Installation

Before starting be aware that oidc-spa is not suited for Next.js.

If you are using Next the closer alternative is to use NextAuth.js (with the Keycloak adapter if you are using Keycloak). See this guide.

If you're having issues don't hesitate to reach out on Discord!

Add the lib to your dependencies

npm install oidc-spa

yarn add oidc-spa

pnpm add oidc-spa

bun add oidc-spa

Editing your App entrypoint

To protect tokens against supply-chain attacks and XSS, oidc-spa must run some initialization code before any other JavaScript in your app.

This design provides much stronger security guarantees than any other adapter, and it also delivers unmatched login performance. More details here.

First rename your entry point file from main.tsx (or main.ts) to main.lazy.tsx

mv src/main.tsx src/main.lazy.tsx

Then create a new main.tsx file:

src/main.tsx

import { oidcEarlyInit } from "oidc-spa/entrypoint";

const { shouldLoadApp } = oidcEarlyInit({
    freezeFetch: true,
    freezeXMLHttpRequest: true,
    freezeWebSocket: true
});

if (shouldLoadApp) {
    // Note: Deferring the main app import adds a few milliseconds to cold start,
    // but dramatically speeds up auth. Overall, it's a net win.
    import("./main.lazy");
}

First rename your entry point file from main.ts to main.lazy.ts

mv src/main.tsx src/main.lazy.tsx

Then create a new main.ts file:

main.ts

import { oidcEarlyInit } from "oidc-spa/entrypoint";

const { shouldLoadApp } = oidcEarlyInit({
    freezeFetch: true,
    freezeXMLHttpRequest: true,
    freezeWebSocket: true
});

if (shouldLoadApp) {
    // Note: Deferring the main app import adds a few milliseconds to cold start,
    // but dramatically speeds up auth. Overall, it's a net win.
    import("./main.lazy");
}

Create React App is deprecated. Consider using Vite instead.

First rename your entry point file from main.tsx (or main.ts) to main.lazy.tsx

mv src/index.tsx src/index.lazy.tsx

Then create a new index.tsx file:

src/index.tsx

import { oidcEarlyInit } from "oidc-spa/entrypoint";

const { shouldLoadApp } = oidcEarlyInit({
    freezeFetch: true,
    freezeXMLHttpRequest: true,
    freezeWebSocket: true
});

if (shouldLoadApp) {
    // Note: Deferring the main app import adds a few milliseconds to cold start,
    // but dramatically speeds up auth. Overall, it's a net win.
    import("./index.lazy");
}

NextBasic Usage

Last updated 7 days ago

Was this helpful?