npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@agora-sdk/auth-react-js

v0.10.2

Published

Black-box OAuth callback handling and auth ergonomics for Agora SDK (Replyke fork) web apps: persistence-gated callback redirect, auth-ready status, reliable logout, stale-account self-heal.

Readme

@agora-sdk/auth-react-js

Black-box OAuth callback handling + auth ergonomics for Agora SDK (a Replyke fork) web apps. It runs inside <ReplykeProvider> and observes the SDK's own auth state — you never touch localStorage keys, count render cycles, or read useAccountSync.

Why

The SDK's handleOAuthCallback() stages tokens in Redux and starts an async user fetch, but the session isn't written to localStorage until several render cycles later. In a multi-page app (Astro, Next.js, Remix, SvelteKit), navigating away on its synchronous return tears down the React tree before persistence runs — and the freshly minted session is lost. This package gates navigation on actual persistence.

Install

pnpm add @agora-sdk/auth-react-js
# peers (you already have these): react, react-dom, @agora-sdk/react-js

OAuth callback page (the thing everyone tries to write — now correct)

import { useOAuthCallback } from "@agora-sdk/auth-react-js";

export default function Callback() {
  const { status, error } = useOAuthCallback({ redirectTo: "/#comments" });
  if (status === "error") return <p>Sign-in failed: {error}</p>;
  return <Spinner />; // success full-page-navigates to redirectTo
}

It gates navigation on a fresh session actually landing in localStorage (the state the next document boots from), not on volatile in-store auth — so it stays correct even when a leftover stale account's boot-refresh fails 401 mid-flow. Single-session apps can pass pruneStaleOnMount: true to clear any pre-existing account first and silence that cosmetic 401.

Or the drop-in component:

import { OAuthCallbackHandler } from "@agora-sdk/auth-react-js";

<OAuthCallbackHandler redirectTo="/" onError={(m) => toast(m)} pending={<Spinner />} />

Auth-ready status

import { useAuthStatus } from "@agora-sdk/auth-react-js";
const { status } = useAuthStatus(); // 'initializing' | 'authenticated' | 'unauthenticated'

Reliable logout

import { useSignOutEverywhere } from "@agora-sdk/auth-react-js";
const { signOutEverywhere, isPending } = useSignOutEverywhere();
<button disabled={isPending} onClick={() => void signOutEverywhere().catch(() => {})}>Sign out</button>

Prefer this over the SDK's useAuth().signOut(), which is active-account-only (it switches accounts rather than ending the session).

Self-heal a stale-only session

import { useAuthSelfHeal } from "@agora-sdk/auth-react-js";
function App() { useAuthSelfHeal(); return <Thread />; } // prunes a dead active account once

Email verification & password reset pages

The server emails links back to your app — /auth/verify-email and /auth/reset-password. Drop these in on those routes so the links stop 404-ing:

import { EmailVerificationHandler, PasswordResetHandler } from "@agora-sdk/auth-react-js";

// route: /auth/verify-email
<EmailVerificationHandler redirectTo="/?verified=1" />

// route: /auth/reset-password  (ships a minimal new-password form; pass renderForm for your own UI)
<PasswordResetHandler redirectTo="/signin?reset=1" />

Both fail closed if the link's projectId doesn't match your app's (no request is sent), and strip the one-time token from the URL after use. Each has a matching logic hook (useEmailVerification, usePasswordReset) if you'd rather render your own page. For the "didn't get it?" flow:

import { ResendVerificationButton } from "@agora-sdk/auth-react-js";
<ResendVerificationButton email={email} onSent={() => toast("Sent!")} />

Scope

Web only. The callback race is specific to cross-document navigation; React Native / Expo OAuth does not tear down the tree.

Full guide

The complete guide — every hook + component, the design guarantees, and the A8 stale-account race analysis — ships with this package as AUTH.md and lives in the repo at docs/AUTH.md.