// the find
gitdagray/react_jwt_auth
Tutorial companion code for a YouTube series on React JWT authentication — access tokens, refresh tokens, HTTP-only cookies, and axios interceptors. It's a learning resource, not a production starter kit. The target audience is React beginners following Dave Gray's course.
The axios interceptor pattern in useAxiosPrivate is the right approach: it quietly retries a 403 with a refreshed token before failing, which is what you actually want in production. RequireAuth as a route wrapper is clean and composable. The separation of a public axios instance and a private one with credentials is a good habit to teach. Role-based route guarding is included, not bolted on as an afterthought.
This is tutorial code frozen in time — last touched May 2024, React 18 but no concurrent-mode considerations, and no tests whatsoever. The auth state lives in context with no persistence strategy: a hard refresh logs the user out unless the refresh token flow fires in time, and there's no loading state guard to prevent a flash of the login page. The backend is a separate repo you have to build yourself from a 7-hour video, so you can't actually run this standalone. Anyone copying this into a real app will hit CORS, CSRF, and token storage edge cases that the tutorial never covers.