Installation
Before starting be aware that oidc-spa is not suited for Next.js.
If you are using Next the closer alternative is to use NextAuth.js (with the Keycloak adapter if you are using Keycloak). See this guide.
If you're having issues don't hesitate to reach out on Discord!
Add the lib to your dependencies
npm install oidc-spayarn add oidc-spapnpm add oidc-spabun add oidc-spaEditing your App entrypoint
To protect tokens against supply-chain attacks and XSS, oidc-spa must run some initialization code before any other JavaScript in your app.
This design provides much stronger security guarantees than any other adapter, and it also delivers unmatched login performance. More details here.
First rename your entry point file from main.tsx (or main.ts) to main.lazy.tsx
mv src/main.tsx src/main.lazy.tsxThen create a new main.tsx file:
import { oidcEarlyInit } from "oidc-spa/entrypoint";
const { shouldLoadApp } = oidcEarlyInit({
freezeFetch: true,
freezeXMLHttpRequest: true,
freezeWebSocket: true
});
if (shouldLoadApp) {
// Note: Deferring the main app import adds a few milliseconds to cold start,
// but dramatically speeds up auth. Overall, it's a net win.
import("./main.lazy");
}You can skip this for now. It will be explained in the dedicated setup guide:
React RouterTo protect tokens against supply-chain attacks and XSS, oidc-spa must run some initialization code before any other JavaScript in your app.
This design provides much stronger security guarantees than any other adapter, and it also delivers unmatched login performance. More details here.
First rename your entry point file from main.ts to main.lazy.ts
mv src/main.tsx src/main.lazy.tsxThen create a new main.ts file:
import { oidcEarlyInit } from "oidc-spa/entrypoint";
const { shouldLoadApp } = oidcEarlyInit({
freezeFetch: true,
freezeXMLHttpRequest: true,
freezeWebSocket: true
});
if (shouldLoadApp) {
// Note: Deferring the main app import adds a few milliseconds to cold start,
// but dramatically speeds up auth. Overall, it's a net win.
import("./main.lazy");
}Create React App is deprecated. Consider using Vite instead.
To protect tokens against supply-chain attacks and XSS, oidc-spa must run some initialization code before any other JavaScript in your app.
This design provides much stronger security guarantees than any other adapter, and it also delivers unmatched login performance. More details here.
First rename your entry point file from main.tsx (or main.ts) to main.lazy.tsx
mv src/index.tsx src/index.lazy.tsxThen create a new index.tsx file:
import { oidcEarlyInit } from "oidc-spa/entrypoint";
const { shouldLoadApp } = oidcEarlyInit({
freezeFetch: true,
freezeXMLHttpRequest: true,
freezeWebSocket: true
});
if (shouldLoadApp) {
// Note: Deferring the main app import adds a few milliseconds to cold start,
// but dramatically speeds up auth. Overall, it's a net win.
import("./index.lazy");
}Last updated
Was this helpful?