0 to Auth in an hour with ReactJS

Rate this content
Bookmark

Passwordless authentication may seem complex, but it is simple to add it to any app using the right tool. There are multiple alternatives that are much better than passwords to identify and authenticate your users - including SSO, SAML, OAuth, Magic Links, One-Time Passwords, and Authenticator Apps.


While addressing security aspects and avoiding common pitfalls, we will enhance a full-stack JS application (Node.js backend + React frontend) to authenticate users with OAuth (social login) and One Time Passwords (email), including:

- User authentication - Managing user interactions, returning session / refresh JWTs

- Session management and validation - Storing the session securely for subsequent client requests, validating / refreshing sessions

- Basic Authorization - extracting and validating claims from the session token JWT and handling authorization in backend flows


At the end of the workshop, we will also touch other approaches of authentication implementation with Descope - using frontend or backend SDKs.

Kevin Gao
Kevin Gao
56 min
15 May, 2023

Comments

Sign in or register to post your comment.

Video Summary and Transcription

This is a React Node.js workshop that covers implementing Dscope authentication in a React project. It explains how to set up a Dscope account and customize authentication flows using the Dscope console. The workshop also covers using React Hooks and the Dscope provider, adding dynamic login and logout functionality, protecting data with session tokens, and validating sessions with Node.js middleware. Additionally, it demonstrates how to customize authentication flows in the Dscope console.

Available in Español

1. Introduction to Dscope Authentication Workshop

Short description:

This is a React Node.js workshop that we do bimonthly or once a month. Today, we're going to show you how easy it is to implement Dscope authentication in your React project. We'll cover core authentication concepts and then get into coding our sample application. Prerequisites include a basic understanding of React, Node.js, Express, and having a GitHub account. Authentication is verifying the identity of a user device attempting to access an application or system, while authorization is verifying a person's access rights. We'll provide a high-level overview of how authentication works, including the use of access tokens. Dscope operates as an authentication service, handling the authentication process for your projects. We'll show you how to use Dscope, set up your account, and create your first flow.

But my name is Kevin. I work at Disco and I'm here today to present our zero-to-often-an-hour workshop. This is a React Node.js workshop that we do bimonthly or once a month. And this is the third rendition of this. It's we're going to show you how easy it is to kind of implement Dscope authentication in your React project.

So we have an agenda today. I'll get to that in a second. First just a little bit about me to introduce myself. So my name is Kevin. I work at Dscope. I live in San Francisco. Things I like to do outside of work. I love driving, working on cars, love traveling to many different countries. I'm very passionate about tutoring and helping kids with math. But yeah, so for our agenda today, we're going to go over two things. First we're going to kind of gloss over a few core authentication concepts. Just to kind of clear the air and make sure that everyone's on the same page about what authentication is and thus forth. And then we're actually going to get into to the coding of our sample application that we've prepared for today's workshop. So we have a React frontend and a Node.js back end sample application that I'm going to show you guys. In order to kind of follow along with this, there's a few prerequisites that I should mention. So one, I think a basic understanding of React, Node.js and Express I think will be helpful, as well as having a GitHub account. So we're actually going to provide a link where you can clone the repository that we have if you haven't already done so. So that will be helpful. And then an ID of your choice, I'm going to be using VS Code for the coding section, and Node 18 or higher to actually run the sample app is So getting into it though, I want to make sure that everybody's on the same page with what authentication really is. So I'm sure a lot of you guys, especially those who are engineers, you know, are already familiar with it. But authentication is a word that's kind of freely thrown around by a lot of people and sometimes used interchangeably with authorization. So authentication, put it simply, is basically just verifying you are who you say you are. The definition I have here is verifying the identity of a user device attempting to access a particular application or system. And so if you imagine you're at an airport and you are kind of going through security at the beginning and you show your passport or driver's license or something like that, that is kind of the first step towards getting on the plane. And then authorization, which is usually used in tandem with authentication afterwards, is verifying a person's access rights. So after the user has been verified, they say they are, then you need to check if they have the rights to do or see a particular application So going back to the airport analogy, that would be like being at the gate and providing your boarding pass to get on the plane because maybe you are who you say you are, but maybe you're not allowed to be on that specific plane. I just want to make sure that we understand the difference between authentication and authorization. You'll actually see both of those. You'll see a mix of both of those in this workshop. But if you want to learn more about specific authentication concepts, you can visit our learning center at cscope.com slash learn. We have a lot of great articles there about more like the specifics about how it works, like how JSON Web Tokens are structured, how authentication authorization servers actually work in the backend and things like that. So I'd highly recommend if you're interested in learning more about authentication outside of the scope of this, this workshop, definitely check that out.

So getting into it now that we kind of understand, you know, what authentication is, this is a high-level overview of how it can work in a very basic sense. So if you're, you know, like let's say trying to, you know, log in to your Gmail account or something like that, the browser will, usually the user will provide credentials and that will be passed from the browser to the server. The server will validate those credentials. It can be a password. It can be OAuth log-in, something like that. And then, you know, once the user is successfully verified, that will return some form of access token, usually as a cookie, but it can also be stored in the browser's local storage. And then on the browser side, all of that will, all of that would be handled so that for every subsequent request, if you're logging into Gmail and then you want to look at specific emails, or you want to change something, some configuration your inbox or something like that, all of those requests are, you know, authenticated requests, or that are requests that need to be authenticated, and that access token is used to validate you are who you say you are and be able to do that. So kind of going off that, just the kind of key components of authentication are, you know, the user, me, who's logging into Gmail, the desktop or mobile device I'm using, my requests usually will get sent to some kind of app server, which will then pass on my credentials, my username and password or something to an authentication service. So that's what Dscope operates as. We operate as an authentication service, we handle everything so that, and then that gets passed down back to the desktop or mobile device that the user is using, so that you don't have to worry about that. I'm going to actually show you guys how to use Dscope, how to set up your account, how to create your first flow and show you how easy it is to customize it eventually. So let's Dscope our project. Dscope being, our idea is we want to take away the responsibility having to worry about that, about the authentication aspect of your projects and we can handle it for you and you can worry about the rest.

2. Setting up Dscope Account and Authentication Flow

Short description:

This section explains how to set up your Dscope account and use the Dscope console to build a flow for your authentication. It covers signing up with DCO, accessing the console, and using the getting started wizard to customize your authentication methods. The wizard allows you to choose between business and consumer applications, select authentication methods, and optionally enable multi-factor authentication. The shortened version includes the key steps and concepts without going into excessive detail.

So this link right here at the bottom which hopefully Chris or Asaf can put in the chat, this will take you to our repository that you can clone and that we're going to be working for the remainder of this workshop.

Before we actually get to the coding, the reason why it says What's Dscope is we actually want to show you guys how to set up your Dscope account because we're going to need to do that. So let's get into it.

So if you guys can open up a web browser and go to www.dscope.com sign up. Someone can paste that in the chat as well. This will take you to our main website, which you can see will look actually for you something like this. I have an incognito window up. So I'm not logged in. And then you'll be able to sign up with your email or with Google or Microsoft, whichever you prefer. And so we're just going to sign up for DCO. This is going to bring us to our console where we can build our flow. So I'm going to sign up with email just like you guys. Sign up for a new account there.

Okay. And then take this. And then put in my name. Now create my account. So here it just sends a magic link to your email and then you should be able to see you to be able to see. Thanks for signing up. A Disco console is a quick way. Let us, a staffer, Chris, know if you have any issues with that. But but yes, the ones, once that once you signed up, very simple process, you click let's go. It's going to open up the disco console. And since we have a completely new project, it's going to take you straight to hi there. In just a few easy steps, you can build passwordless user journeys in less than 10 minutes.

So this is our getting started wizard. This is what's going to we're going to ask you two simple questions. It's going to actually build out a login page that you can put in your react or WebJS applications. And it's going to give you the code snippet for that. And it's also going to create a flow that you can then edit and change to customize your authentication. So just press getting started. And I'll actually expand this out. So it's going to say who uses your application. Businesses or consumers. So this is this is a simple question, depending on if you want to use tenants or not, for the scope of our particular sample app, I think consumers is fine, we don't need to worry too much about business B2B authentication. And then it's going to ask you which authentication methods you do want to use. You see here, it says B2C because we selected consumers, and we can choose up to two methods that will appear in the login screen. So I'm going to select social login and one time password. I think social login, like signing with Google, a lot of websites use this. It's really easy to use, really simple. And especially if you're using Chrome or a browser where you have Microsoft or Google sign in, this would be really easy to use. And then one time password, because it's also very, relatively straightforward and straightforward to send you a password for your email or your phone number, and then it allows you to log in. Then it's going to ask if you want to use MFA. So MFA is multi-factor authentication. It's a second layer of security. If you want to add that, you could add something like biometrics. You could add magic link, something like that. For now, again, for the scope of our particular application, we're not really going to use this. I should also mention that in our actual application, I've prepared a different flow. So I'm going to walk through this and show you guys how to create this.

Watch more workshops on topic

React Performance Debugging Masterclass
React Summit 2023React Summit 2023
170 min
React Performance Debugging Masterclass
Top Content
Featured WorkshopFree
Ivan Akulov
Ivan Akulov
Ivan’s first attempts at performance debugging were chaotic. He would see a slow interaction, try a random optimization, see that it didn't help, and keep trying other optimizations until he found the right one (or gave up).
Back then, Ivan didn’t know how to use performance devtools well. He would do a recording in Chrome DevTools or React Profiler, poke around it, try clicking random things, and then close it in frustration a few minutes later. Now, Ivan knows exactly where and what to look for. And in this workshop, Ivan will teach you that too.
Here’s how this is going to work. We’ll take a slow app → debug it (using tools like Chrome DevTools, React Profiler, and why-did-you-render) → pinpoint the bottleneck → and then repeat, several times more. We won’t talk about the solutions (in 90% of the cases, it’s just the ol’ regular useMemo() or memo()). But we’ll talk about everything that comes before – and learn how to analyze any React performance problem, step by step.
(Note: This workshop is best suited for engineers who are already familiar with how useMemo() and memo() work – but want to get better at using the performance tools around React. Also, we’ll be covering interaction performance, not load speed, so you won’t hear a word about Lighthouse 🤐)
Concurrent Rendering Adventures in React 18
React Advanced Conference 2021React Advanced Conference 2021
132 min
Concurrent Rendering Adventures in React 18
Top Content
Featured WorkshopFree
Maurice de Beijer
Maurice de Beijer
With the release of React 18 we finally get the long awaited concurrent rendering. But how is that going to affect your application? What are the benefits of concurrent rendering in React? What do you need to do to switch to concurrent rendering when you upgrade to React 18? And what if you don’t want or can’t use concurrent rendering yet?

There are some behavior changes you need to be aware of! In this workshop we will cover all of those subjects and more.

Join me with your laptop in this interactive workshop. You will see how easy it is to switch to concurrent rendering in your React application. You will learn all about concurrent rendering, SuspenseList, the startTransition API and more.
React Hooks Tips Only the Pros Know
React Summit Remote Edition 2021React Summit Remote Edition 2021
177 min
React Hooks Tips Only the Pros Know
Top Content
Featured Workshop
Maurice de Beijer
Maurice de Beijer
The addition of the hooks API to React was quite a major change. Before hooks most components had to be class based. Now, with hooks, these are often much simpler functional components. Hooks can be really simple to use. Almost deceptively simple. Because there are still plenty of ways you can mess up with hooks. And it often turns out there are many ways where you can improve your components a better understanding of how each React hook can be used.You will learn all about the pros and cons of the various hooks. You will learn when to use useState() versus useReducer(). We will look at using useContext() efficiently. You will see when to use useLayoutEffect() and when useEffect() is better.
React, TypeScript, and TDD
React Advanced Conference 2021React Advanced Conference 2021
174 min
React, TypeScript, and TDD
Top Content
Featured WorkshopFree
Paul Everitt
Paul Everitt
ReactJS is wildly popular and thus wildly supported. TypeScript is increasingly popular, and thus increasingly supported.

The two together? Not as much. Given that they both change quickly, it's hard to find accurate learning materials.

React+TypeScript, with JetBrains IDEs? That three-part combination is the topic of this series. We'll show a little about a lot. Meaning, the key steps to getting productive, in the IDE, for React projects using TypeScript. Along the way we'll show test-driven development and emphasize tips-and-tricks in the IDE.
Web3 Workshop - Building Your First Dapp
React Advanced Conference 2021React Advanced Conference 2021
145 min
Web3 Workshop - Building Your First Dapp
Top Content
Featured WorkshopFree
Nader Dabit
Nader Dabit
In this workshop, you'll learn how to build your first full stack dapp on the Ethereum blockchain, reading and writing data to the network, and connecting a front end application to the contract you've deployed. By the end of the workshop, you'll understand how to set up a full stack development environment, run a local node, and interact with any smart contract using React, HardHat, and Ethers.js.
Designing Effective Tests With React Testing Library
React Summit 2023React Summit 2023
151 min
Designing Effective Tests With React Testing Library
Top Content
Featured Workshop
Josh Justice
Josh Justice
React Testing Library is a great framework for React component tests because there are a lot of questions it answers for you, so you don’t need to worry about those questions. But that doesn’t mean testing is easy. There are still a lot of questions you have to figure out for yourself: How many component tests should you write vs end-to-end tests or lower-level unit tests? How can you test a certain line of code that is tricky to test? And what in the world are you supposed to do about that persistent act() warning?
In this three-hour workshop we’ll introduce React Testing Library along with a mental model for how to think about designing your component tests. This mental model will help you see how to test each bit of logic, whether or not to mock dependencies, and will help improve the design of your components. You’ll walk away with the tools, techniques, and principles you need to implement low-cost, high-value component tests.
Table of contents- The different kinds of React application tests, and where component tests fit in- A mental model for thinking about the inputs and outputs of the components you test- Options for selecting DOM elements to verify and interact with them- The value of mocks and why they shouldn’t be avoided- The challenges with asynchrony in RTL tests and how to handle them
Prerequisites- Familiarity with building applications with React- Basic experience writing automated tests with Jest or another unit testing framework- You do not need any experience with React Testing Library- Machine setup: Node LTS, Yarn

Check out more articles and videos

We constantly think of articles and videos that might spark Git people interest / skill us up or help building a stellar career

A Guide to React Rendering Behavior
React Advanced Conference 2022React Advanced Conference 2022
25 min
A Guide to React Rendering Behavior
Top Content
React is a library for "rendering" UI from components, but many users find themselves confused about how React rendering actually works. What do terms like "rendering", "reconciliation", "Fibers", and "committing" actually mean? When do renders happen? How does Context affect rendering, and how do libraries like Redux cause updates? In this talk, we'll clear up the confusion and provide a solid foundation for understanding when, why, and how React renders. We'll look at: - What "rendering" actually is - How React queues renders and the standard rendering behavior - How keys and component types are used in rendering - Techniques for optimizing render performance - How context usage affects rendering behavior| - How external libraries tie into React rendering
Building Better Websites with Remix
React Summit Remote Edition 2021React Summit Remote Edition 2021
33 min
Building Better Websites with Remix
Top Content
Remix is a new web framework from the creators of React Router that helps you build better, faster websites through a solid understanding of web fundamentals. Remix takes care of the heavy lifting like server rendering, code splitting, prefetching, and navigation and leaves you with the fun part: building something awesome!
Don't Solve Problems, Eliminate Them
React Advanced Conference 2021React Advanced Conference 2021
39 min
Don't Solve Problems, Eliminate Them
Top Content
Humans are natural problem solvers and we're good enough at it that we've survived over the centuries and become the dominant species of the planet. Because we're so good at it, we sometimes become problem seekers too–looking for problems we can solve. Those who most successfully accomplish their goals are the problem eliminators. Let's talk about the distinction between solving and eliminating problems with examples from inside and outside the coding world.
React Compiler - Understanding Idiomatic React (React Forget)
React Advanced Conference 2023React Advanced Conference 2023
33 min
React Compiler - Understanding Idiomatic React (React Forget)
Top Content
React provides a contract to developers- uphold certain rules, and React can efficiently and correctly update the UI. In this talk we'll explore these rules in depth, understanding the reasoning behind them and how they unlock new directions such as automatic memoization. 
Using useEffect Effectively
React Advanced Conference 2022React Advanced Conference 2022
30 min
Using useEffect Effectively
Top Content
Can useEffect affect your codebase negatively? From fetching data to fighting with imperative APIs, side effects are one of the biggest sources of frustration in web app development. And let’s be honest, putting everything in useEffect hooks doesn’t help much. In this talk, we'll demystify the useEffect hook and get a better understanding of when (and when not) to use it, as well as discover how declarative effects can make effect management more maintainable in even the most complex React apps.
Routing in React 18 and Beyond
React Summit 2022React Summit 2022
20 min
Routing in React 18 and Beyond
Top Content
Concurrent React and Server Components are changing the way we think about routing, rendering, and fetching in web applications. Next.js recently shared part of its vision to help developers adopt these new React features and take advantage of the benefits they unlock.In this talk, we’ll explore the past, present and future of routing in front-end applications and discuss how new features in React and Next.js can help us architect more performant and feature-rich applications.