How to implement authentication in React

Monday, December 1, 2025

#react #authentication #context #security #routes

Implementing authentication is crucial for securing React applications and managing user access to protected resources and routes. As the creator of CoreUI with extensive React development experience since 2014, I’ve built authentication systems for countless enterprise dashboards and admin panels. The most scalable approach uses React Context API to manage global authentication state combined with protected route components. This pattern provides centralized auth logic while maintaining clean component separation and reusability.

Create an authentication context with login/logout methods and use it to protect routes throughout your application.

import { createContext, useContext, useState, useEffect } from 'react'

const AuthContext = createContext()

export function AuthProvider({ children }) {
    const [user, setUser] = useState(null)
    const [loading, setLoading] = useState(true)

    const login = async (credentials) => {
        const response = await fetch('/api/login', {
            method: 'POST',
            headers: { 'Content-Type': 'application/json' },
            body: JSON.stringify(credentials)
        })
        const data = await response.json()
        setUser(data.user)
        localStorage.setItem('token', data.token)
    }

    const logout = () => {
        setUser(null)
        localStorage.removeItem('token')
    }

    useEffect(() => {
        const token = localStorage.getItem('token')
        if (token) {
            // Verify token and set user
        }
        setLoading(false)
    }, [])

    return (
        <AuthContext.Provider value={{ user, login, logout, loading }}>
            {children}
        </AuthContext.Provider>
    )
}

export const useAuth = () => useContext(AuthContext)

This code creates a reusable authentication context that manages user state, login/logout methods, and loading states. The provider wraps your app to make auth data available globally, while the custom hook simplifies access to auth functionality. The useEffect initializes authentication state on app load, checking for existing tokens to maintain login sessions.

Best Practice Note:

This is the authentication architecture we use in CoreUI Pro dashboard templates for enterprise applications. Always implement token refresh logic and secure token storage to maintain robust authentication security.

Speed up your responsive apps and websites with fully-featured, ready-to-use open-source admin panel templates—free to use and built for efficiency.

About the Author

Łukasz Holeczek, Founder of CoreUI, is a seasoned Fullstack Developer and entrepreneur with over 25 years of experience. As the lead developer for all JavaScript, React.js, and Vue.js products at CoreUI, they specialize in creating open-source solutions that empower developers to build better and more accessible user interfaces.

With expertise in TypeScript, JavaScript, Node.js, and modern frameworks like React.js, Vue.js, and Next.js, Łukasz combines technical mastery with a passion for UI/UX design and accessibility. CoreUI’s mission is to provide developers with tools that enhance productivity while adhering to accessibility standards.

Łukasz shares its extensive knowledge through a blog with technical software development articles. It also advises enterprise companies on building solutions from A to Z. Through CoreUI, it offers professional services, technical support, and open-core products that help developers and businesses achieve their goals.

Learn more about CoreUI’s solutions and see how your business can benefit from working with us.