Identity
@granit/identity provides a framework-agnostic function to fetch the active identity
provider’s capabilities — which features (session termination, password reset, custom
attributes, user creation) the backend provider supports. @granit/react-identity wraps
this into a React context provider and a useIdentityCapabilities hook cached with
staleTime: Infinity.
This lets the UI adapt dynamically: hide the “Terminate session” button when the provider doesn’t support it, disable user creation when the backend can’t handle it.
Peer dependencies: axios, react ^19, @tanstack/react-query ^5
Package structure
Section titled “Package structure”Directory@granit/identity/ Capabilities types and fetch function (framework-agnostic)
- @granit/react-identity Identity provider, config context, capabilities hook
| Package | Role | Depends on |
|---|---|---|
@granit/identity | IdentityProviderCapabilities type, fetchIdentityCapabilities() | axios |
@granit/react-identity | IdentityProvider, useIdentityCapabilities, useIdentityConfig | @granit/identity, @tanstack/react-query, axios, react |
import { IdentityProvider } from '@granit/react-identity';import { api } from './api-client';
function App() { return ( <IdentityProvider config={{ client: api }}> <UserManagement /> </IdentityProvider> );}import { fetchIdentityCapabilities } from '@granit/identity';import type { IdentityProviderCapabilities } from '@granit/identity';
const caps = await fetchIdentityCapabilities(axiosClient, '/identity/users');if (!caps.supportsUserCreation) { // disable user creation in the UI}TypeScript SDK
Section titled “TypeScript SDK”IdentityProviderCapabilities
Section titled “IdentityProviderCapabilities”Describes the capabilities of the active identity provider (Keycloak, Entra ID, etc.).
interface IdentityProviderCapabilities { readonly providerName: string; readonly supportsIndividualSessionTermination: boolean; readonly supportsNativePasswordResetEmail: boolean; readonly supportsGroupHierarchy: boolean; readonly supportsCustomAttributes: boolean; readonly maxCustomAttributes: number; // 0 if not supported readonly supportsCredentialVerification: boolean; readonly supportsUserCreation: boolean;}| Capability | Keycloak | Entra ID | Cognito |
|---|---|---|---|
| Individual session termination | Yes | No | No |
| Native password reset email | Yes | Yes | No |
| Group hierarchy | Yes | Yes | No |
| Custom attributes | Yes (unlimited) | Yes (limited) | Yes (limited) |
| Credential verification | Yes (ROPC) | Varies | Yes |
| User creation | Yes | Yes | Yes |
fetchIdentityCapabilities(client, basePath)
Section titled “fetchIdentityCapabilities(client, basePath)”Fetches capabilities from GET {basePath}/capabilities.
function fetchIdentityCapabilities( client: AxiosInstance, basePath: string): Promise<IdentityProviderCapabilities>;React bindings
Section titled “React bindings”IdentityProvider
Section titled “IdentityProvider”Provides identity configuration to descendant components via React context.
interface IdentityConfig { readonly client: AxiosInstance; readonly basePath?: string; // default: '/identity/users' readonly queryKeyPrefix?: readonly string[]; // default: ['identity']}
interface IdentityProviderProps { readonly config: IdentityConfig; readonly children: ReactNode;}
function IdentityProvider(props: IdentityProviderProps): JSX.Element;useIdentityConfig()
Section titled “useIdentityConfig()”Returns the IdentityConfig from the nearest IdentityProvider.
Throws if called outside the provider.
function useIdentityConfig(): IdentityConfig;useIdentityCapabilities(options?)
Section titled “useIdentityCapabilities(options?)”Fetches and caches the active identity provider’s capabilities.
Cached with staleTime: Infinity — capabilities are stable for the backend deployment lifetime.
function useIdentityCapabilities(options?: { enabled?: boolean;}): UseQueryResult<IdentityProviderCapabilities>;function SessionActions({ userId }: { userId: string }) { const { data: caps } = useIdentityCapabilities();
return ( <> {caps?.supportsIndividualSessionTermination && ( <button>Terminate session</button> )} {caps?.supportsNativePasswordResetEmail && ( <button>Send password reset</button> )} </> );}buildIdentityQueryKey(config, ...segments)
Section titled “buildIdentityQueryKey(config, ...segments)”Builds consistent React Query keys for identity operations.
function buildIdentityQueryKey( config: IdentityConfig, ...segments: readonly string[]): readonly unknown[];
// Examples:buildIdentityQueryKey(config, 'capabilities');// → ['identity', 'capabilities']Public API summary
Section titled “Public API summary”| Category | Key exports | Package |
|---|---|---|
| Capabilities type | IdentityProviderCapabilities | @granit/identity |
| API function | fetchIdentityCapabilities() | @granit/identity |
| Provider | IdentityProvider, IdentityProviderProps, IdentityConfig | @granit/react-identity |
| Hooks | useIdentityCapabilities(), useIdentityConfig() | @granit/react-identity |
| Utilities | buildIdentityQueryKey() | @granit/react-identity |
See also
Section titled “See also”- Granit.Identity module — .NET identity provider abstractions, Keycloak and Cognito implementations
- Authentication — Keycloak/Cognito session that provides the JWT for identity operations
- Authorization — Permission management complements identity capabilities