{"id":19329827,"url":"https://github.com/marmelab/ra-in-memory-jwt","last_synced_at":"2025-10-24T23:10:52.640Z","repository":{"id":39759726,"uuid":"263367463","full_name":"marmelab/ra-in-memory-jwt","owner":"marmelab","description":"Manage React-admin authentication with jwt in memory, not in local storage","archived":false,"fork":false,"pushed_at":"2023-02-14T00:41:43.000Z","size":2844,"stargazers_count":43,"open_issues_count":10,"forks_count":17,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-12T10:58:00.835Z","etag":null,"topics":["jwt","react-admin","security"],"latest_commit_sha":null,"homepage":"https://marmelab.com/blog/2020/07/02/manage-your-jwt-react-admin-authentication-in-memory.html","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/marmelab.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":".github/CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2020-05-12T14:54:11.000Z","updated_at":"2025-01-18T04:41:15.000Z","dependencies_parsed_at":"2023-02-09T00:47:10.185Z","dependency_job_id":"9081d856-59fc-49f1-9277-0505f8b555bc","html_url":"https://github.com/marmelab/ra-in-memory-jwt","commit_stats":{"total_commits":39,"total_committers":2,"mean_commits":19.5,"dds":0.4358974358974359,"last_synced_commit":"6a30cf8c75717fdc4b5c04bf0dc50238b9367210"},"previous_names":[],"tags_count":1,"template":false,"template_full_name":"marmelab/foss-starter-kit","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/marmelab%2Fra-in-memory-jwt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/marmelab%2Fra-in-memory-jwt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/marmelab%2Fra-in-memory-jwt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/marmelab%2Fra-in-memory-jwt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/marmelab","download_url":"https://codeload.github.com/marmelab/ra-in-memory-jwt/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249565252,"owners_count":21292427,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["jwt","react-admin","security"],"created_at":"2024-11-10T02:30:44.550Z","updated_at":"2025-10-24T23:10:47.601Z","avatar_url":"https://github.com/marmelab.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ra-in-memory-jwt\n\n ![GitHub top language](https://img.shields.io/github/languages/top/marmelab/ra-in-memory-jwt.svg) ![GitHub contributors](https://img.shields.io/github/contributors/marmelab/ra-in-memory-jwt.svg) ![ra-in-memory-jwt.svg](https://img.shields.io/github/license/marmelab/ra-in-memory-jwt.svg) ![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg) ![npm](https://img.shields.io/npm/v/ra-in-memory-jwt)\n\nProbably by routine or by *Stack Overflow syndrome*, we often use a [JSON Web Token(JWT)](https://tools.ietf.org/html/rfc7519) to manage this authentication between our frontend apps and their API. For convenience, we store this token in the browser's [localStorage](https://developer.mozilla.org/en-US/docs/Web/API/Window/localStorage). But this is not a good practice, as Randall Degges explains in his article [\"Please Stop Using Local Storage\"](https://dev.to/rdegges/please-stop-using-local-storage-1i04). For the most curious, here is an example of how [\"Stealing JWTs in localStorage via XSS\"](https://medium.com/redteam/stealing-jwts-in-localstorage-via-xss-6048d91378a0).\n\nBut then, how to use a JWT to manage authentication in a more secure way? `ra-in-memory-jwt` is an implementation of a solution proposed by the [Hasura](https://hasura.io) team in their article [The Ultimate Guide to handling JWTs on frontend clients](https://hasura.io/blog/best-practices-of-using-jwt-with-graphql/).\n\nYou can find a detailed explanation of this implementation on the blog post [Handling JWT in Admin Apps the Right Way](https://marmelab.com/blog/2020/07/02/manage-your-jwt-react-admin-authentication-in-memory.html).\n\n## Installation\n\n### From npm\n\n```bash\nnpm install ra-in-memory-jwt\n```\n\n### From scratch\n\nThe use of `ra-in-memory-jwt` is strongly linked to your API. Rather than using the npm package and the configuration options (see next part), you will probably save time to recreate the `innMemoryJWT.js` file from the [original file](https://github.com/marmelab/ra-in-memory-jwt/blob/master/src/index.js). And it will be one less dependency for your project!\n\n## Configuration\n\n`ra-in-memory-jwt` must know the API endpoints to refresh the JWT. The default value is `/refresh-token`, but you can change it with the `setRefreshTokenEndpoint` method:\n\n```javascript\ninMemoryJWT.setRefreshTokenEndpoint('http://localhost:8001/another/refresh-token-endpoint');\n```\n\n## Contributing\n\nPull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.\n\nTo learn more about the contributions to this project, consult the [contribution guide](/.github/CONTRIBUTING.md).\n\n## Maintainer\n\n[![alexisjanvier](https://avatars1.githubusercontent.com/u/547706?s=96\u0026amp;v=4)](https://github.com/alexisjanvier)     \n[Alexis Janvier](https://github.com/alexisjanvier) \n\n## License\n\nra-in-memory-jwt is licensed under the [MIT License](LICENSE), courtesy of [Marmelab](http://marmelab.com).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmarmelab%2Fra-in-memory-jwt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmarmelab%2Fra-in-memory-jwt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmarmelab%2Fra-in-memory-jwt/lists"}