React, auth0, Gatsby, NextJS

Advanced React Security Patterns

91 Lessons

Security for React applications is a complex and wide-reaching topic. In this course, we'll look at implementing authentication and security best practices in React and many of the other tools that surround it. We'll explore various authentication methods, including JSON Web Tokens and cookies/sessions to determine the most suitable approach for various scenarios. The course covers essential security practices to safeguard data effectively and addresses common concerns about code inspection in browsers. Additionally, the course provides insights into applying authentication techniques in different React frameworks such as Gatsby and Next.js. It also delves into how to handle authentication in serverless functions, how to think about auth when it comes to GraphQL, and how to incorporate third-party authentication providers into our React apps.

Getting Started

Download the Code for the Course

Install Global Dependencies

Take a Tour of the Orbit App

Prerequisites for the Course

Refreshing JSON Web Tokens

Run the App and API

User Experience Problems with JWTs

How Refresh Tokens Work

Add an API Proxy

Add a Refresh Token Model

Save the Refresh Token in a Cookie

Add a Token Refresh Endpoint

Get a New Token in the Auth Debugger

Get a New Token on 401 Errors

Automatically Retry Post Requests

Add a Refresh Token Invalidation Endpoint

Add an Expiry Time to the Refresh Token

Switching to Cookies and Sessions

Add a CSRF Token

Run the App and API

Add an API Proxy

Install and Configure express-session

Set a Session on Login and Signup

Add a Session-Based Middleware

Add a Logout Endpoint

Add a Public Axios Instance

Create a User Info Endpoint

Check if the User is Authenticated

Refactor AuthContext

Refactor Login and Signup

Refactor the API

Add a Persistent Session Store

Strengthen the Session Cookie

Third Party Authentication Providers

Use the Auth0 Role in the React App

Request Scopes for an Access Token

Apply Scope Check Middleware to Endpoints

Add a Custom User ID with an Auth0 Rule

Allow Users to Log Out

Display the User's Name and Picture

Remove AuthContext, Login, and Signup

Renew Access Tokens

Create a User in Auth0

Set Up an API and Permissions

Add User Roles in Auth0

Use the Universal Login Screen

Install the Auth0-React SDK

Redirect Users to Auth0 to Log In

Use isLoading to Wait for Authentication

Use isAuthenticated to Check Auth Status

Get an Access Token from Auth0

Use a JWKS Verification Middleware

Augment the User's Profile with a Rule

Run the App and API

Why Use a Third-Party Auth Provider?

Configure Application URLs

Authentication and Authorization for GraphQL

Run the App and API

Tour the GraphQL Implementation

Include a JWT in a GraphQL Request

Add the User to the GraphQL Context Object

Check Authorization in a Resolver

Add a Function to Check the User's Role

Define an Auth Schema Directive

Add a Custom Directive Class

Complete the Auth Directive Class

Apply the Auth Directive to the Schema

Use the User's Sub Claim

Redirect to the Login Page

Authentication and Authorization for GatsbyJS

Tour the Gatsby App Setup

Run the App and API

Wrap the Root Element with Providers

Create Client-Side Routes

Make Login and Signup be Client-Side Routes

Check the Environment when Building the App

Authentication and Authorization for Next.js

Install Dependencies and Run the App

Tour the Next.js Project Code

Make Calls for Data on the Server Side

Add an Authorization Middleware

Add an Admin Authorization Middleware

Check for Authentication on the Client

Check for the Admin Role on the Client

Serverless Authentication

Run the App and API

Set Up a Directory for Serverless Functions

Create a Basic Serverless Function

Configure a Proxy to Netlify

Get Data from a Serverless Function

Check Authorization in a Serverless Function

Connect to a Database from a Serverless Function

Query a Database from a Serverless Function

Add a Role Check

Challenge: Complete the Remaining Endpoints

Getting Started

Download the Code for the Course

;

Install Global Dependencies

;

Take a Tour of the Orbit App

;

Prerequisites for the Course

;

Refreshing JSON Web Tokens

Run the App and API

;

User Experience Problems with JWTs

;

How Refresh Tokens Work

;

Add an API Proxy

;

Add a Refresh Token Model

;

Save the Refresh Token in a Cookie

;

Add a Token Refresh Endpoint

;

Get a New Token in the Auth Debugger

;

Get a New Token on 401 Errors

;

Automatically Retry Post Requests

;

Add a Refresh Token Invalidation Endpoint

;

Add an Expiry Time to the Refresh Token

;

Switching to Cookies and Sessions

Add a CSRF Token

;

Run the App and API

;

Add an API Proxy

;

Install and Configure express-session

;

Set a Session on Login and Signup

;

Add a Session-Based Middleware

;

Add a Logout Endpoint

;

Add a Public Axios Instance

;

Create a User Info Endpoint

;

Check if the User is Authenticated

;

Refactor AuthContext

;

Refactor Login and Signup

;

Refactor the API

;

Add a Persistent Session Store

;

Strengthen the Session Cookie

;

Third Party Authentication Providers

Use the Auth0 Role in the React App

;

Request Scopes for an Access Token

;

Apply Scope Check Middleware to Endpoints

;

Add a Custom User ID with an Auth0 Rule

;

Allow Users to Log Out

;

Display the User's Name and Picture

;

Remove AuthContext, Login, and Signup

;

Renew Access Tokens

;

Create a User in Auth0

;

Set Up an API and Permissions

;

Add User Roles in Auth0

;

Use the Universal Login Screen

;

Install the Auth0-React SDK

;

Redirect Users to Auth0 to Log In

;

Use isLoading to Wait for Authentication

;

Use isAuthenticated to Check Auth Status

;

Get an Access Token from Auth0

;

Use a JWKS Verification Middleware

;

Augment the User's Profile with a Rule

;

Run the App and API

;

Why Use a Third-Party Auth Provider?

;

Configure Application URLs

;

Authentication and Authorization for GraphQL

Run the App and API

;

Tour the GraphQL Implementation

;

Include a JWT in a GraphQL Request

;

Add the User to the GraphQL Context Object

;

Check Authorization in a Resolver

;

Add a Function to Check the User's Role

;

Define an Auth Schema Directive

;

Add a Custom Directive Class

;

Complete the Auth Directive Class

;

Apply the Auth Directive to the Schema

;

Use the User's Sub Claim

;

Redirect to the Login Page

;

Authentication and Authorization for GatsbyJS

Tour the Gatsby App Setup

;

Run the App and API

;

Wrap the Root Element with Providers

;

Create Client-Side Routes

;

Make Login and Signup be Client-Side Routes

;

Check the Environment when Building the App

;

Authentication and Authorization for Next.js

Install Dependencies and Run the App

;

Tour the Next.js Project Code

;

Make Calls for Data on the Server Side

;

Add an Authorization Middleware

;

Add an Admin Authorization Middleware

;

Check for Authentication on the Client

;

Check for the Admin Role on the Client

;

Serverless Authentication

Run the App and API

;

Set Up a Directory for Serverless Functions

;

Create a Basic Serverless Function

;

Configure a Proxy to Netlify

;

Get Data from a Serverless Function

;

Check Authorization in a Serverless Function

;

Connect to a Database from a Serverless Function

;

Query a Database from a Serverless Function

;

Add a Role Check

;

Challenge: Complete the Remaining Endpoints

;