HaapiStepper
HaapiStepper is a React UI-less component designed to handle complex, multi-step authentication HAAPI workflows. It provides a declarative way to manage HAAPI (HTTP Authentication API) flows, abstracting away the complexity of step-by-step user interactions, HTTP requests, and state transitions.
Key features
- Step Management: Automatically handles navigation between authentication steps
- Automatic Redirections: Seamlessly handles server-driven redirections without exposing them to consumers
- Automatic Polling: Polling steps are exposed to allow custom UI, but polling requests are handled automatically based on the configured interval
- Automatic Continue Same: Continue Same responses are automatically merged with the current step without exposing them to consumers
- State Management: Centralizes loading, error, and current step state.
- Action Processing: Supports multiple action types (forms, links, client operations).
- Error Handling: Provides comprehensive error state management with user feedback.
- Type Safety: Offers full TypeScript support with strict typing.
Configuration modes
The HaapiStepper needs a bootstrap configuration — at minimum an initialUrl
(where the flow starts) and a haapi driver config — supplied in one of two ways:
-
Served mode (default) — the stepper runs inside a server-rendered shell (e.g. the Curity HAAPI React App) that injects the config onto
window.__CONFIG__before the SPA boots. No prop is required:<HaapiStepper>...</HaapiStepper> -
Standalone (library) mode — when consumed as a library, or in any context without
window.__CONFIG__, the consumer supplies the bootstrap explicitly viaconfig.bootstrap:import type { HaapiStepperBootstrapConfig } from './haapi-stepper.types';const bootstrap: HaapiStepperBootstrapConfig = {initialUrl: 'https://idsvr.example.com/oauth/v2/oauth-authorize/...',haapi: { ... }, // HAAPI web-driver config};<HaapiStepper config={{ bootstrap }}>...</HaapiStepper>
Only one HAAPI configuration is supported per page load — the underlying driver is a process-global singleton; switching
bootstrap.haapimid-page throws (seeuseHaapiFetch).
Both modes can be combined with config overrides for other tunables
(e.g. pollingInterval, bankIdAutostart); see HaapiStepperConfigfor the full set.
HAAPI stepper API
Child components can access the following API via the useHaapiStepper() hook:
currentStep: HaapiStepperStep | null- The current authentication step (null during initial load)history: HaapiStepperHistoryEntry[]- Complete history of all steps and actions taken, accessible viahistory[index]loading: boolean- Whether the stepper is currently loading (initial load or transitioning between steps)error: HaapiStepperError | null- Current error state (app errors or input validation errors)nextStep: HaapiStepperAPINextStep- Function to navigate to the next step by submitting an action or link
Usage
Wrap your application or authentication flow with this provider to enable HAAPI authentication:
Built-in HAAPI flow example using HaapiStepperStepUI:
Partial customization example with custom links and default HAAPI UI components for the rest:
Full customization example:
Conditional customization example:
Error handling
The HaapiStepper implements a comprehensive error-handling strategy with multiple layers to ensure
robust error management and an optimal user experience.
Error state management
The HAAPI stepper manages errors according to two categories: HAAPI errors and non-HAAPI errors.
HAAPI errors
HAAPI errors are HAAPI ProblemSteps (HAAPI flow steps of type HAAPI_PROBLEM_STEPS).
HAAPI errors are classified into two groups:
HaapiStepperError
├── app (Unrecoverable)
│ ├── UnrecoverableProblemStep
│ ├── UnexpectedProblemStep
│ └── CompletedWithErrorStep
└── input (Recoverable)
├── ValidationProblemStep
└── IncorrectCredentialsProblemStep
AppError (Unrecoverable)
- Description: Errors that cannot be resolved in the step (action form) where they originated,
so they need to be handled at the application level (e.g., show a dedicated error page) and/or
require restarting the stepper flow.
- Like any other problem, they might include
UserMessagesandLinksthat need to be displayed to the user.
- Like any other problem, they might include
- Types:
UnrecoverableProblemStep,UnexpectedProblemStep,CompletedWithErrorStep. - Examples: Authentication failed, too many attempts, session mismatches.
- Handling: Displayed as toast notifications and/or a problem step UI.
InputError (Recoverable)
- Description: Errors that can be resolved in the step (form) where they originated.
- They should be handled while keeping the step's UI, providing the problem's
UserMessagesandLinks, and allowing the user to correct the input and resubmit.
- They should be handled while keeping the step's UI, providing the problem's
- Types:
ValidationProblemStep,IncorrectCredentialsProblemStep. - Examples: Invalid form fields, incorrect credentials.
- Handling: Displayed below relevant input fields for immediate correction.
HaapiStepperError interface:
interface HaapiStepperError {
app?: AppError | null;
input?: InputError | null;
}
HAAPI errors are provided by the useHaapiStepper hook:
const { error } = useHaapiStepper();
const { app, input } = error || {};
HAAPI error utils
Two UI components render these errors — documented under API Reference → UI Components:
HaapiStepperErrorNotifier (toast notifications for AppErrors, and optionally InputErrors) and
HaapiStepperFormValidationErrorInputWrapper (field-level display of validation InputErrors).
Non-HAAPI errors
Non-HAAPI errors are network, backend, and frontend errors that are not handled at lower levels.
The HaapiStepper throws them as JavaScript errors so they can be caught by the nearest React error
boundary.