Authentication
One of my favorite uses of XState is for global state management. It excels in an environment fully controlled by JavaScript, like a SPA (Single Page Application) or React Native.
There is no concept of links in React Native. When using React Navigation, you must declare the routes available based on the authentication state. It will automatically redirect the user to the first authenticated/not-authenticated route:
function Navigation() { if (isCheckingInitialAuth === true) { return <SplashScreen />; }
return ( <Stack.Navigator> {isSignedIn === true ? ( <> <Stack.Screen name="Home" component={HomeScreen} /> <Stack.Screen name="Profile" component={ProfileScreen} /> <Stack.Screen name="Settings" component={SettingsScreen} /> </> ) : ( <> <Stack.Screen name="SignIn" component={SignInScreen} /> <Stack.Screen name="SignUp" component={SignUpScreen} /> </> )} </Stack.Navigator> );}This state machine is better suitable for this use case where you must control everything happening, including the HTTP requests made to your authentication API.
Example
Sign in
Don't have an account yet?
Inspect the demo in Stately Inspector
Restart the machine from the beginning
The state machine first checks if the user is initially authenticated.
In a real-world application, you would request a /me endpoint or authentication third-party service here.
The machine redirects the user to the screen matching her authentication state.
The machine stores the user’s data in the context of the machine after having retrieved them from the external API.
If the user is not initially authenticated, the machine redirects her to the sign-in screen, where she can go to the sign-up screen.
When the user submits the sign-in or the sign-up form, the machine requests the auth API and expects it to return whether the operation succeeded and, optionally, an error code or the user’s data. These data are stored in the context of the machine to be used in the UI part.
An authenticated user can sign out from the website. The machine will make another request to the auth API to invalidate the authentication token, and it will clear the user’s data. The machine will also redirect the user back to the sign-in screen.
Error handling is crucial in this scenario. In case of an error during signing-in or signing-up, an alert is displayed
with the error in a human-readable format. Promise actors can throw errors; the machine handles them thanks to the onError transitions.
Code
import { assertEvent, assign, fromPromise, setup } from "xstate";import { wait } from "../../lib/wait";
interface UserData { username: string;}
const USER_DATA_STORAGE_KEY = "user";
export type SignOnErrorCode = "unknown error" | "invalid credentials" | "duplication";
/** * Make an HTTP request to your API or third-party service handling authentication * to get the data of the user. * * Usually I design my API to expose a `/me` route, which returns user's data when * an authenticated cookie is attached to the request. * Otherwise, return `null` or throw an error. */const fetchUserData = fromPromise(async () => { await wait(1_000);
const rawUserData = localStorage.getItem(USER_DATA_STORAGE_KEY); if (rawUserData === null) { // Can also `throw new Error('...')` return null; }
const userData = JSON.parse(rawUserData) as UserData;
return userData;});
/** * Make an HTTP request to your API or third-party service handling authentication. * * Delete the user's authentication cookie or clear the token from the localStorage. */const signOut = fromPromise(async () => { await wait(1_000);
localStorage.removeItem(USER_DATA_STORAGE_KEY);});
/** * Make an HTTP request to your API or third-party service handling authentication. * * Verify if the credentials submitted by the user are valid or not and respond with user's data in case they are. * Usually, I handle form validation outside of my machine, by using React Hook Form on my React components * and sending the `sign-in` event when the form's values have been successfully validated. */const signIn = fromPromise< | { success: true; userData: UserData } | { success: false; error: SignOnErrorCode }, { username: string; password: string }>(async ({ input }) => { await wait(1_000);
if (input.password.length < 2) { return { success: false, error: "invalid credentials", }; }
const userData: UserData = { username: input.username, };
localStorage.setItem(USER_DATA_STORAGE_KEY, JSON.stringify(userData));
return { success: true, userData, };});
/** * Make an HTTP request to your API or third-party service handling authentication. */const signUp = fromPromise< | { success: true; userData: UserData } | { success: false; error: SignOnErrorCode }, { username: string; password: string }>(async ({ input }) => { await wait(1_000);
/** * Simulate that the username is already taken by another user. */ if (input.username.toLowerCase() === "xstate") { return { success: false, error: "duplication", }; }
const userData: UserData = { username: input.username, };
localStorage.setItem(USER_DATA_STORAGE_KEY, JSON.stringify(userData));
return { success: true, userData, };});
export const authenticationMachine = setup({ types: { events: {} as | { type: "sign-out" } | { type: "sign-in"; username: string; password: string } | { type: "sign-up"; username: string; password: string } | { type: "switching sign-on page" }, context: {} as { userData: UserData | null; authenticationErrorToast: SignOnErrorCode | undefined; }, tags: "Submitting sign-on form", }, actors: { "Fetch user data": fetchUserData, "Sign out": signOut, "Sign in": signIn, "Sign up": signUp, }, actions: { "Clear user data in context": assign({ userData: null, }), "Clear authentication error toast in context": assign({ authenticationErrorToast: undefined, }), },}).createMachine({ id: "Authentication", context: { userData: null, authenticationErrorToast: undefined, }, initial: "Checking if user is initially authenticated", states: { "Checking if user is initially authenticated": { invoke: { src: "Fetch user data", onDone: [ { guard: ({ event }) => event.output !== null, target: "Authenticated", actions: assign({ userData: ({ event }) => event.output, }), }, { target: "Not authenticated", }, ], onError: { target: "Not authenticated", }, }, }, Authenticated: { initial: "Idle", states: { Idle: { description: "The state in which an authenticated user will be most of the time. This is where you handle things a user can only do authenticated.", on: { "sign-out": { target: "Signing out", }, }, }, "Signing out": { invoke: { src: "Sign out", onDone: { target: "Signed out", actions: "Clear user data in context", }, onError: { target: "Idle", /** * You may display a toast to indicate that we couldn't sign out the user. */ actions: [] } }, }, "Signed out": { type: "final", }, }, onDone: { target: "Not authenticated", }, }, "Not authenticated": { entry: "Clear authentication error toast in context", initial: "Idle", states: { Idle: { on: { "sign-in": { target: "Signing in", }, "sign-up": { target: "Signing up", }, "switching sign-on page": { actions: "Clear authentication error toast in context", }, }, }, "Signing in": { tags: "Submitting sign-on form", invoke: { src: "Sign in", input: ({ event }) => { assertEvent(event, "sign-in");
return { username: event.username, password: event.password, }; }, onDone: [ { guard: ({ event }) => event.output.success === true, target: "Successfully signed on", actions: assign({ userData: ({ event }) => { if (event.output.success !== true) { throw new Error( "Expect to reach this action when output.success equals true" ); }
return event.output.userData; }, }), }, { target: "Idle", actions: assign({ authenticationErrorToast: ({ event }) => { if (event.output.success !== false) { throw new Error( "Expect to reach this action when output.success equals false" ); }
return event.output.error; }, }), }, ], onError: { target: "Idle", actions: assign({ authenticationErrorToast: "unknown error", }), }, }, }, "Signing up": { tags: "Submitting sign-on form", invoke: { src: "Sign up", input: ({ event }) => { assertEvent(event, "sign-up");
return { username: event.username, password: event.password, }; }, onDone: [ { guard: ({ event }) => event.output.success === true, target: "Successfully signed on", actions: assign({ userData: ({ event }) => { if (event.output.success !== true) { throw new Error( "Expect to reach this action when output.success equals true" ); }
return event.output.userData; }, }), }, { target: "Idle", actions: assign({ authenticationErrorToast: ({ event }) => { if (event.output.success !== false) { throw new Error( "Expect to reach this action when output.success equals false" ); }
return event.output.error; }, }), }, ], onError: { target: "Idle", actions: assign({ authenticationErrorToast: "unknown error", }), }, }, }, "Successfully signed on": { type: "final", }, }, onDone: { target: "Authenticated", }, }, },});import { css } from "../../../styled-system/css";import { useActorRef, useSelector } from "@xstate/react";import { authenticationMachine, type SignOnErrorCode } from "./machine";import type { ActorOptions, ActorRefFrom, AnyActorLogic } from "xstate";import { input } from "./recipes";import { useEffect, useState } from "react";import { grid } from "../../../styled-system/patterns";
interface Props { actorOptions: ActorOptions<AnyActorLogic> | undefined;}
export function Demo({ actorOptions }: Props) { const actorRef = useActorRef(authenticationMachine, actorOptions); const screenToRender = useSelector(actorRef, (state) => { if (state.matches("Checking if user is initially authenticated")) { return "loading" as const; }
if (state.matches("Authenticated")) { return "authenticated" as const; }
if (state.matches("Not authenticated")) { return "not authenticated" as const; }
throw new Error( `Reached an unreachable state: ${JSON.stringify(state.value)}` ); });
return ( <div className={css({ minH: "96", display: "grid" })}> {screenToRender === "loading" ? ( <LoadingUserState /> ) : screenToRender === "not authenticated" ? ( <SignOnForm actorRef={actorRef} /> ) : ( <Dashboard actorRef={actorRef} /> )} </div> );}
function LoadingUserState() { return ( <div className={css({ bg: "gray.100", display: "flex", justifyContent: "center", alignItems: "center", my: "-12", px: "4", })} > <div className={css({ px: "8", py: "6", display: "flex", alignItems: "center", flexDirection: "column", bg: "white", shadow: "lg", rounded: "md", })} > <p className={css({ fontSize: "md" })}>Loading user data</p>
<div className={css({ mt: "2" })}> <span className={css({ animation: "spin", display: "flex", alignItems: "center", roundedTopRight: "md", roundedBottomRight: "md", px: "2", _focus: { ring: "none", ringOffset: "none" }, })} > <svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" className={css({ h: "5", w: "5", color: "gray.400" })} > <path strokeLinecap="round" strokeLinejoin="round" d="M16.023 9.348h4.992v-.001M2.985 19.644v-4.992m0 0h4.992m-4.993 0 3.181 3.183a8.25 8.25 0 0 0 13.803-3.7M4.031 9.865a8.25 8.25 0 0 1 13.803-3.7l3.181 3.182m0-4.991v4.99" /> </svg> </span> </div> </div> </div> );}
function SignOnForm({ actorRef,}: { actorRef: ActorRefFrom<typeof authenticationMachine>;}) { /** * Usually you would use a JS router but we don't have one here! */ const [form, setForm] = useState<"sign in" | "sign up">("sign in");
const isSubmitting = useSelector(actorRef, (state) => state.hasTag("Submitting sign-on form") );
const [validationError, setValidationError] = useState<string | undefined>( undefined ); const serverError = useSelector( actorRef, (state) => state.context.authenticationErrorToast );
useEffect(() => { /** * Clear the toast when switching to the other authentication page. * * In our case, listening to changes on form state is an easy way * to clear the toast. */ return () => { actorRef.send({ type: "switching sign-on page", });
setValidationError(undefined); }; }, [form]);
function formatServerError(error: SignOnErrorCode) { switch (error) { case "unknown error": { return "An unknown error occured, please try again later."; } case "duplication": { return "The username you selected is already attributed to a user."; } case "invalid credentials": { return "The credentials you submitted are not valid."; } default: { throw new Error( `Unknown error: ${error}. Please provide a pretty message for it.` ); } } }
return ( <div className={css({ display: "flex", flexDirection: "column", justifyContent: "center", w: "full", maxW: { base: "full", sm: "sm" }, mx: "auto", px: "4", })} > <h2 className={css({ textAlign: "center", fontSize: "2xl", fontWeight: "bold", color: "gray.900", })} > {form === "sign in" ? "Sign in" : "Sign up"} </h2>
{validationError !== undefined || serverError !== undefined ? ( <div className={css({ rounded: "md", bgColor: "red.50", p: "4", mt: "8" })} > <div className={css({ display: "flex" })}> <div className={css({ flexShrink: "0" })}> <svg className={css({ h: "5", w: "5", color: "red.400" })} viewBox="0 0 20 20" fill="currentColor" aria-hidden="true" > <path fill-rule="evenodd" d="M10 18a8 8 0 100-16 8 8 0 000 16zM8.28 7.22a.75.75 0 00-1.06 1.06L8.94 10l-1.72 1.72a.75.75 0 101.06 1.06L10 11.06l1.72 1.72a.75.75 0 101.06-1.06L11.06 10l1.72-1.72a.75.75 0 00-1.06-1.06L10 8.94 8.28 7.22z" clip-rule="evenodd" /> </svg> </div> <div className={css({ ml: "3" })}> <h3 className={css({ fontSize: "sm", lineHeight: "sm", fontWeight: "medium", color: "red.800", })} > There was an error with your submission </h3> <div className={css({ mt: "2", fontSize: "sm", lineHeight: "sm", color: "red.700", })} > <p> {validationError !== undefined ? validationError : serverError !== undefined ? formatServerError(serverError) : null} </p> </div> </div> </div> </div> ) : null}
<form key={form} onSubmit={(e) => { e.preventDefault();
const formData = new FormData(e.currentTarget); const username = formData.get("username"); const password = formData.get("password");
if ( typeof username !== "string" || typeof password !== "string" || username.length === 0 || password.length === 0 ) { setValidationError("Username and password must be defined");
return; }
if (form === "sign in") { actorRef.send({ type: "sign-in", username, password, }); } else if (form === "sign up") { actorRef.send({ type: "sign-up", username, password, }); } }} className={css({ mt: "8", "& > *": { mt: "6", _first: { mt: "0" } }, })} > <div> <label htmlFor="username" className={css({ display: "block", fontSize: "sm", fontWeight: "medium", color: "gray.900", })} > Username </label>
<div className={css({ mt: "2" })}> <input id="username" name="username" type="text" className={input()} /> </div>
<p className={css({ mt: "2", fontSize: "sm", color: "gray.500" })}> {form === "sign up" ? `Any username is valid unless it's "XState".` : "Any username is valid."} </p> </div>
<div> <label htmlFor="password" className={css({ display: "block", fontSize: "sm", fontWeight: "medium", color: "gray.900", })} > Password </label>
<div className={css({ mt: "2" })}> <input id="password" name="password" type="password" className={input()} /> </div>
<p className={css({ mt: "2", fontSize: "sm", color: "gray.500" })}> {form === "sign in" ? 'Any password is valid if it contains 2 characters or more, e.g. "Test".' : "Any password is valid."} </p> </div>
<button type="submit" className={css({ w: "full", display: "flex", justifyContent: "center", rounded: "md", bg: "gray.900", color: "white", px: "2", py: "1", fontSize: "sm", fontWeight: "semibold", shadow: "sm", cursor: "pointer", _hover: { bg: "gray.800" }, animation: isSubmitting === true ? "pulse" : undefined, animationDuration: "500ms", })} > Submit </button> </form>
<p className={css({ mt: "10", textAlign: "center", fontSize: "sm", color: "gray.500", })} > {form === "sign in" ? "Don't have an account yet?" : "Already have an account?"}{" "} <button className={css({ fontWeight: "semibold", cursor: "pointer", color: "gray.900", _hover: { color: "gray.800" }, })} onClick={() => { setForm(form === "sign in" ? "sign up" : "sign in"); }} > {form === "sign in" ? "Sign up now!" : "Sign in now!"} </button> </p> </div> );}
function Dashboard({ actorRef,}: { actorRef: ActorRefFrom<typeof authenticationMachine>;}) { const userData = useSelector(actorRef, (state) => { const ud = state.context.userData;
if (ud === null) { throw new Error( "User data must be defined when rendering the authenticated dashboard" ); }
return ud; });
return ( <div className={grid({ minH: "full", gridTemplateRows: "auto 1fr", gap: 0, my: "-12", })} > <nav className={css({ borderBottomWidth: "1px", borderColor: "gray.200", bgColor: "white", })} > <div className={css({ ml: "auto", mr: "auto", maxW: "7xl", pl: "4", pr: "4", sm: { pl: "6", pr: "6" }, lg: { pl: "8", pr: "8" }, })} > <div className={css({ display: "flex", h: "16", justifyContent: "center", })} > <div className={css({ display: "flex" })}> <div className={css({ display: "flex", flexShrink: "0", alignItems: "center", })} > <span className={css({ fontWeight: "medium", fontSize: "lg" })}> Example with{" "} <span className={css({ color: "red.700" })}>XState</span> </span> </div> </div> </div> </div> </nav>
<div className={css({ pt: "10", pb: "10", bg: "gray.50", display: "flex", flexDirection: "column", justifyContent: "center", alignItems: "center", })} > <h2 className={css({ fontSize: "xl", fontWeight: "bold" })}> Welcome, {userData.username}! </h2>
<button type="button" className={css({ mt: "4", display: "flex", justifyContent: "center", rounded: "md", bg: "red.600", color: "white", px: "2", py: "1", fontSize: "sm", fontWeight: "semibold", shadow: "sm", cursor: "pointer", _hover: { bg: "red.500" }, })} onClick={() => { actorRef.send({ type: "sign-out", }); }} > Sign out </button> </div> </div> );}Get news from XState by Example
Sign up for the newsletter to be notified when more machines or an interactive tutorial are released. I respect your privacy and will only send emails once in a while.