I’m implementing a React web application and the choice of IDP wont be made for a while. I need to implement authentication now and use Azure B2C until a final determination is made regarding IDP.
What ever the final IDP is, it will support the OAuth2/OIDC so shouldn’t this work regardless of the specific IDP?
Is there a better option for integrating OIDC authentication with a React application?
The most portable / standards based / widely used library for an SPA is almost definitely the oidc client library:
The Okta libraries are also standards based and not a bad choice. Unfortunately quite a few of the major vendors do not support OIDC in the standard way.
You will run into some annoyances with Azure AD and SPAs though – Authorization Code Flow (PKCE) and CORS issues.
OIDC client will probably give you the best options for working around problem areas. Here is the type of code needed to integrate the library – the UserManager class has quite a few useful settings that give you control, as in this class of mine.