider>
);
};
export default App;
👉 Step #3 - Define protected Routes
We need this feature in order to redirect guest users to authenticate before accessing the private pages (dashboard, profile page..).
export const ProtectedRoute = ({..rest }) => {
let { user } = useAuth();
if (!user || !user.token || user.token === "") {
return (
// component which inform the user that they must be logged in
);
}
// let user through if they're logged in
return <Route {..rest} />;
};
Below we have 2 examples of both protected and unprotected routes:
<ProtectedRoute path="/rtl" component={RtlLayout} />
<Route path="/auth" component={AuthLayout} />
✨ #5 - Code the Auth Flow
After you have identified the Auth Components you can start creating the Authentication process We'll take the Login Component as an example:
const login = async (event) => {
if (event) {
event.preventDefault();
}
//handle exceptions like: no email entered, no password entered, here.
try {
let response = await AuthApi.Login({
email,
password,
});
if (response.data && response.data.success === false) {
//display error coming from server
return setError(response.data.msg);
}
return setProfile(response);
} catch (err) {
//display error originating from server / other sources
console.log(err);
if (err.response) {
return setError(err.response.data.msg);
}
return setError("There has been an error.");
}
};
On success (user credentials are good) setProfile helper is called to save the user information in the app store.
const setProfile = (response) => {
let user = { ...response.data.user };
user.token = response.data.token;
user = JSON.stringify(user);
//setUser is imported from the useAuth React Context
setUser(user);
//also set the user in local storage
localStorage.setItem("user", user);
return history.push("/admin/dashboard");
};
The above code snippet extracts and saves the JWT Token for later use (logout, user profile request).
✨ #6 - Start the Node JS API
The Node JS Backend server is a simple one that exposes three API methods called from React, via Axios library:
👉 SignUP Method -
api/users/register
POST api/users/register
Content-Type: application/json
{
"username":"test",
"password":"pass",
"email":"test@appseed.us"
}
👉 SignIN Method -
api/users/login
POST /api/users/login
Content-Type: application/json
{
"password":"pass",
"email":"test@appseed.us"
}
👉 Logout Method - api/users/logout
POST api/users/logout
Content-Type: application/json
authorization: JWT_TOKEN (returned by Login request)
{
"token":"JWT_TOKEN"
}
For the complete information regarding this simple API server, feel free to access the public repository or the official documentation. Now, back to our tutorial, let's download and start the server:
👉 Step #1 - Clone the sources
$ git clone https://github.com/app-generator/api-server-nodejs.git
$ cd api-server-nodejs
👉 Step #2 - Install dependencies via NPM or Yarn
$ npm i
// OR
$ yarn
👉 Step #3 - Run the
SQLitemigration viaTypeORM
$ yarn typeorm migration:run
👉 Step #4 - Start the API server (development mode)
$ npm dev
// OR
$ yarn dev
At this point, the API server should be up and running on port 5000, the same port expected by the React UI in the configuration (Section #3).
// File: src/config/constant.js
export const API_SERVER = "http://localhost:5000/api/";
✨ #7 - Start React Soft Dashboard
All the above sample code can be found and downloaded from Github under the MIT License and used for commercial or learning projects. Let's access the public repository and compile the React frontend by following the instructions provided in the README file.
- 👉 React Soft Dashboard - (full-stack version) source code
- 👉 React Soft Dashboard - (full-stack version) LIVE Demo
Here are the necessary steps to download and compile Soft Dashboard React:
$ git clone https://github.com/app-generator/react-soft-ui-dashboard.git
$ cd react-soft-ui-dashboard
$ npm i
// OR
$ yarn
$ npm run start
// OR
$ yarn start
At this point, we should be able to visit the app in the browser on port 3000, register new users, authenticate and interact with the UI.
✨ #9 - Links & Resources
Authentication is an important feature for any product and JWT Authentication especially implemented in the right way will make an end-product more secure and reliable in front of the end-users. Here are some links related to this topic:
- Introduction to JSON Web Tokens - a comprehensive article
- JSON Web Tokens - provided by Auth0 Service
- Security Issues in JWT Authentication- written by Olivia Harris