|
1 | 1 | # redux-http-basic-auth-example |
2 | 2 |
|
3 | | -When a client, web or app, communicates with an HTTP API which enforces some form of authentication, the client typically follows this pattern: |
4 | 3 |
|
5 | | - 1. The app is not authenticated, the user is presented a log in screen. |
| 4 | +When an app communicates with a HTTP API, which enforces some form of authentication, the app typically follows these steps: |
| 5 | + |
| 6 | + 1. The app is not authenticated, so the user is prompted to log in. |
6 | 7 | 2. The user enters their username and password, and taps submit. |
7 | | - 3. The credentials are sent to the API and the app inspects the response: |
8 | | - 3.1. On success (200 - OK): The authentication token or hash is cached, and the app uses this token in every subsequent request. If at any stage, during an API request, the hash or token doesn't work (401 - Unauthorized) the user needs to be prompted to re-enter their credentials. |
9 | | - 3.2. On failure (401 - Unauthorized): The client displays an error message to the user, prompting them re-enter their credentials. |
| 8 | + 3. The credentials are sent to the API, and the app inspects the response: |
| 9 | + 4. On success (200 - OK): The authentication token or hash is cached, the app uses this token in every subsequent request. |
| 10 | + 5. If at any stage, during an API request, the hash or token doesn't work anymore (401 - Unauthorized), then the user is prompted to re-enter their credentials. |
| 11 | + 6. On failure (401 - Unauthorized): The client displays an error message to the user, prompting them re-enter their credentials. |
| 12 | + |
| 13 | +With the work flow defined above we'll start with the Reflux _action creators_ and _reducers_. |
| 14 | + |
| 15 | + |
| 16 | +In _step 2_ the user taps the submit button, which dispatches the `login(username, password)` function. |
| 17 | + |
| 18 | +``` |
| 19 | +/// actions/user.js |
| 20 | +
|
| 21 | +export function login(username, password) { |
| 22 | + return (dispatch) => { |
| 23 | +
|
| 24 | + /* We use this to update the state of `isLoggingIn` to `true` in our store, which can be used to display an activity indicator on the login view. */ |
| 25 | + dispatch(loginRequest()) |
| 26 | +
|
| 27 | + /* This only works in Node, use an implementation that work for the platform you're using, e.g.: `base64-js` for React Native, or `btoa()`` for browsers. */ |
| 28 | + const hash = new Buffer(`${username}:${password}`).toString('base64') |
| 29 | + return fetch('https://httpbin.org/basic-auth/admin/secret', { |
| 30 | + headers: { |
| 31 | + 'Authorization': `Basic ${hash}` |
| 32 | + } |
| 33 | + }) |
| 34 | + .then(response => response.json().then(json => ({ json, response }))) |
| 35 | + .then(({json, response}) => { |
| 36 | + if (response.ok === false) { |
| 37 | + return Promise.reject(response, json) |
| 38 | + } |
| 39 | + return json |
| 40 | + }) |
| 41 | + .then( |
| 42 | + data => { |
| 43 | + // data = { authenticated: true, user: 'admin' } |
| 44 | + dispatch(loginSuccess(hash, data.user)) |
| 45 | + }, |
| 46 | + (response, data) => dispatch(loginFailure(data.error || 'Log in failed')) |
| 47 | + ) |
| 48 | + } |
| 49 | +} |
| 50 | +``` |
0 commit comments