possibilities / next-github-auth Goto Github PK

View Code? Open in Web Editor NEW

53.0 1.0 9.0 5.9 MB

Components and decorators for using Github authentication with Next.js

Home Page: https://next-github-auth-example.now.sh/

JavaScript 98.64% Shell 1.36%

next-github-auth's Introduction

Next.js auth with Github

Components and decorators for using Github authentication with Next.js

Usage

Install into your Next.js app
```
yarn add next-github-auth
```

Create sign-in and sign-out pages

At pages/sign-in.js

import { SignIn } from 'next-github-auth'
export default SignIn

At pages/sign-out.js

import { SignOut } from 'next-github-auth'
export default SignOut

If you need to customize the scope you can configure the SignIn page

import { configureSignIn } from 'next-github-auth'
const SignIn = configureSignIn({ scope: 'repo gist' })
export default SignIn

Wrap private pages with PrivatePage decorator

Any Next.js page that should only be accessible to authenticated users should be wrapped with the PrivatePage decorator, e.g.:
```
import { PrivatePage } from 'next-github-auth'

const Private = props => <div>private page!</div>
export default PrivatePage(Private)
```

Wrap public pages with PublicPage decorator

All other Next.js pages should be wrapped with the PublicPage decorator, e.g.:

import { PublicPage } from 'next-github-auth'

const Public = props => <div>public page!</div>
export default PublicPage(Public)

Optionally access the currently signed in github user and access tokens in a Next page component's getInitialProps, e.g:

import React from 'react'
import PropTypes from 'prop-types'
import { PrivatePage } from 'next-github-auth'

const UserRepos = ({
  github: {
    accessToken,
    user: { login }
  }
}) => (
  <div>
    {!repos.length && (
      <div>cool, you have 0 repos!</div>
    )}

    {!!repos.length && (
      <ul style={{ margin: 0 }}>
        {repos.map(({ fullName }) => (
          <li key={fullName}>{fullName}</li>
        ))}
      </ul>
    )}
  </div>
)

UserRepos.getInitialProps ({ github: { accessToken } }) {
  const githubRepos = await getGithubRepos(accessToken)
  const repos = githubRepos.map(repoView)
  return { repos }
}

export default PrivatePage(UserProfile)

Optionally access the currently signed in github user and access tokens via React's context, e.g:

import React from 'react'
import PropTypes from 'prop-types'
import { PrivatePage } from 'next-github-auth'

const UserProfile = (props, {
  github: {
    accessToken,
    user: { login }
  }
}) => (
  <div>
    <div>{login}'s profile</div>
    <div>token: {accessToken ? 'hidden' : 'not available'}</div>
  </div>
)

UserProfile.contextTypes = {
  github: PropTypes.shape({
    accessToken: PropTypes.string,
    user: PropTypes.shape({
      login: PropTypes.string
    })
  })
}

export default PrivatePage(UserProfile)

Setup app environment

Add an OAuth application to your Github account to generate a client id and secret

Set the callback URL to the public URL of the deployed app
Setup environment

Export your GitHub app's client id and secret as environment variables
```
export GITHUB_CLIENT_ID=YOUR_APP_ID
export GITHUB_CLIENT_SECRET=YOUR_APP_SECRET
```

Run app

Start the app
```
yarn dev
```

next-github-auth's People

Contributors

Stargazers

Watchers

Forkers

curran carlos-connected nicobobb merklesys appleton jemgold kasrasadeghi cslarson

next-github-auth's Issues

Remove the invariant decorator from production builds

Make access token exposition optional

I'm working on an app where the token is never used on the client. I'll wait and let that drive this feature but I'm a bit unsure what the default should be: it'd be nice to be "secure by default" (i.e. omit sending the token to the client) but I think the most common use case will be to expose the token.

Cannot read property "githubClientId" of undefined

Logging in and out works great! However, I have a small problem with the PrivatePage component. When pulling it in, I get

TypeError: Cannot read property 'githubClientId' of undefined
    at ProvideGithubContextWrapper.getChildContext (.../node_modules/next-github-auth/lib/decorators/ProvideContext.js:57:40)
    at ReactCompositeComponentWrapper._processChildContext (.../node_modules/react-dom/lib/ReactCompositeComponent.js:505:31)
    at ReactCompositeComponentWrapper.performInitialMount (.../node_modules/react-dom/lib/ReactCompositeComponent.js:371:105)
    at ReactCompositeComponentWrapper.mountComponent (.../node_modules/react-dom/lib/ReactCompositeComponent.js:258:21)
    at Object.mountComponent (.../node_modules/react-dom/lib/ReactReconciler.js:46:35)
    at ReactCompositeComponentWrapper.performInitialMount (.../node_modules/react-dom/lib/ReactCompositeComponent.js:371:34)
    at ReactCompositeComponentWrapper.mountComponent (.../node_modules/react-dom/lib/ReactCompositeComponent.js:258:21)
    at Object.mountComponent (.../node_modules/react-dom/lib/ReactReconciler.js:46:35)
    at ReactCompositeComponentWrapper.performInitialMount (.../node_modules/react-dom/lib/ReactCompositeComponent.js:371:34)
    at ReactCompositeComponentWrapper.mountComponent (.../node_modules/react-dom/lib/ReactCompositeComponent.js:258:21)

I exported the env variables and the app logs them correctly. Is there anything I am missing?

Verify auth by providing/checking `state` value

https://developer.github.com/v3/oauth/#1-redirect-users-to-request-github-access

Better naming for context items

Rather than githubAccessToken and githubUser should be github.accessToken and github.user.

Customizable Redirects

Thanks for this amazing library! Its organization is quite elegant.

Any thoughts on possibilities for customizing the page the user lands on after login or logout?

Consider security issues that the library can help with

CSRF: feels like there's not a lot we can do to help
XSS: also seems like there's not much help we can offer other than allowing the access token to be omitted on the client (we already set the cookie to HttpOnly), see #22.

Trying this out, what's your approach?

Hey there, cool package!

I tried following the instructions and got the following error (client side)

Cannot read property 'split' of undefined

decorators/InjectGithubAccessToken.js:60:7

I'm probably going to find out the issue, but wanted to write you anyway to ask you what the general approach is, in particular how do you share the session/userId between the client and the server?

Make sign-in/sign-out paths configurable

Bring back localstorage based sessions

Client should react to sign-in/sign-out in another tab

Scope should be configurable

Hello,

The idea is nice but I might only need the basic profile info rather than the complete list of repositories. It'd be really nice to manage scope at some level.

Thanks in advance,
G.

An in-range update of react-dom is breaking the build 🚨

Version 15.5.4 of react-dom just got published.

Branch	Build failing 🚨
Dependency	react-dom
Current Version	15.5.3
Type	devDependency

This version is covered by your current version range and after updating it in your project the build failed.

As react-dom is “only” a devDependency of this project it might not break production or downstream projects, but “only” your build or test tools – preventing new deploys or publishes.

I recommend you give this issue a high priority. I’m sure you can resolve this 💪

Status Details

❌ ci/circleci Your tests failed on CircleCI Details

Not sure how things should work exactly?

There is a collection of frequently asked questions and of course you may always ask my humans.

Your Greenkeeper Bot 🌴