Gone are the times when all service users would be broadcast the same content. With rapid improvements in software technologies, users are now provided individually personalized content. This is made possible using 2 key factors: one, each user is uniquely identified and their actions are tracked, and two, these actions/activities are processed by ML/AI algorithms to show content relevant to the user’s activity.

\
Establishing a unique identification is important to enhance the user experience of an application. Not just that, it can also be used to serve personal data like messages, emails, etc. We can see this system present almost everywhere on the web today, which is accomplished through what’s known as authentication. It verifies if the person is the same as who he/she claims to be.

\
## **Authentication and Its Types**

As previously mentioned, authentication is used to verify the identity of a person they claim to be. There are various ways through which one can verify their identity.

\
Before looking at the types of authentication, let’s clear a common beginner misconception. When learning about __[authentication architecture](https://www.ibm.com/docs/en/spm/7.0.9?topic=overview-authentication-architecture)__, it is obvious to come across the term authorization, but it is important to note that authorization is not the same as authentication. The former describes the authority or access level an individual holds whereas the latter is verifying the identity.

Authorization can be considered as a subset of authentication. An authenticated user may or may not be authorized to perform an action, but to be authorized to perform any action that mutates the data on the server, one must be authenticated.

Moving ahead, let us look at some of the most commonly used authentication types.

\
### **Authentication Using a Form**

** ![](https://cdn.hackernoon.com/images/j5OOW9CwS9gaqunTWf9E1krzQWI2-2022-10-10T21:42:35.674Z-cl93avlaz00050bs695fgf2qd)**

**__[Source](https://docs.oracle.com/cd/E19575-01/819-3669/bncch/index.html)__**

\
This is one of the most widely used ways of authentication to date. Here, a form is set up both for registration and login, where the user enters their details and the information is stored in the site's database through a self-service.

\
#### **Pros:**

Full access and visibility to the form data can extract any amount of information from the user and can be styled to fit the site’s design principles.

#### **Cons:**

Longer development time requires active maintenance, can get tedious to fill out long forms, and is time-consuming

\
### **Using social handles**

\
** ![](https://cdn.hackernoon.com/images/j5OOW9CwS9gaqunTWf9E1krzQWI2-2022-10-10T21:42:35.676Z-cl93avlb000060bs65ujuh7uf)**

**__[Source](https://medium.com/@golman.alan/social-login-3rd-party-app-authorization-f228a3f8ae23)__**

\
It is very likely that a user visiting your site already has at least one social account.

So instead of creating an authentication system from the ground up, one could simply use __[social logins](https://auth0.com/learn/social-login/)__ to onboard or sign in users.  

#### Pros:

Faster development, increased registrations, verified email out of the box, and a good UX overall.

#### Cons:

Downtime in social media might disrupt the logins of your app (less likely, but possible), 

excluding non-social media users, visitors might forget which social login they used.

\
### **OTP-Based Authentication**

** ![](https://cdn.hackernoon.com/images/j5OOW9CwS9gaqunTWf9E1krzQWI2-2022-10-10T21:42:35.677Z-cl93avlb100070bs61kia8akc)**

**__[Source](https://www.nextauth.com/banking-grade-login-often-means-weak-otp/)__**

\
In OTP-based authentication, a user is authenticated via an email or a phone number, or both, by sending a one-time password to the registered phone number/email.

Once the user logs in with the sent OTP, the password is invalidated and cannot be used again to authenticate.

This requires an email or SMS provider to send the OTP whenever the user logs in.

#### Pros:

No burden of remembering passwords, and better security.

#### Cons:

Increased maintenance costs for SMS/email service provider, requires the user to have access to email/phone every time they sign in.

\
## **Authentication Using Frontegg** 

**In the above section, we saw the different ways in which an authentication system can be built along with its pros and cons. The common drawback of all of these methods is that they are time-consuming and require coding skills.** 

So, how can one go about building an auth system with minimum effort and great results? Frontegg‘s __[Login Box Builder](https://docs.frontegg.com/docs/using-login-box-builder)__ was built keeping these problems in mind.

For those of you who haven’t heard about Frontegg, it is a user management __[SaaS](https://www.salesforce.com/in/saas/)__ platform built for B2B products. It provides a wide range of choices to make sure that the creation of a login/sign-up widget is flexible enough. This platform can be used for user management right from authentication to checkout, of which we’ll see the authentication implementation in detail.

** \n **

 ![](https://cdn.hackernoon.com/images/j5OOW9CwS9gaqunTWf9E1krzQWI2-2022-10-10T21:42:35.679Z-cl93avlb400080bs6eswvau4x)

Currently, React, Angular, and Vue-based websites can use the login/sign-up widget. The integration of the authentication system in React is the main topic of this article. However, a comparable strategy can be modified to accomplish the same in other frameworks as well.

\
Building an authentication system using Frontegg is straightforward and is composed of 3 simple steps: design, integrate and deploy.

\
First off, head to __[Frontegg](https://portal.frontegg.com/signup)__ and sign up for a free account. After you sign up, you are taken to a screen with the headings "Build your login box," "Integrate," etc. Choose "Start" next to "Build your login box". You will set the authentication type and aesthetics here. 

There are no limitations on how the authentication system should be created in this situation. You may use social logins if you wish to, for example. Click on ‘Publish changes’ after you are done designing your login box.** \n **

 ![](https://cdn.hackernoon.com/images/j5OOW9CwS9gaqunTWf9E1krzQWI2-2022-10-10T21:42:35.687Z-cl93avlbb000c0bs6drc92zta)

The next step is integrating the box into the code, the widget has to be included into your site after the login/sign-up box is ready. Hosted and embedded integration options are available.

Although we'll be using hosted login in this tutorial, you're free to use embedded login too. Run the following command to install "@frontegg/react" and "react-router-dom":** \n **

`npm install @frontegg/react react-router-dom@latest`

\
In your index.js, wrap the root component with the \`FrontEgg\` component. This is to maintain the integrity of private routes and know the auth state overall. It should be something like the one below.

\
 ![](https://cdn.hackernoon.com/images/j5OOW9CwS9gaqunTWf9E1krzQWI2-2022-10-10T21:42:35.687Z-cl93avlbb000b0bs60nj6gd6j)

__[Source](https://ray.so/?title=&theme=midnight&spacing=16&background=true&darkMode=true&code=aW1wb3J0IFJlYWN0RE9NIGZyb20gJ3JlYWN0LWRvbSc7CmltcG9ydCBBcHAgZnJvbSAnLi9BcHAnOwppbXBvcnQgJy4vaW5kZXguY3NzJzsKCmltcG9ydCB7IEZyb250ZWdnUHJvdmlkZXIgfSBmcm9tICdAZnJvbnRlZ2cvcmVhY3QnOwoKY29uc3QgY29udGV4dE9wdGlvbnMgPSB7CiAgYmFzZVVybDogJ2h0dHBzOi8vWU9VUl9CQVNFX1VSTC5mcm9udGVnZy5jb20nLAogIGNsaWVudElkOiAnWU9VUl9DTGlFTlRfSUTigJknCn07CgpSZWFjdERPTS5yZW5kZXIoCiAgICA8RnJvbnRlZ2dQcm92aWRlciBjb250ZXh0T3B0aW9ucz17Y29udGV4dE9wdGlvbnN9IGhvc3RlZExvZ2luQm94PXt0cnVlfT4KICAgICAgICA8QXBwIC8-CiAgICA8L0Zyb250ZWdnUHJvdmlkZXI-LAogICAgZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ3Jvb3QnKQopOwpgYA&language=javascript)__

\
To get the base URL, navigate to “Go live”>Add your domain to the "Allowed Origin" list, where you can see your base URL. Click on your profile in the lower left corner, then select Workspace Settings from the expanded menu to find the client ID.

\
Next, we can use Frontegg's 'useAuth' hook to determine whether a user has been authenticated or not. If the user is authenticated, this hook returns the user data and authenticated state (boolean value). Based on the boolean value, you can conditionally render various pieces of information.** \n **

 ![](https://cdn.hackernoon.com/images/j5OOW9CwS9gaqunTWf9E1krzQWI2-2022-10-10T21:42:35.686Z-cl93avlba000a0bs65zfr7265)

__[Source](https://ray.so/?title=&theme=midnight&spacing=16&background=true&darkMode=true&code=YGBgCmNvbnN0IHt1c2VyLCBpc0F1dGhlbnRpY2F0ZWR9ID0gdXNlQXV0aCgpCmBgYAoKQmVsb3cgaXMgYSBzYW1wbGUgc25pcHBldCBkZW1vbnN0cmF0aW5nIHRoZSBzYW1lOgpgYGAKaW1wb3J0ICcuL0FwcC5jc3MnOwppbXBvcnQgeyB1c2VFZmZlY3QgfSBmcm9tICJyZWFjdCI7CmltcG9ydCB7CiAgdXNlQXV0aCwKICB1c2VMb2dpbldpdGhSZWRpcmVjdAp9IGZyb20gIkBmcm9udGVnZy9yZWFjdCI7CmltcG9ydCB7Q29udGV4dEhvbGRlcn0gZnJvbSAiQGZyb250ZWdnL3Jlc3QtYXBpIjsKCgpmdW5jdGlvbiBBcHAoKSB7CiAgY29uc3QgeyB1c2VyLCBpc0F1dGhlbnRpY2F0ZWQgfSA9IHVzZUF1dGgoKTsKICAKICBjb25zdCBsb2dpbldpdGhSZWRpcmVjdCA9IHVzZUxvZ2luV2l0aFJlZGlyZWN0KCk7CgogIGNvbnNvbGUubG9nKCd1c2VyIC0gJywgdXNlcik7CiAgY29uc29sZS5sb2coJ2lzQXV0aGVudGljYXRlZCAtICcsIGlzQXV0aGVudGljYXRlZCk7CiAgY29uc29sZS5sb2coJ3VzZXIgLSAnLCB1c2VyKTsKCiAgdXNlRWZmZWN0KCgpID0-IHsKICAgIGlmICghaXNBdXRoZW50aWNhdGVkKSB7CiAgICAgIGNvbnNvbGUubG9nKCd1c2VyIGlzIG5vdCBsb2dnZWQtb24uIGdvaW5nIHRvIGxvZ2luV2l0aFJlZGlyZWN0JykKICAgICAgbG9naW5XaXRoUmVkaXJlY3QoKTsKICAgIH0KICB9LCBbaXNBdXRoZW50aWNhdGVkLCBsb2dpbldpdGhSZWRpcmVjdF0pOwoKICBjb25zdCBsb2dvdXQgPSAoKSA9PiB7CiAgICBjb25zdCBiYXNlVXJsID0gQ29udGV4dEhvbGRlci5nZXRDb250ZXh0KCkuYmFzZVVybDsKICAgIHdpbmRvdy5sb2NhdGlvbi5ocmVmID0gYCR7YmFzZVVybH0vb2F1dGgvbG9nb3V0P3Bvc3RfbG9nb3V0X3JlZGlyZWN0X3VyaT0ke3dpbmRvdy5sb2NhdGlvbn1gOwogIH07CgogIHJldHVybiAoCiAgICA8ZGl2IGNsYXNzTmFtZT0iQXBwIj4KICAgICAge2lzQXV0aGVudGljYXRlZCA_ICgKICAgICAgICA8ZGl2PgogICAgICAgICAgPGRpdj4KICAgICAgICAgICAgPGltZyBzcmM9e3VzZXI_LnByb2ZpbGVQaWN0dXJlVXJsfSBhbHQ9e3VzZXI_Lm5hbWV9IC8-CiAgICAgICAgICA8L2Rpdj4KICAgICAgICAgIDxkaXY-CiAgICAgICAgICAgIDxzcGFuPkxvZ2dlZCBpbiBhczoge3VzZXI_Lm5hbWV9PC9zcGFuPgogICAgICAgICAgPC9kaXY-CiAgICAgICAgICA8ZGl2PgogICAgICAgICAgICA8YnV0dG9uIG9uQ2xpY2s9eygpID0-IGxvZ291dCgpfT5DbGljayB0byBsb2dvdXQ8L2J1dHRvbj4KICAgICAgICAgIDwvZGl2PgogICAgICAgIDwvZGl2PgogICAgICApIDogKAogICAgICAgIDxkaXY-CiAgICAgICAgICA8YnV0dG9uIG9uQ2xpY2s9e2xvZ2luV2l0aFJlZGlyZWN0fT5DbGljayBtZSB0byBsb2dpbjwvYnV0dG9uPgogICAgICAgIDwvZGl2PgogICAgICApfQogICAgPC9kaXY-CiAgKTsKfQoKZXhwb3J0IGRlZmF1bHQgQXBwOwpgYGA&language=coffeescript)__

\
If the user is not authenticated, the "useEffect" hook sends him to sign up. You can adjust this to your needs, but enabling users to authenticate is a wise choice. The aforementioned code snippet was obtained from Frontegg's official __[GitHub repo](https://github.com/frontegg-samples/react-hosted-login-box)__.

\
Next, from your Frontegg dashboard, activate hosted login. To implement that, click Manage for Hosted Login under "Settings" under "Authentication". The image below depicts the same.

 ![](https://cdn.hackernoon.com/images/j5OOW9CwS9gaqunTWf9E1krzQWI2-2022-10-10T21:42:35.685Z-cl93avlb900090bs63zm5dp9u)

The hosted login feature must then be enabled by toggling the enable switch, and you must enter "http://localhost:3000/oauth/callback" in the redirected URL input field (given that you are running on localhost).

Click "save" at the bottom to save the changes after making the mentioned additions.

The last step is adding the weblink to the __[CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS)__ policy.

Select "Add your domain" from the list of available options after selecting the "Go live" option on the top tab. Scroll to the bottom of the "Domains" section to add your domain to the list of "Allowed Origins" that is whitelisted. This should get the widget ready to launch.

## Conclusion

An authentication system plays a critical role in driving a business as a smoother log-in/sign-up system results in onboarding a larger number of users than an uneasy and tedious signup procedure. 

To manage users without any hassle, platforms like Frontegg can be utilized, which benefits both the application developers and the end users.

 \n  \n 

Mozilla

Integrating a React-Based Authentication System for your Web App

Too Long; Didn't Read

Companies Mentioned

@prajwalkulkarni

RELATED STORIES