Documentation
React
Browser UI that delegates OAuth to a confidential backend.
Warning
Do not embed
YOUR_CLIENT_SECRET in a React SPA. Use a BFF (backend-for-frontend) pattern.SignInButton.tsx
// Start login from the SPA — backend holds the secret
async function signIn() {
window.location.href = "/api/auth/login";
}
function SignInButton() {
return <button onClick={signIn}>Sign in with Radiant Auth</button>;
}pattern.ts
// Backend (Express/Hono/Workers) still performs:
// 1) PKCE + authorize redirect
// 2) code exchange with YOUR_CLIENT_SECRET
// 3) Set httpOnly session cookie
// The React app only calls /api/auth/login and /api/auth/logout