React Query and Auth: Who is Responsible for What?

Rate this content

React Query manages server state on the client, and auth manages user sign in/sign up/sign out. Where do these two overlap, and how do you separate concerns? This talk proposes a data flow with custom hooks for both auth and React Query to manage authentication status and user profile updates.

19 min
25 Oct, 2021


Sign in or register to post your comment.

AI Generated Video Summary

This talk introduces React Query and Auth, discussing how React Query maintains server state on the client and handles mutations and data updates. The day spa app example demonstrates the use of React Query to fetch data and handle user authentication. React Query is also useful for managing user data and ensuring accurate data from the server. The talk highlights the importance of addressing the three main players in user data: React Query, Auth Functions, and persistence across sessions.

1. Introduction to React, Query, and Auth

Short description:

Hi, thanks for coming to this talk on React, Query, and Auth. I'd like to introduce myself and give a few notes. The approach here is to handle all the players interested in user information and off. At the end, I will talk about a couple of npm libraries you can use. You can find the slides on my site slash talks.

Hi, thanks for coming to this talk on React, Query, and Auth. So React, Query, and Auth overlap somewhat, and this talk is going to discuss who's responsible for what. So first I'd like to introduce myself with this amazing steampunk avatar that React Advanced made for me. It's my new favorite thing. My name is Bonnie Shulkin, and I've been in the software industry around 20 years. I've held a lot of roles, but currently I am a developer and trainer. You can find me at, which is in the lower right of all of these slides. Twitter, I'm at with the dot spelled out, and I am incredibly proud to hold the at Bonnie handle on GitHub. To introduce this talk, I want to just give a few notes. The first one is that here I'm going to talk about concepts and I'm not really going to introduce code. If you're interested in the code, I'll have a link to the code example at the end. The approach here is actually making my own system to handle all of the players that are interested in user information and off. And this way we can understand all the pieces. But at the end, I will talk about a couple of npm libraries you can use. And then finally, if you're somebody who likes to click links from talks or if you like to follow along with the slides you can get these slides in my site slash talks and you can just look for the React advanced talk. I have made some puns in some of the images that you can look out for if you like that kind of thing.

2. Introduction to React Query

Short description:

I'll introduce React query and the app for this talk. React query is a library that maintains server state on the client by caching server data. It has tools like the use query hook for fetching data and use mutation hook for updating data on the server. Dependent queries can be turned on or off based on an expression's value.

So here's a table for the table of contents. First, I'm going to be introducing React query for people who don't know about this amazing library. Then I'll talk about the app for this talk and what kind of authentication assumptions it uses.

I'll talk about the solution I have to merge React query and auth. And then I'll talk about those NPM libraries I mentioned.

So let's start by talking about React query. React query is a library whose job it is to maintain server state on the client. So it uses this by making a cache of server data on the client. One of the main tools from React query is the use query hook. And this hook takes a query function that's responsible for actually getting the data from the server. In order to subscribe to that data, the React code runs the use query hook. Now part of React queries job is to make sure that the data is in sync with the server. So use query actually updates the data from the server. It pulls new data from the server depending on some triggers. Some of them are automatic like a network reconnect or if the page is focused. You can also manually invalidate the data in the cache and the reason I'm bringing that up is because we'll talk about that later in this talk.

When you manually invalidate the data in the cache, then use query goes to the server and fetches fresh data. I have some small print here. It's a simplification. React query is a pretty sophisticated app so I'm not talking about a lot of concepts like stale data and expiring the cache and so forth. There are a couple other React query concepts that I'd like to talk about that are relevant to this talk. One is mutations. So use query is if you simply want to fetch data from the server. Mutations are if you want to update data on the server and so React query has a use mutation hook in addition to a use query hook. There's also a concept of dependent queries. So these are queries that you can turn on or off based on the value of an expression. So if the expression evaluates to truthy, then the query will be on and it will do all of those data refetches as it does in order to keep the data fresh. If it's off if that value is falsy, then the data is off and is not going to be communicating with the server. I should say the query is off, I think I said the data is off.

Now I'd like to talk about the app that I wrote this solution for.

3. Day Spa App with React Query and Auth

Short description:

This is a day spa app that uses React query to fetch available treatments, staff, and appointments from the server. It also includes a sign-in feature using the useAuth hook, which handles sign-in, sign-up, and sign-out functions. The server uses JSON web token authentication.

So this is a day spa app where you can reserve massages or facials or scrubs, you can tell what was on my mind when I wrote this up. So it has available treatments that it needs to get from the server. It also has staff that it needs to get from the server and a calendar of appointments. And it does all of this through React query. This is pretty basic server data for React query. But it also has a sign in feature, a user needs to be signed in in order to reserve appointments. And so it has a use off hook that allows the user or that manages the sign in, sign up and sign out. The use off hook returns sign in, sign up and sign out functions that can be used. And the server uses JSON web token authentication.

4. Ownership of User Data and Benefits of React Query

Short description:

So, who owns the user data? The user who signed in can be considered client data, while the details like name and email address are server data. React Query is useful for mutations and ensuring accurate data from the server. It handles cache invalidation and fetching updated data. It also helps with app startup by maintaining login across sessions and handling data updates from different browsers.

So those sign in and sign up functions in the use off hook actually receive a token and the user data in the response from the server. And the question is, who owns this data? So now we're starting to get into the overlap between off and react query. Is this client data or server data? Well, I think you could argue that the user who is signed in, the particular user who signed into this client, that is client data. But the details of the user, their name, their email address, their authorization, that is server data. I'm really sorry if you can hear chainsaws. There is tree work being done in the neighborhood. So user data has actually a lot of parties that have an interest. Use auth is receiving that user data when it makes the calls to the server. And then the user data also needs to be persisted in local storage because we want to make sure if the user refreshes the page, for example, that they aren't automatically logged out. There's also something interesting about use query here. The query function is going to need to use the ID. It's going to need that user ID in order to tell the server whose data to fetch. But it needs the data in order to know the ID. That's why I have this chicken egg graphic here. You need the ID to get the data, but you need the data to get the ID. This is a complication that may make you ask, why would we even want to involve React query at all? Why not just store the user data in a context and leave React query out of the picture? I have a couple of reasons that I think React query is a good idea when comes to user data. The first is mutations. The user can update their data, they can update their name or their e-mail, and we want to make sure that the client is showing accurate data from the server. Imagine this situation. Imagine a user updates their data and then there's a problem, there's a network error or heaven forbid, there's a programming error on the server and it prevents an update. The user needs to know what the actual state of data is on the server. With React Query, we can manage that by invalidating that cache value after the mutation. Then React Query will go and fetch the actual data from the server. This will update the data for anybody subscribed to this React Query cache, including say, if you have the username on the navbar. Any components are going to have the most up-to-date data. The second reason I think it's a good idea to involve React Query is for app startup. The app is going to use local storage or some browser storage to maintain the login across sessions so that the user can refresh the page. What if the user updated the data from another browser? Let's say yesterday, they went to a different browser at their friend's house and they updated the data. Our app is going to look clumsy if we don't have that updated data when they log back in from their new browser. I should say when they log back in from their browser that they were in before they went to their friend's house.

5. User Data Management and React Query

Short description:

There's a security issue when updating treatments by authorized users. React Query can update data on startup and handle the user data update process. The solution is to decentralize everything with a used user hook that tracks user data and maintains it in the internal user state, query cache, and local storage. The use user hook receives and sets data from React Query and other sources like the use auth hook. The user state, update user function, and clear user function handle data updates for all three players. React Query and use auth hook also update the data. For more details, you can check the GitHub repository for the code. Finally, React query auth is an npm library worth exploring.

That's something that will just make the app look more sophisticated, but there's also a security issue here. What if we had some user at the spa who was allowed to update the treatments, and they did something really wrong, and they got fired. We want to make sure that if they go back into the application, that we update their user data so that they are no longer authorized to update those treatments. It's really hard to get rid of a token in local storage, but React Query can make it so that we can update data, and we can make sure that we have updated data on startup.

Now, maybe you've swung over to the React Query should manage everything. However, we do need to look after a use auth in local storage. We need to hook those in somehow. Do we want those to subscribe and update the React Query cache individually? Then we've also got that chicken and egg situation for the user ID in the query function.

The solution that I have come up with is to decentralize everything with a used user hook. This is the source of truth. It tracks user data with an internal user state that's exposed as a return value of the hook and that is the canonical user data. We'll use local storage to maintain data not only across sessions, but also whenever a used user is initialized. We'll also keep the user data up to date with the server by using use query so that any of those triggers that I mentioned will update the data. We can take care of that chicken and egg situation by disabling that query if user is falsy. Whenever user data updates, it will go through this used user hook. In order to make sure that the data is maintained everywhere it needs to be in the internal user state, in the query cache, and in local storage.

Because I like visuals, here's the use user hook. It will both receive data from react query, when react query gets updated data from the server, and will also set data in the cache when it gets user data from other sources. Another source it might get user data from is the use auth hook, which receives data from sign in and sign out. Local storage is both getting set anytime user data is updated, and it's also providing the initial value for the use user hook. To get into that a little bit more, the use user hook is going to return that user state for people who want to subscribe to that user data, and then it's also going to return update user, an update user function that takes user data and updates the data for all three players. It will also have a clear user, which updates the data for all three players to be there is no user. Update user. And all of the updates, any user data updates go through use user. So when React query updates the data, it uses the update user function from the use user hook. Same with the use auth hook.

All right, so that's my brief introduction to how I solve this issue. If you'd like to look at the code, you can go to this GitHub repository and you can go to completed apps, lazy day spa, and client as far as the directory tree goes. I'll conclude this talk by talking a little bit about npm libraries that exist. The first one is React query auth.

6. React Query Auth and Firebase Libraries

Short description:

React Query Auth is a lightweight wrapper around React Query that provides user data, authentication functions, and event data. It uses mutation functions for sign in and sign up, with cache updates on success. The Firebase library uses useQuery for auth calls, storing data in the React Query Cache and managing persistence. React Query Auth has around 500 downloads per week, React Query Firebase has about 30 downloads per week, compared to 575,000 downloads per week for React Query. This talk emphasized the importance of addressing the three main players in user data: React Query, Auth Functions, and persistence across sessions.

And here's a link to it. This is a fairly lightweight wrapper around React query. So as a user of React query auth, you initialize it by giving it sign in, sign out, and sign up functions. And then it uses a separate auth provider that takes your config and React query functions and provides a bunch of both data and functions for you. So it gives you the user data and whether or not there was an error. Then it gives you functions to refetch the user, to log in, log out, and register, which is what I've been calling sign up. And then it also gives you data on whether or not events are currently occurring.

The way it uses React query is it treats sign in and sign up as mutation functions. It uses use mutation for that because use mutation allows you to run the function later. And then it has a callback on success of these mutation functions to update the cache. This does not address persistence in the browser.

And here, if you wanna take a look at the code, like I said, it's fairly lightweight, it's actually not that many lines of code. There's also a Firebase library. And here you go. This actually uses useQuery for all of the auth calls and the useQuery takes Firebase functions as the query functions. It stores all of the data directly in the React Query Cache. And Firebase itself, through those Firebase functions, manages the persistence in the local storage and session storage, and has other options as well. And if you'd like to look at the code for this, I have a link to that here.

As of earlier this month, both of these libraries are still finding traction. So you can see that React Query Auth has about 500 downloads per week and React Query Firebase has about 30 downloads per week, I should say the auth part of it. You can compare this to around 575,000 downloads per week for React Query. All right, so to conclude this talk, I just want to reiterate that the reason that this merited an entire talk is because there are three main players when it comes to user data. There's React Query, which can maintain the state of the data on the server. There's Auth Functions, which can be in charge of retrieving the initial data. And then there's the persistence across sessions. So that can be local storage or other persistence tools. Any complete solution needs to address all three of these. So thank you so much for coming to my talk.

Check out more articles and videos

We constantly think of articles and videos that might spark Git people interest / skill us up or help building a stellar career

React Advanced Conference 2022React Advanced Conference 2022
25 min
A Guide to React Rendering Behavior
React is a library for "rendering" UI from components, but many users find themselves confused about how React rendering actually works. What do terms like "rendering", "reconciliation", "Fibers", and "committing" actually mean? When do renders happen? How does Context affect rendering, and how do libraries like Redux cause updates? In this talk, we'll clear up the confusion and provide a solid foundation for understanding when, why, and how React renders. We'll look at: - What "rendering" actually is - How React queues renders and the standard rendering behavior - How keys and component types are used in rendering - Techniques for optimizing render performance - How context usage affects rendering behavior| - How external libraries tie into React rendering
React Summit Remote Edition 2021React Summit Remote Edition 2021
33 min
Building Better Websites with Remix
Remix is a new web framework from the creators of React Router that helps you build better, faster websites through a solid understanding of web fundamentals. Remix takes care of the heavy lifting like server rendering, code splitting, prefetching, and navigation and leaves you with the fun part: building something awesome!
React Advanced Conference 2022React Advanced Conference 2022
30 min
Using useEffect Effectively
Can useEffect affect your codebase negatively? From fetching data to fighting with imperative APIs, side effects are one of the biggest sources of frustration in web app development. And let’s be honest, putting everything in useEffect hooks doesn’t help much. In this talk, we'll demystify the useEffect hook and get a better understanding of when (and when not) to use it, as well as discover how declarative effects can make effect management more maintainable in even the most complex React apps.
React Summit 2022React Summit 2022
20 min
Routing in React 18 and Beyond
Concurrent React and Server Components are changing the way we think about routing, rendering, and fetching in web applications. Next.js recently shared part of its vision to help developers adopt these new React features and take advantage of the benefits they unlock.
In this talk, we’ll explore the past, present and future of routing in front-end applications and discuss how new features in React and Next.js can help us architect more performant and feature-rich applications.
React Summit Remote Edition 2020React Summit Remote Edition 2020
30 min
React Query: It’s Time to Break up with your "Global State”!
An increasing amount of data in our React applications is coming from remote and asynchronous sources and, even worse, continues to masquerade as "global state". In this talk, you'll get the lowdown on why most of your "global state" isn't really state at all and how React Query can help you fetch, cache and manage your asynchronous data with a fraction of the effort and code that you're used to.
React Advanced Conference 2021React Advanced Conference 2021
27 min
(Easier) Interactive Data Visualization in React
If you’re building a dashboard, analytics platform, or any web app where you need to give your users insight into their data, you need beautiful, custom, interactive data visualizations in your React app. But building visualizations hand with a low-level library like D3 can be a huge headache, involving lots of wheel-reinventing. In this talk, we’ll see how data viz development can get so much easier thanks to tools like Plot, a high-level dataviz library for quick
easy charting, and Observable, a reactive dataviz prototyping environment, both from the creator of D3. Through live coding examples we’ll explore how React refs let us delegate DOM manipulation for our data visualizations, and how Observable’s embedding functionality lets us easily repurpose community-built visualizations for our own data
use cases. By the end of this talk we’ll know how to get a beautiful, customized, interactive data visualization into our apps with a fraction of the time

Workshops on related topic

React Summit 2023React Summit 2023
170 min
React Performance Debugging Masterclass
Featured WorkshopFree
Ivan’s first attempts at performance debugging were chaotic. He would see a slow interaction, try a random optimization, see that it didn't help, and keep trying other optimizations until he found the right one (or gave up).
Back then, Ivan didn’t know how to use performance devtools well. He would do a recording in Chrome DevTools or React Profiler, poke around it, try clicking random things, and then close it in frustration a few minutes later. Now, Ivan knows exactly where and what to look for. And in this workshop, Ivan will teach you that too.
Here’s how this is going to work. We’ll take a slow app → debug it (using tools like Chrome DevTools, React Profiler, and why-did-you-render) → pinpoint the bottleneck → and then repeat, several times more. We won’t talk about the solutions (in 90% of the cases, it’s just the ol’ regular useMemo() or memo()). But we’ll talk about everything that comes before – and learn how to analyze any React performance problem, step by step.
(Note: This workshop is best suited for engineers who are already familiar with how useMemo() and memo() work – but want to get better at using the performance tools around React. Also, we’ll be covering interaction performance, not load speed, so you won’t hear a word about Lighthouse 🤐)
React Advanced Conference 2021React Advanced Conference 2021
132 min
Concurrent Rendering Adventures in React 18
Featured WorkshopFree
With the release of React 18 we finally get the long awaited concurrent rendering. But how is that going to affect your application? What are the benefits of concurrent rendering in React? What do you need to do to switch to concurrent rendering when you upgrade to React 18? And what if you don’t want or can’t use concurrent rendering yet?
There are some behavior changes you need to be aware of! In this workshop we will cover all of those subjects and more.
Join me with your laptop in this interactive workshop. You will see how easy it is to switch to concurrent rendering in your React application. You will learn all about concurrent rendering, SuspenseList, the startTransition API and more.
React Summit Remote Edition 2021React Summit Remote Edition 2021
177 min
React Hooks Tips Only the Pros Know
Featured Workshop
The addition of the hooks API to React was quite a major change. Before hooks most components had to be class based. Now, with hooks, these are often much simpler functional components. Hooks can be really simple to use. Almost deceptively simple. Because there are still plenty of ways you can mess up with hooks. And it often turns out there are many ways where you can improve your components a better understanding of how each React hook can be used.
You will learn all about the pros and cons of the various hooks. You will learn when to use useState() versus useReducer(). We will look at using useContext() efficiently. You will see when to use useLayoutEffect() and when useEffect() is better.

React Advanced Conference 2021React Advanced Conference 2021
174 min
React, TypeScript, and TDD
Featured WorkshopFree
ReactJS is wildly popular and thus wildly supported. TypeScript is increasingly popular, and thus increasingly supported.
The two together? Not as much. Given that they both change quickly, it's hard to find accurate learning materials.
React+TypeScript, with JetBrains IDEs? That three-part combination is the topic of this series. We'll show a little about a lot. Meaning, the key steps to getting productive, in the IDE, for React projects using TypeScript. Along the way we'll show test-driven development and emphasize tips-and-tricks in the IDE.

React Advanced Conference 2021React Advanced Conference 2021
145 min
Web3 Workshop - Building Your First Dapp
Featured WorkshopFree
In this workshop, you'll learn how to build your first full stack dapp on the Ethereum blockchain, reading and writing data to the network, and connecting a front end application to the contract you've deployed. By the end of the workshop, you'll understand how to set up a full stack development environment, run a local node, and interact with any smart contract using React, HardHat, and Ethers.js.

React Summit 2023React Summit 2023
151 min
Designing Effective Tests With React Testing Library
Featured Workshop
React Testing Library is a great framework for React component tests because there are a lot of questions it answers for you, so you don’t need to worry about those questions. But that doesn’t mean testing is easy. There are still a lot of questions you have to figure out for yourself: How many component tests should you write vs end-to-end tests or lower-level unit tests? How can you test a certain line of code that is tricky to test? And what in the world are you supposed to do about that persistent act() warning?
In this three-hour workshop we’ll introduce React Testing Library along with a mental model for how to think about designing your component tests. This mental model will help you see how to test each bit of logic, whether or not to mock dependencies, and will help improve the design of your components. You’ll walk away with the tools, techniques, and principles you need to implement low-cost, high-value component tests.
Table of contents
- The different kinds of React application tests, and where component tests fit in
- A mental model for thinking about the inputs and outputs of the components you test
- Options for selecting DOM elements to verify and interact with them
- The value of mocks and why they shouldn’t be avoided
- The challenges with asynchrony in RTL tests and how to handle them
- Familiarity with building applications with React
- Basic experience writing automated tests with Jest or another unit testing framework
- You do not need any experience with React Testing Library
- Machine setup: Node LTS, Yarn