A React context to work with the duo-express package
This module works with the duo-express package. It provides a React context to manage the interactions with that express middleware.
npm install --save duo-express-react
In your top-level App.js (or equivalent):
import { DuoAuthProvider } from 'duo-express-react';
const TEN_MINUTES = 600000;
<DuoAuthProvider redirectUri="/home" checkInterval={TEN_MINUTES}>
<AppContent />
</DuoAuthProvider>;The DuoAuthProvider accepts the following properties:
-
duoEndpoint{string (path)}: The mount point for theduo-expressmiddleware. The default is/duo. -
redirectUri{string (path)}: Where to go after successful authentication. You should specify this as described in theduo-expressdocumentation. There is no default value. -
checkInterval{number (milliseconds)}: If specified, periodically performs aGETrequest to theduo-expressmiddleware so the user is not signed out if they remain on the page. This will only work if therollingsession property is set totrue. There is no default value.
Note: The provider always performs an intial GET request to determine if the user is signed in or not regardless of the checkInterval property.
In your JSX files, you can use the DuoAuthContext provided by the DuoAuthProvider by calling the useDuoAuth() function.
import { useDuoAuth } from 'duo-express-react';
function MyComponent() {
const auth = useDuoAuth();
console.log(auth.state.username);
...
}The useDuoAuth() function returns an object having the following properties:
-
state: An object having one property, theusername. Initially, this isundefineduntil theDuoAuthProviderreceives a response to the initialGETrequest. After that, the username is eithernull(user authentication required) or a string (user is signed in). -
login(username [, nopreauth]): A function taking one or two parameters. This will perform the required Duo interactions and redirect to the value of theredirectUriparameter of theDuoAuthProvider. Unlessnopreauthis true, this function performs a preauthorization of the user and will throw an exception if the user is denied access. The error message will indicate the reason. -
logout(): A function that deletes theduosession object using theduo-expressmiddleware and sets theusernameproperty in the state tonull.
Add the DuoAuthLogin component to your login page. Duo will create an iFrame in this component after you call the auth.login(username) function.
import { DuoAuthLogin } from 'duo-express-react';
function Login() {
return (
<div>
<h1>Login</h1>
<LoginForm />
<DuoAuthLogin />
</div>
);
}This is a contrived example. In reality, the LoginForm is a form you must create to get the user's username that is passed to the auth.login(username) function. The various useState and other related form constructs are not shown in this example.
The DuoAuth.js source code is in the src directory. Executing npm run build will run this file through babel and put the output into the lib directory where it is checked in as part of the distribution.
MIT License
Copyright (c) 2020 Frank Hellwig
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.