finds.dev← search

// the find

gitdagray/react_jwt_auth

★ 519 · JavaScript · updated May 2024

Tutorial companion code for a YouTube series on React JWT authentication — access tokens, refresh tokens, HTTP-only cookies, and axios interceptors. It's a learning resource, not a production starter kit. The target audience is React beginners following Dave Gray's course.

The axios interceptor pattern in useAxiosPrivate is the right approach: it quietly retries a 403 with a refreshed token before failing, which is what you actually want in production. RequireAuth as a route wrapper is clean and composable. The separation of a public axios instance and a private one with credentials is a good habit to teach. Role-based route guarding is included, not bolted on as an afterthought.

This is tutorial code frozen in time — last touched May 2024, React 18 but no concurrent-mode considerations, and no tests whatsoever. The auth state lives in context with no persistence strategy: a hard refresh logs the user out unless the refresh token flow fires in time, and there's no loading state guard to prevent a flash of the login page. The backend is a separate repo you have to build yourself from a 7-hour video, so you can't actually run this standalone. Anyone copying this into a real app will hit CORS, CSRF, and token storage edge cases that the tutorial never covers.

View on GitHub →

// want more like this?

We dig through GitHub every week and send a few repos picked for what you actually care about — each with an honest take like this one.

Get finds in your inbox → Search again →