How to implement OAuth in React

Łukasz Holeczek Łukasz Holeczek
calendar Wednesday, December 3, 2025
#react #oauth #authentication #google #login

Implementing OAuth in React enables secure third-party authentication without handling sensitive user credentials directly in your application. As the creator of CoreUI with extensive React experience since 2014, I’ve integrated OAuth flows in numerous enterprise applications for simplified user onboarding. The most reliable approach redirects users to the OAuth provider, then handles the callback with authorization codes. This pattern provides secure authentication while offering users familiar login options from trusted platforms.

Implement OAuth by redirecting to the provider’s authorization URL and handling the callback with authorization codes.

import { useEffect } from 'react'
import { useNavigate, useLocation } from 'react-router-dom'

function OAuthHandler() {
    const navigate = useNavigate()
    const location = useLocation()

    const initiateOAuth = () => {
        const clientId = process.env.REACT_APP_GOOGLE_CLIENT_ID
        const redirectUri = encodeURIComponent('http://localhost:3000/auth/callback')
        const scope = encodeURIComponent('openid email profile')

        const authUrl = `https://accounts.google.com/o/oauth2/v2/auth?` +
            `client_id=${clientId}&` +
            `redirect_uri=${redirectUri}&` +
            `scope=${scope}&` +
            `response_type=code`

        window.location.href = authUrl
    }

    return (
        <button onClick={initiateOAuth}>
            Login with Google
        </button>
    )
}

function AuthCallback() {
    const navigate = useNavigate()

    useEffect(() => {
        const urlParams = new URLSearchParams(window.location.search)
        const code = urlParams.get('code')

        if (code) {
            // Exchange code for tokens
            fetch('/api/auth/oauth/callback', {
                method: 'POST',
                headers: { 'Content-Type': 'application/json' },
                body: JSON.stringify({ code })
            })
            .then(response => response.json())
            .then(data => {
                localStorage.setItem('token', data.token)
                navigate('/dashboard')
            })
            .catch(error => console.error('OAuth error:', error))
        }
    }, [navigate])

    return <div>Processing login...</div>
}

This code initiates OAuth by constructing the authorization URL with your client ID and redirect URI, then redirects the user to Google’s authentication page. When the user returns via the callback route, it extracts the authorization code and exchanges it for access tokens on your backend. The tokens are then stored locally and the user is redirected to the application.

Best Practice Note:

This is the OAuth integration pattern we use in CoreUI dashboard applications for enterprise authentication. Always handle the token exchange on your backend to keep client secrets secure and implement proper error handling for failed authentication attempts.

Speed up your responsive apps and websites with fully-featured, ready-to-use open-source admin panel templates—free to use and built for efficiency.

Free Angular Admin Template
Angular
Free Bootstrap Admin Template
Bootstrap
Free React.js Admin Template
React Logo
React.js
Free Vue.js Admin Template
Vue.js

About the Author

Łukasz Holeczek

Łukasz Holeczek, Founder of CoreUI, is a seasoned Fullstack Developer and entrepreneur with over 25 years of experience. As the lead developer for all JavaScript, React.js, and Vue.js products at CoreUI, they specialize in creating open-source solutions that empower developers to build better and more accessible user interfaces.

With expertise in TypeScript, JavaScript, Node.js, and modern frameworks like React.js, Vue.js, and Next.js, Łukasz combines technical mastery with a passion for UI/UX design and accessibility. CoreUI’s mission is to provide developers with tools that enhance productivity while adhering to accessibility standards.

Łukasz shares its extensive knowledge through a blog with technical software development articles. It also advises enterprise companies on building solutions from A to Z. Through CoreUI, it offers professional services, technical support, and open-core products that help developers and businesses achieve their goals.

Learn more about CoreUI’s solutions and see how your business can benefit from working with us.
Subscribe to our newsletter
Get early information about new products, product updates and blog posts.
What is globalThis in JavaScript?
What is globalThis in JavaScript?
calendar Wednesday, January 8, 2025
How to Remove Elements from a JavaScript Array
How to Remove Elements from a JavaScript Array
calendar Thursday, February 13, 2025
How to Conditionally Add a Property to an Object in JavaScript
How to Conditionally Add a Property to an Object in JavaScript
calendar Monday, January 13, 2025
Passing props to child components in React function components
Passing props to child components in React function components
calendar Wednesday, October 2, 2024

Answers by CoreUI Core Team

How to use route params in Vue
How to build a REST API in Node.js
How to use onBeforeMount in Vue
How to show Git diff between commits
How to read files in Node.js
How to delete a branch in Git