React (@sumx/ssr-auth-react)
Client auth shell: CheckToken, dependency injection, and LoginSkeleton.
Install
pnpm add @sumx/ssr-auth-react @sumx/uiPeers: react, react-dom, @sumx/ui, @sumx/ssr-auth-core (transitive types/utils), TanStack Query (via portal deps).
CheckToken (default export)
Wrap protected app content in _app.tsx:
import CheckToken from '@sumx/ssr-auth-react';
import { CheckTokenDepsProvider } from '@sumx/ssr-auth-react';
import { buildCheckTokenPortalDeps } from '@/hoc/check-token/build-check-token-portal-deps';
const deps = buildCheckTokenPortalDeps(queryClient);
export default function App({ Component, pageProps }) {
return (
<CheckTokenDepsProvider value={deps}>
<CheckToken>
<Component {...pageProps} />
</CheckToken>
</CheckTokenDepsProvider>
);
}Behavior
- Shows
LoginSkeletonwhile OIDC / session sync runs. - Redirects unauthenticated users to IdP (respects return path).
- Syncs with
GET/POSTsession API. - Shows cross-tab session
Dialogfrom@sumx/uiwhen another tab logs in. - Hard reload on pipeline identity change.
CheckTokenDepsProvider / useCheckTokenDeps
Host app supplies all portal-specific integrations via CheckTokenPortalDeps:
| Area | Fields |
|---|---|
| Env | getPublicEnv(), siteConfig |
| Cookies | cookieKeys, cookieUtils |
| Profile | fetchUserProfile, getProfile |
| Stores | useLoggedInStore, useCommonStore, usePermissionStore, useGlobalFilterStore |
| Query | useQueryClient, permissionGetAllQueryKey |
| HTTP | captureAndApplyUserRequestContextHeaders, cancelPendingBrowserApiRequests |
Type: CheckTokenPortalDeps in check-token-deps.types.ts.
Portal builds this once in build-check-token-portal-deps.ts — do not bundle a second TanStack Query instance.
LoginSkeleton
import { LoginSkeleton } from '@sumx/ssr-auth-react';
<LoginSkeleton />Lottie animation bundled in the package (no extra asset copy in portal). Portal may re-export from @/shared/components/.../login-skeleton.
UI dependencies
- Cross-tab dialog →
@sumx/uiDialog + Button - Wrap app with PermissionProvider for gated actions