Step 1: Store Token and Set Authentication Status
In your React application, after a user logs in successfully, you will receive an authentication token from your backend. This token should be stored in the browser’s local storage and used to manage user authentication status across the application. Using React’s Context API is an efficient way to share the user’s authentication status (whether they are logged in or not) and the authentication token across all components in your application.
To manage authentication status globally, we’ll use React’s Context API. We’ll create a context that contains both the user’s authentication status and the token, and provide functions to update these values. This will allow any component in our application to access and modify the user’s authenticated state and token.
Here’s how you can set up and use the UserContext:
Create the Context: Define a new context that will hold the user’s authentication status and token.
UserProvider Component: This component will provide the authentication state to other components. It uses a React state hook to store the user’s authentication status and token.
useAuth Custom Hook: This is a custom hook for accessing the authentication context conveniently from any component.
Here’s how you implement these:
|
|
Once the user logs in successfully, you should update the authentication context and local storage. Here’s how to adjust your login component to manage this process:
Storing the Token: When the login is successful, store the token in local storage to keep the user logged in even if the page is refreshed.
Updating Context: Set the isAuthenticated flag and save the token in the context. This allows other components to react to changes in authentication status.
Redirecting User: After setting the authentication context, redirect the user to another page, typically a dashboard or home page, using React Router’s navigate function.
Here’s the modified login component implementation:
|
|
Step 2: Create a PrivateRoute Component
Creating a PrivateRoute component is a crucial step in protecting certain routes in your React application that should only be accessible to authenticated users. This component checks if the user is authenticated and then either allows access to the protected component or redirects them to a login page if they are not authenticated. Here’s how to implement and use the PrivateRoute component in your application.
Purpose of the PrivateRoute The PrivateRoute serves as a gatekeeper for any routes that require the user to be authenticated. If the user is not authenticated, they should not be able to access these routes and should instead be directed to log in. This is essential for maintaining the security and integrity of user-specific data that you do not want to expose to unauthenticated users.
Implementation Details
The PrivateRoute uses the React Router v6 API, which introduced significant changes from previous versions. Instead of rendering components directly, we now render an <Outlet>
that serves as a placeholder for child routes. This is wrapped within a conditional check against the authentication status from our UserContext.
Here’s how you can set up the PrivateRoute:
Use Context for Authentication Status: First, access the authentication status from the UserContext using the useAuth hook.
Conditional Rendering with Navigate: If the user is not authenticated, use the
<Navigate>
component from React Router to redirect the user to the login page.Render Child Components with Outlet: If the user is authenticated, render the
<Outlet>
component that will render the appropriate child components based on the route configuration.
|
|
Step 3: Update the App Component to Use PrivateRoute
Incorporate the PrivateRoute in your application’s main routing setup. Wrap any routes that require authentication with the PrivateRoute. In React Router v6, this is achieved by using the PrivateRoute as a parent route and placing protected routes as child elements.
Here’s how you can update the routes in your App component to use PrivateRoute:
|
|
In this configuration, the routes /home
, /dashboard
, and /profile
are protected by the PrivateRoute. Users attempting to access these routes without being authenticated will be redirected to the /login
page.
Step 4: Update the Header Component
Update the Header component to show/hide links based on authentication status and add a logout button:
|
|
In this configuration, the routes /home
, /dashboard
, and /profile
are protected by the PrivateRoute
. Users attempting to access these routes without being authenticated will be redirected to the /login
page.
This setup ensures that sensitive routes in your application are protected and only accessible to authenticated users, providing a secure and user-friendly navigation experience.