SlideShare a Scribd company logo

Simplify React App Login with Asgardeo React SDK

N
Nipuni Paaris

The document outlines the challenges and best practices for integrating login functionality into React applications using Asgardeo SDKs. It emphasizes managing user accounts, implementing security measures like multi-factor authentication, and the seamless integration of third-party authentication providers. Additionally, it provides a step-by-step guide for setting up a React application with Asgardeo, highlighting security best practices to safeguard against vulnerabilities like cross-site scripting.

Engineering
Related topics:
Web Development Identity and Access Management web-applications
1 of 32
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
Simplify React App Login
Today’s Lineup ● Challenges in adding login to React ● Managing user accounts ● Asgardeo Javascript SDKs ● Integrate your application with Asgardeo ⦿ Create a React application with Vite ⦿ Implement the two basic components ⦿ Install Asgardeo React SDK ⦿ Integrate your React application with Asgardeo ⦿ Implement login and logout buttons ● Application security best practices Practical Session
Nipuni Paaris 01 Associate Technical Lead @ WSO2 x
Challenges in Adding Login to React
Navigating challenges in adding login to React 5 State management Handling authentication state across different components Security Ensuring secure transmission and storage of user credentials Token management Managing access tokens and refresh tokens Token processing Accessing the session tokens and extracting attributes and roles Session management Maintaining user sessions and handling session expiration 1 2 3 4 5
Navigating challenges in adding login to React 6 Redirects and routing Handling redirects post-login and ensuring secure routes User experience Creating a seamless and intuitive login experience Third-party integrations Integrating with third-party authentication providers Role-Based Access Control (RBAC) Implementing and managing user roles and permissions Error handling Properly handling and displaying authentication errors 6 7 8 9 10
Managing user accounts
In-App user management and login Out-of-the-Box Identity Providers Getting started with user management in your application
Social login User authorization Multi factor authentication (MFA) Application insights User registration API Access User login Consent management Single sign-on (SSO) Password reset Account locking
Focus solely on your business capabilities! Integrate your app with an OOTB Identity Provider And
Why DIY when you can fly? ● Enhanced security ⦿ Multi-Factor Authentication (MFA) ⦿ Secure token storage ⦿ Continuous updates ⦿ Advanced threat detection ● Reduced development effort ⦿ Speed up implementation ⦿ Focus on core features ⦿ Reduce maintenance burden ● Scalability and compliance
Why DIY when you can fly? ● Streamlined user experience ⦿ Seamless login processes ⦿ Consistent user interface ⦿ Reduced password fatigue ● Support for modern authentication protocols ● Centralized user management and governance ⦿ User provisioning and de-provisioning ⦿ Role-Based Access Control (RBAC) ⦿ Audit and reporting ● Seamless integration with third parties
Asgardeo Javascript SDKs
Why DIY when you can fly? Why DIY when you can fly? Asgardeo Javascript SDK (@asgardeo/auth-js) Asgardeo SPA SDK (@asgardeo/auth-spa) Asgardeo Node SDK (@asgardeo/auth-node) Asgardeo React SDK (@asgardeo/auth-react) Asgardeo Angular SDK (@asgardeo/auth-angular) Asgardeo Express SDK (@asgardeo/auth-express)
Step 01: Setup the initial React application # Following command is used to create a new react project usingVite # You can replace react-sample with your project name # You can also replace react with react-ts if you need to use Typescript. npm create vite@latest react-sample -- --template react
Step 02: Create the first components // The home page component. export const HomePage = () => { return ( <div> <h1> Welcome to the HomePage! </h1> <p> This is the content of the page. </p> </div> ); } // The landing page component. export const LandingPage = () => { return ( <div> <h1> Welcome to the LandingPage! </h1> <p> This is the content of the page. </p> </div> ); }
Step 03: Install the Asgardeo React SDK # Run the following command to install @asgardeo/auth-react from the npm registry. npm install @asgardeo/auth-react --save
Step 04: Integrate your application with Asgardeo // Import and wrap your root component with the AuthProvider. // AuthProvider takes a config object as a prop that can be used to initialize the SDK instance. const config = { signInRedirectURL: "http://localhost:5173", signOutRedirectURL: "http://localhost:5173", clientID: "YOUR_APP_CLIENT_ID", baseUrl: "https://api.asgardeo.io/t/{tenant}", scope: [ "openid", "profile" ] }; ReactDOM.createRoot(document.getElementById(“root”)).render( <React.StrictMode> <AuthProvider config={ config }> <App /> </AuthProvider> </React.StrictMode>, );
Key benefits of Asgardeo Javascript SDKs ● Integrate OAuth 2.0 and OpenID Connect (OIDC) into JavaScript applications. ● Follows identity and access management best practices. ● Protection against common vulnerabilities such as XSS. ● Automatic token refresh and secure storage. ● Integrates well with other vendors. ● Cross-platform compatibility with various JavaScript frameworks and libraries.
React Security Best Practices
Hacker Victim Trusted website Hacker injects the malicious script Victim triggers the malicious script Victims browser executes the malicious script and unknowingly send information to the hacker Cross-site scripting (XSS)
Does React make you immune to XSS? YES
BUT…
<div dangerouslySetInnerHTML={{__html:”<script>alert(“XSS!”);</script>”}}/> // OR this.myRef.current.innerHTML = ”<script>alert(“XSS!”);</script>”; Don’t do this
import DOMPurify from "dompurify"; <div dangerouslySetInnerHTML={{__html:DOMPurify.sanitize(data) }} /> Sanitize and render HTML
const maliciousUrl = “javascript:alert(1)”; <a href={ maliciousUrl }>Click here!</a> Don’t do this
function validateURL(url) { const parsed = new URL(url) return ['https:', 'http:'].includes(parsed.protocol) } <a href={validateURL(url) ? url : ''}>Click here!</a> Validate URL inputs
When an application incorrectly implement access control, logged in users might get permissions to do operations beyond their designated limits through hacks. Which mostly happens through access token leaks. This will lead to: Broken access control ● Unauthorized information disclosure. ● Data modification or destruction.
OR Local/Session storage Web worker Storage mechanisms in Asgardeo React SDK
References and further reading ● Simplify React App login: https://medium.com/identity-beyond-borders/simplify-react-app-logi n-3bcaa166ded0 ● Asgardeo React SDK: https://github.com/asgardeo/asgardeo-auth-react-sdk ● OWASP Top 10: https://owasp.org/www-project-top-ten ● Asgardeo official documentation: https://wso2.com/asgardeo/docs/get-started/try-your-own-app/java script/
Question Time!
Thank You.

More Related Content

PDF
Simplify React app login with asgardeo-sdk
vaibhav289687
 
PDF
Mastering Secure Login Mechanisms for React Apps.pdf
Brion Mario
 
PDF
React security vulnerabilities
AngelinaJasper
 
PDF
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
Ganesh Kumar
 
PDF
React commonest security flaws and remedial measures!
Shelly Megan
 
PDF
Shields Up! Securing React Apps
Zachary Klein
 
PDF
API Security - OWASP top 10 for APIs + tips for pentesters
Inon Shkedy
 
PPTX
Secure Coding for NodeJS
Thang Chung
 
Simplify React app login with asgardeo-sdk
vaibhav289687
 
Mastering Secure Login Mechanisms for React Apps.pdf
Brion Mario
 
React security vulnerabilities
AngelinaJasper
 
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
Ganesh Kumar
 
React commonest security flaws and remedial measures!
Shelly Megan
 
Shields Up! Securing React Apps
Zachary Klein
 
API Security - OWASP top 10 for APIs + tips for pentesters
Inon Shkedy
 
Secure Coding for NodeJS
Thang Chung
 

Similar to Simplify React App Login with Asgardeo React SDK (20)

PPTX
7 Deadly Sins in Azure AD App Development
Joonas Westlin
 
PPTX
Fragments-Plug the vulnerabilities in your App
Appsecco
 
PDF
Checkmarx meetup API Security - API Security in depth - Inon Shkedy
Adar Weidman
 
PPTX
Using Firebase Authentication in a React App.pptx
ExcelRSEO
 
PPTX
Rest API Security - A quick understanding of Rest API Security
Mohammed Fazuluddin
 
PPTX
IRREPORT.pptx
quotedcaprio
 
PDF
Serverless Security Guy Podjarny Liran Tal
xenikwit30
 
PPTX
Mit 2014 introduction to open id connect and o-auth 2
Justin Richer
 
PPTX
From JSX to Deployment: Mastering the React Workflow for Scalable Front-End D...
sriniravir05
 
PDF
OWASP API Security Top 10 Examples
42Crunch
 
PPTX
Enterprise Access Control Patterns for Rest and Web APIs
CA API Management
 
PPTX
A Practical Guide to Securing Modern Web Applications
Manish Shekhawat
 
PDF
DEV117 - Unleash the Power of the AppDev Pack and Node.js in Domino
Heiko Voigt
 
PDF
React Libraries For Every Purpose Your Business Needs In 2022
Narola Infotech
 
PDF
React Best Practices All Developers Should Follow in 2024.pdf
BOSC Tech Labs
 
PPTX
Building Secure User Interfaces With JWTs
robertjd
 
PDF
OWASP Portland - OWASP Top 10 For JavaScript Developers
Lewis Ardern
 
PDF
"Auth for React.js APP", Nikita Galkin
Fwdays
 
PDF
Navigating Identity and Access Management in the Modern Enterprise
WSO2
 
PPTX
FINALPPT.pptx
quotedcaprio
 
7 Deadly Sins in Azure AD App Development
Joonas Westlin
 
Fragments-Plug the vulnerabilities in your App
Appsecco
 
Checkmarx meetup API Security - API Security in depth - Inon Shkedy
Adar Weidman
 
Using Firebase Authentication in a React App.pptx
ExcelRSEO
 
Rest API Security - A quick understanding of Rest API Security
Mohammed Fazuluddin
 
IRREPORT.pptx
quotedcaprio
 
Serverless Security Guy Podjarny Liran Tal
xenikwit30
 
Mit 2014 introduction to open id connect and o-auth 2
Justin Richer
 
From JSX to Deployment: Mastering the React Workflow for Scalable Front-End D...
sriniravir05
 
OWASP API Security Top 10 Examples
42Crunch
 
Enterprise Access Control Patterns for Rest and Web APIs
CA API Management
 
A Practical Guide to Securing Modern Web Applications
Manish Shekhawat
 
DEV117 - Unleash the Power of the AppDev Pack and Node.js in Domino
Heiko Voigt
 
React Libraries For Every Purpose Your Business Needs In 2022
Narola Infotech
 
React Best Practices All Developers Should Follow in 2024.pdf
BOSC Tech Labs
 
Building Secure User Interfaces With JWTs
robertjd
 
OWASP Portland - OWASP Top 10 For JavaScript Developers
Lewis Ardern
 
"Auth for React.js APP", Nikita Galkin
Fwdays
 
Navigating Identity and Access Management in the Modern Enterprise
WSO2
 
FINALPPT.pptx
quotedcaprio
 
Ad

Recently uploaded (20)

PDF
PPT on Performance Review to get promotions
prashant593122
 
PDF
Enhancing Cyber Defense Against Zero-Day Attacks using Ensemble Neural Networks
IJCNCJournal
 
PPTX
CARTOGRAPHY AND GEOINFORMATION VISUALIZATION chapter1 NPTE (2).pptx
abhi1361yadav
 
PPT
introduction to datamining and warehousing
ssuser4ab3a2
 
PPTX
Artificial Intelligence
dikshendrasarpate2
 
PPT
Mechanical Engineering MATERIALS Selection
arsalanahmad705384
 
PPT
Introduction, IoT Design Methodology, Case Study on IoT System for Weather Mo...
MariaRufina4
 
PPTX
OOP with Java - Java Introduction (Basics)
Rashmi T V
 
PPTX
Geodesy 1.pptx...............................................
abhi1361yadav
 
PDF
SM_6th-Sem__Cse_Internet-of-Things.pdf IOT
smceramu
 
PDF
Digital Logic Computer Design lecture notes
CHINNASUNKAIAH1
 
PPTX
M Tech Sem 1 Civil Engineering Environmental Sciences.pptx
ShriNRPrasad
 
PDF
Mitigating Risks through Effective Management for Enhancing Organizational Pe...
IJAEMSJORNAL
 
PPTX
Lecture Notes Electrical Wiring System Components
eedgecbhojpur
 
PDF
Evaluating the Democratization of the Turkish Armed Forces from a Normative P...
jpsjournal1
 
PDF
The CXO Playbook 2025 – Future-Ready Strategies for C-Suite Leaders Cerebrai...
Cerebraix Technologies
 
PDF
Embodied AI: Ushering in the Next Era of Intelligent Systems
Yu Huang
 
PDF
BMEC211 - INTRODUCTION TO MECHATRONICS-1.pdf
ryankakungu
 
PDF
Automation-in-Manufacturing-Chapter-Introduction.pdf
pcmth867
 
PPTX
MET 305 2019 SCHEME MODULE 2 COMPLETE.pptx
VinayB68
 
PPT on Performance Review to get promotions
prashant593122
 
Enhancing Cyber Defense Against Zero-Day Attacks using Ensemble Neural Networks
IJCNCJournal
 
CARTOGRAPHY AND GEOINFORMATION VISUALIZATION chapter1 NPTE (2).pptx
abhi1361yadav
 
introduction to datamining and warehousing
ssuser4ab3a2
 
Artificial Intelligence
dikshendrasarpate2
 
Mechanical Engineering MATERIALS Selection
arsalanahmad705384
 
Introduction, IoT Design Methodology, Case Study on IoT System for Weather Mo...
MariaRufina4
 
OOP with Java - Java Introduction (Basics)
Rashmi T V
 
Geodesy 1.pptx...............................................
abhi1361yadav
 
SM_6th-Sem__Cse_Internet-of-Things.pdf IOT
smceramu
 
Digital Logic Computer Design lecture notes
CHINNASUNKAIAH1
 
M Tech Sem 1 Civil Engineering Environmental Sciences.pptx
ShriNRPrasad
 
Mitigating Risks through Effective Management for Enhancing Organizational Pe...
IJAEMSJORNAL
 
Lecture Notes Electrical Wiring System Components
eedgecbhojpur
 
Evaluating the Democratization of the Turkish Armed Forces from a Normative P...
jpsjournal1
 
The CXO Playbook 2025 – Future-Ready Strategies for C-Suite Leaders Cerebrai...
Cerebraix Technologies
 
Embodied AI: Ushering in the Next Era of Intelligent Systems
Yu Huang
 
BMEC211 - INTRODUCTION TO MECHATRONICS-1.pdf
ryankakungu
 
Automation-in-Manufacturing-Chapter-Introduction.pdf
pcmth867
 
MET 305 2019 SCHEME MODULE 2 COMPLETE.pptx
VinayB68
 
Ad

Simplify React App Login with Asgardeo React SDK

  • 2. Today’s Lineup ● Challenges in adding login to React ● Managing user accounts ● Asgardeo Javascript SDKs ● Integrate your application with Asgardeo ⦿ Create a React application with Vite ⦿ Implement the two basic components ⦿ Install Asgardeo React SDK ⦿ Integrate your React application with Asgardeo ⦿ Implement login and logout buttons ● Application security best practices Practical Session
  • 4. Challenges in Adding Login to React
  • 5. Navigating challenges in adding login to React 5 State management Handling authentication state across different components Security Ensuring secure transmission and storage of user credentials Token management Managing access tokens and refresh tokens Token processing Accessing the session tokens and extracting attributes and roles Session management Maintaining user sessions and handling session expiration 1 2 3 4 5
  • 6. Navigating challenges in adding login to React 6 Redirects and routing Handling redirects post-login and ensuring secure routes User experience Creating a seamless and intuitive login experience Third-party integrations Integrating with third-party authentication providers Role-Based Access Control (RBAC) Implementing and managing user roles and permissions Error handling Properly handling and displaying authentication errors 6 7 8 9 10
  • 8. In-App user management and login Out-of-the-Box Identity Providers Getting started with user management in your application
  • 9. Social login User authorization Multi factor authentication (MFA) Application insights User registration API Access User login Consent management Single sign-on (SSO) Password reset Account locking
  • 10. Focus solely on your business capabilities! Integrate your app with an OOTB Identity Provider And
  • 11. Why DIY when you can fly? ● Enhanced security ⦿ Multi-Factor Authentication (MFA) ⦿ Secure token storage ⦿ Continuous updates ⦿ Advanced threat detection ● Reduced development effort ⦿ Speed up implementation ⦿ Focus on core features ⦿ Reduce maintenance burden ● Scalability and compliance
  • 12. Why DIY when you can fly? ● Streamlined user experience ⦿ Seamless login processes ⦿ Consistent user interface ⦿ Reduced password fatigue ● Support for modern authentication protocols ● Centralized user management and governance ⦿ User provisioning and de-provisioning ⦿ Role-Based Access Control (RBAC) ⦿ Audit and reporting ● Seamless integration with third parties
  • 14. Why DIY when you can fly? Why DIY when you can fly? Asgardeo Javascript SDK (@asgardeo/auth-js) Asgardeo SPA SDK (@asgardeo/auth-spa) Asgardeo Node SDK (@asgardeo/auth-node) Asgardeo React SDK (@asgardeo/auth-react) Asgardeo Angular SDK (@asgardeo/auth-angular) Asgardeo Express SDK (@asgardeo/auth-express)
  • 15. Step 01: Setup the initial React application # Following command is used to create a new react project usingVite # You can replace react-sample with your project name # You can also replace react with react-ts if you need to use Typescript. npm create vite@latest react-sample -- --template react
  • 16. Step 02: Create the first components // The home page component. export const HomePage = () => { return ( <div> <h1> Welcome to the HomePage! </h1> <p> This is the content of the page. </p> </div> ); } // The landing page component. export const LandingPage = () => { return ( <div> <h1> Welcome to the LandingPage! </h1> <p> This is the content of the page. </p> </div> ); }
  • 17. Step 03: Install the Asgardeo React SDK # Run the following command to install @asgardeo/auth-react from the npm registry. npm install @asgardeo/auth-react --save
  • 18. Step 04: Integrate your application with Asgardeo // Import and wrap your root component with the AuthProvider. // AuthProvider takes a config object as a prop that can be used to initialize the SDK instance. const config = { signInRedirectURL: "http://localhost:5173", signOutRedirectURL: "http://localhost:5173", clientID: "YOUR_APP_CLIENT_ID", baseUrl: "https://api.asgardeo.io/t/{tenant}", scope: [ "openid", "profile" ] }; ReactDOM.createRoot(document.getElementById(“root”)).render( <React.StrictMode> <AuthProvider config={ config }> <App /> </AuthProvider> </React.StrictMode>, );
  • 19. Key benefits of Asgardeo Javascript SDKs ● Integrate OAuth 2.0 and OpenID Connect (OIDC) into JavaScript applications. ● Follows identity and access management best practices. ● Protection against common vulnerabilities such as XSS. ● Automatic token refresh and secure storage. ● Integrates well with other vendors. ● Cross-platform compatibility with various JavaScript frameworks and libraries.
  • 20. React Security Best Practices
  • 21. Hacker Victim Trusted website Hacker injects the malicious script Victim triggers the malicious script Victims browser executes the malicious script and unknowingly send information to the hacker Cross-site scripting (XSS)
  • 22. Does React make you immune to XSS? YES
  • 25. import DOMPurify from "dompurify"; <div dangerouslySetInnerHTML={{__html:DOMPurify.sanitize(data) }} /> Sanitize and render HTML
  • 26. const maliciousUrl = “javascript:alert(1)”; <a href={ maliciousUrl }>Click here!</a> Don’t do this
  • 27. function validateURL(url) { const parsed = new URL(url) return ['https:', 'http:'].includes(parsed.protocol) } <a href={validateURL(url) ? url : ''}>Click here!</a> Validate URL inputs
  • 28. When an application incorrectly implement access control, logged in users might get permissions to do operations beyond their designated limits through hacks. Which mostly happens through access token leaks. This will lead to: Broken access control ● Unauthorized information disclosure. ● Data modification or destruction.
  • 29. OR Local/Session storage Web worker Storage mechanisms in Asgardeo React SDK
  • 30. References and further reading ● Simplify React App login: https://medium.com/identity-beyond-borders/simplify-react-app-logi n-3bcaa166ded0 ● Asgardeo React SDK: https://github.com/asgardeo/asgardeo-auth-react-sdk ● OWASP Top 10: https://owasp.org/www-project-top-ten ● Asgardeo official documentation: https://wso2.com/asgardeo/docs/get-started/try-your-own-app/java script/