Authentication on react app using pega auth service
Our use case involves a React application that is connecting to Pega via DX API's. On react side, the requirement is to have an authenticated and unauthenticated journey of the user. I understand from the documentations that the we can give authservice in the sdkconfig json file. We have OpenID as our IDP , and we created an authentication service on Pega and added the alias for that in the sdkconfig file. When we are loading the react page, it is trying to authenticate in a popup window and its presenting us the IDP login page. We have following queries where we are stuck for now -
1. How to initiate the IDP login on the same page of react instead of a popup.
2. Since we have an unauthenticated journey, there are certain pages on the react app which the user can use without any authentication. We have a login button on the click of which the authentication flow should start and connect to the IDP. Currently, since we have given the auth service in the config json file, it is launching the authentication as soon as the page loads but we want to trigger that on the click of the login button. Unless the button is clicked, the DX API calls should happen via a common operatorID and after user logs in, it should switch to the logged in user operator ID.
3. the opposite of point 2 should happen if the user clicks on log off.
HCA Healthcare
US
New Jersey Courts
US
@Sairohith We have the similar requirement, I'm struggling to find the handful document from the community sites. Can you elaborate on Pega Auth service in React SDK?
The 'authService' in 'sdk-config.json' is always "authService": "pega". How to conditionally set this parameter.
I'm assuming when the app is authorized, the PCore and PConnect should be utilized instead of DX API call directly in react-sdk, does this make sense?
It would be great if you can share some documents or guide.
@AkshayH4 To authenticate your React app using Pega Auth service while allowing both authenticated and unauthenticated user journeys, follow these steps. First, modify your
sdkconfig.jsonto prevent automatic authentication on page load by removing or conditionally setting theauthserviceparameter. Instead, create a login button in your React app that, when clicked, triggers the authentication process by calling the Pega Auth service directly, ensuring the IDP login appears on the same page instead of a popup. Utilize your OpenID setup to manage the authentication flow within the main window. For unauthenticated pages, ensure your routes do not require authentication and that API calls use a common operatorID by default. Upon successful login, update your application's state to use the logged-in user's operator ID for subsequent DX API calls. Additionally, implement a logout button that, when clicked, clears the authenticated state and reverts the operator ID back to the common one, effectively switching the user back to the unauthenticated mode. Use React’s state management (like Context API or Redux) to handle authentication states and ensure that the UI updates accordingly based on whether the user is logged in or not. This approach ensures that authentication is only initiated when needed, providing a seamless experience for both authenticated and unauthenticated users.