This project demonstrates how to implement the Authorization Code Flow with PKCE for a React SPA.
Disclaimer: This project is for educational purposes only and should not be used in production without proper security review and testing.
This project is deployed on Cloudflare Pages. You can access the live demo here.
Before getting started, make sure you have the following:
- Node.js installed on your machine
- An OpenID Connect provider that supports the Authorization Code Flow with PKCE
- Clone the repository:
git clone https://github.com/cerberauth/openid-connect-examples.git- Install the dependencies:
cd openid-connect-examples/react-spa
npm ci- Configure the OpenID Connect provider:
If you don't have an OpenID Connect provider, you can use TestID OpenID Connect Provider.
- Obtain the client ID and client secret from your OpenID Connect provider.
- Register the redirect URI for your React SPA in the provider's developer console.
- Update the configuration:
-
Create a
.env.localfile in the root directory of your project or copy.envfile. -
Add the necessary environment variables to the
.env.localfile. For example:VITE_CLIENT_ID=your-client-id VITE_REDIRECT_URI=http://localhost:3000/callbackReplace
your-client-id, andhttp://localhost:5173/callbackwith the actual values provided by your OpenID Connect provider. -
Save the
.env.localfile.
- Start the development server:
npm run dev-
Open your browser and navigate to
http://localhost:5173/. -
Click on the "Login" button to initiate the authorization code flow.
-
After successful authentication, you will be redirected back to the React SPA and the user information will be displayed.