Before getting started, I want you to also check this article on how charge API work in fintech. Please checkhere

The management of user access stands as a pivotal aspect of web application development. In this comprehensive guide, you will learn and understand the intricate workings of authorization and authentication in React.js. This article caters to readers possessing a fundamental understanding of React, providing them with invaluable insights. Moreover, seasoned front-end engineers will discover a detailed workflow for session management within the realm of this guide.

To get started, you will need to set up aReact project by running the command

npx create-react-app your-project-name

Also, you can run

npminstallreact-router-dom

This will help you installReact Router Dom for an efficient routing system.

Build Login Component

We'll start with a simple login component that accepts two inputs: an email field and a password field. When anonChange event occurs, these two input fields trigger thehandleInput function. The name attribute on the input is also used by the function to set the input state. This is an effective method for managing input fields in ReactJS. If the button is pressed, the parent listens for anonSubmit event and invokes thehandleSubmitEvent handler.

import{useState}from"react";constLogin=()=>{const[input,setInput]=useState({username:"",password:"",});consthandleSubmitEvent=(e)=>{e.preventDefault();if(input.username!==""&&input.password!==""){//dispatch action from hooks}alert("please provide a valid input");};consthandleInput=(e)=>{const{name,value}=e.target;setInput((prev)=>({...prev,[name]:value,}));};return(<formonSubmit={handleSubmitEvent}><divclassName="form_control"><labelhtmlFor="user-email">Email:</label><inputtype="email"id="user-email"name="email"placeholder="example@yahoo.com"aria-describedby="user-email"aria-invalid="false"onChange={handleInput}/><divid="user-email"className="sr-only">Pleaseenteravalidusername.Itmustcontainatleast6characters.</div></div><divclassName="form_control"><labelhtmlFor="password">Password:</label><inputtype="password"id="password"name="password"aria-describedby="user-password"aria-invalid="false"onChange={handleInput}/><divid="user-password"className="sr-only">yourpasswordshouldbemorethan6character</div></div><buttonclassName="btn-submit">Submit</button></form>);};exportdefaultLogin;

This image shows the output of our login component, which contains two input fields and a button.

Create AuthContext and AuthProvider

Thecontext API is generally used for managing states that will be needed across an application. For example, we need our user data or tokens that are returned as part of the login response in the dashboard components. Also, some parts of our application need user data as well, so making use of the context API is more than solving the problem for us.

Next, in anAuthProvider.js file, create an AuthContext for managing the user state and an AuthProvider for consuming the content of our context.

import{useContext,createContext}from"react";constAuthContext=createContext();constAuthProvider=({children})=>{return<AuthContext.Provider>{children}</AuthContext.Provider>;};exportdefaultAuthProvider;exportconstuseAuth=()=>{returnuseContext(AuthContext);};

The code set up above is used for creating the authentication context in React using the Context API. It creates anAuthContext usingcreateContext() to manage the authentication state.

TheAuthProvider component is designed to wrap the application and provide the authentication context to its child components using theAuthContext.Provider.

TheuseAuthcustom hook utilizesuseContext to access the authentication context from within components, allowing them to consume the authentication state and related functions stored in the context. As this article progresses, we will add the authentication logics that control the login and logout processes, passing them via the AuthContext.Provider. You will then have access to them and be able to use them when you call the useAuth function.

Next, import and wrap theAuthProvider around the app content inApp.js.

importAuthProviderfrom"./hooks/AuthProvider";functionApp(){return(<divclassName="App"><AuthProvider>{/* App content */}</AuthProvider></div>);}exportdefaultApp;

Now that theAuthProvider has been wrapped around the App components, we can access all the context values in any of our pages or components within the application when we add all the routes needed to the App component.

Create Authentication Logic

Next, the AuthProvider component will be updated with login and logout functions. This function will be passed down through theAuthContext.Provider and it will be accessible globally.

import{useContext,createContext,useState}from"react";import{useNavigate}from"react-router-dom";constAuthContext=createContext();constAuthProvider=({children})=>{const[user,setUser]=useState(null);const[token,setToken]=useState(localStorage.getItem("site")||"");constnavigate=useNavigate();constloginAction=async(data)=>{try{constresponse=awaitfetch("your-api-endpoint/auth/login",{method:"POST",headers:{"Content-Type":"application/json",},body:JSON.stringify(data),});constres=awaitresponse.json();if(res.data){setUser(res.data.user);setToken(res.token);localStorage.setItem("site",res.token);navigate("/dashboard");return;}thrownewError(res.message);}catch(err){console.error(err);}};constlogOut=()=>{setUser(null);setToken("");localStorage.removeItem("site");navigate("/login");};return(<AuthContext.Providervalue={{token,user,loginAction,logOut}}>{children}</AuthContext.Provider>);};exportdefaultAuthProvider;exportconstuseAuth=()=>{returnuseContext(AuthContext);};

In this code, theAuthProvider component manages the user authentication state, providing functionalities like login, logout, and token storage usinguseState hooks.

TheloginAction function handles user login by sending aPOST request to an authentication endpoint, updating the user and token state upon a successful response, and storing the token inlocal storage.

ThelogOut function clears user and token data, removing the token from local storage. TheAuthContext.Provider makes the authentication state and related functions available to its child components, accessible via theuseAuth hook, enabling components to consume authentication data and actions within the application.

Protect Routes with Authorization

Next up, we will set up a route guard that protects any route that is private in the application. To achieve this, theuseAuth hook for accessing our context data will be needed. Here is the code on how to work through it.

importReactfrom"react";import{Navigate,Outlet}from"react-router-dom";import{useAuth}from"../hooks/AuthProvider";constPrivateRoute=()=>{constuser=useAuth();if(!user.token)return<Navigateto="/login"/>;return<Outlet/>;};exportdefaultPrivateRoute;

This code defines aPrivateRoute component for handling authentication. It utilizes theuseAuth hook from theAuthProvider to access user authentication data. If the user does not possess a token, indicating they are not logged in, the code triggers a redirect to the/login route using the<Navigate> component. Otherwise, it renders the child components nested within thePrivateRoute component accessed via<Outlet />, allowing authenticated users to access the protected routes while redirecting unauthenticated users to the login page.

Add Routing

Next, we will update theApp.js component by adding routing to it. It serves as the root component, enclosing the entire application. Within theApp.js, it uses the Router component to set up the routing mechanism.

import{BrowserRouterasRouter,Route,Routes}from"react-router-dom";importLoginfrom"./components/Login";importDashboardfrom"./components/Dashboard";importAuthProviderfrom"./hooks/AuthProvider";importPrivateRoutefrom"./router/route";functionApp(){return(<divclassName="App"><Router><AuthProvider><Routes><Routepath="/login"element={<Login/>}/><Routeelement={<PrivateRoute/>}><Routepath="/dashboard"element={<Dashboard/>}/></Route>{/* Other routes */}</Routes></AuthProvider></Router></div>);}exportdefaultApp;

TheRoutes component establishes the route configuration: the '/login' path is mapped to the Login component, rendering it when the URL matches. The<PrivateRoute /> component serves as a guard for protecting the/dashboard route. When a user navigates to/dashboard, thePrivateRoute checks for authentication using theAuthProvider. If the user is authenticated (has a token), it renders the Dashboard component; otherwise, it redirects to the/login route, ensuring protected access to the dashboard.

API Integration

If you've reached this point, great job! We're nearing the end of this article. Yet there are a few more steps to cover. We've successfully created a login component, established an AuthContext to manage user sessions, and set up a route guard. Now, the next step is to trigger the login action by utilizing theuseAuth hook to access the function. This approach enables thehandleSubmitEvent function in the Login Component to trigger the API request. Upon a successful response, the tokens and user data will be saved and passed down through the AuthContext.

Here is the updated code for the login component.

import{useState}from"react";import{useAuth}from"../hooks/AuthProvider";constLogin=()=>{const[input,setInput]=useState({username:"",password:"",});constauth=useAuth();consthandleSubmitEvent=(e)=>{e.preventDefault();if(input.username!==""&&input.password!==""){auth.loginAction(input);return;}alert("pleae provide a valid input");};return(<formonSubmit={handleSubmitEvent}>{/* Form inputs are provided in the above examples */}</form>);};exportdefaultLogin;

The above example shows how to dispatch theloginAction using theuseAuth hook.

Add Logout Button

Next, we need to add a button to dispatch thelogOut action for ending the user session by clearing the user state in the context and also clarifying the token localStorage. Now create a dashboard component and add the code below.

importReact,{useEffect}from"react";import{useAuth}from"../hooks/AuthProvider";constDashboard=()=>{constauth=useAuth();return(<divclassName="container"><div><h1>Welcome!{auth.user?.username}</h1><buttononClick={()=>auth.logOut()}className="btn-submit">logout</button></div></div>);};exportdefaultDashboard;

In the code above, the Dashboard component utilizes theuseAuth hook from theAuthProvider to access authentication information. The component displays a welcome message with the username of the logged-in user and a logout button, which triggers thelogOut function to log the user out.

The image above shows two input fields and a button. The user enters the email address and password.

This image illustrates the input data being passed as an object to the backend after a user enters their details.

This image depicts the backend API response data, which includes user data, user tasks, and a token for managing user sessions.

After logging in successfully, the user is redirected to the dashboard, where the username and logout buttons are displayed.

The images provided illustrate the login process from our implementation. When a user enters the correct information, it sends it to the server as a payload, and the server checks to see if the user exits. If they do, we receive a response with a user object containing all of the user's information, such as name and email address, and they are redirected to the dashboard page. In addition, we receive a token, which is saved to the browser's local storage. This allows us to manage user sessions more effectively. When the user clicks the log-out action, the last action occurs. It clears the user's local storage and redirects them to the login page.

Conclusion

Understanding how to use the Context API and React Router in authentication workflows is critical for managing user sessions in React applications. From creating authentication contexts to creating guarded routes and enabling user actions like login and logout, this comprehensive guide equips developers to handle user authentication seamlessly and securely within their React projects.