The <Protected /> component lets you conditionally render UI based on the authentication state and group membership.
Use it for:
This guide assumes you’ve completed the React quickstart or the installation guide.
You should already have:
@monocloud/auth-react SDK installed<MonoCloudAuthProvider>Wrap UI that should only render for authenticated users.
import { Protected } from "@monocloud/auth-react";
export function Header() {
return (
<header>
<Protected>
<span>Welcome back</span>
</Protected>
</header>
);
}
Behavior
Use fallback to render alternate UI when the user is not authenticated.
import { Protected, SignIn } from "@monocloud/auth-react";
export function Header() {
return (
<Protected fallback={<SignIn>Sign in</SignIn>}>
<a href="/dashboard">Dashboard</a>
</Protected>
);
}
You can restrict rendering to users in specific groups.
import { Protected } from "@monocloud/auth-react";
export function AdminOnly() {
return (
<Protected groups={["admin"]}>
<button>Delete user</button>
</Protected>
);
}
How it works
fallback, if provided) when the user is not authenticatedUse onGroupAccessDenied to render alternate UI when the user is authenticated but does not belong to the required group. The callback receives the authenticated user.
Thefallbackprop is only used when the user is not authenticated and is ignored during group authorization failures.
import { Protected } from "@monocloud/auth-react";
export function AdminPanel() {
return (
<Protected
groups={["admin"]}
onGroupAccessDenied={(user) => (
<p>User {user.email} does not have access.</p>
)}
>
<section>Admin settings</section>
</Protected>
);
}
To use group-based checks:
groups to the application scopes<MonoCloudAuthProvider
tenantDomain="https://<your-domain>"
clientId="<your-client-id>"
defaultAuthParams={{ scopes: "openid profile email groups" }}
>
<App />
</MonoCloudAuthProvider>
After updating scopes, users must sign out and sign back in for the new claims to be included in their session.