React environment variable reference

REST API

REACT_APP_REST_URL

Specifies the path to REST services. You must set this variable as it is needed by the Authentication service. When you specify a path, it can be a URL to a server, or a relative path in the local deployment server if you are using a proxy. For the Universal Access application, it is http{s}://<ServerHostName>:<Port>/Rest. For example:

REACT_APP_REST_URL=https://192.0.2.4:9044/Rest

Where <ServerHostName> and <Port> are the hostname and port number of the server where the REST services are deployed.

This variable is also used by the default Redux modules and modules that are generated by IBM® Social Program Management Web Development Accelerator to call REST APIs. For example:

RestService.get(${REACT_APP_REST_URL}/v1/users)

For development with the mock server, you can use local host without /Rest. For example:

REACT_APP_REST_URL=http://localhost:3080

For more information, see The mock server API service.

User session

REACT_APP_LOGOUT_END_POINT

Specifies the logout endpoint for the application. By default, /logout.

The strategy for user session logout changed to align with using the SPM REST infrastructure APIs. Now when logging out, the /logout endpoint is called instead of the old logout.jsp endpoint.

REACT_APP_LOGOUT_END_POINT=/logout

If your version of SPM does not support the new /logout endpoint, you must set the old logout.jsp endpoint. The /logout endpoint is supported in 7.0.10.0 iFix 4 and 7.0.11.0 iFix 1 or later.

REACT_APP_LOGOUT_END_POINT=logout.jsp

REACT_APP_SESSION_INACTIVITY_TIMEOUT

Specifies the time in seconds before a user session expires. The value must match the session timeout that is configured on the server, by default, 30 minutes, or 1800 seconds.

REACT_APP_SESSION_INACTIVITY_TIMEOUT=1800

For more information, see Configuring user session timeout.

REACT_APP_SESSION_PING_INTERVAL

Specifies the time in seconds between each time that the user’s current session is checked for security purposes to see whether they are actively using the application or not. By default, the value is 60. For example:

REACT_APP_SESSION_PING_INTERVAL=60

REACT_APP_SESSION_TIMEOUT_REDIRECT_URL

Specifies the URL that the application redirects to when a user session times out. By default, /login. For example:

REACT_APP_SESSION_TIMEOUT_REDIRECT_URL=/login

Security

You can specify Cross-Site Request Forgery (CSRF) protection settings and the logout endpoint for your application. For more information, see Enabling Cross-Site Request Forgery (CSRF) protection for Universal Access.

REACT_APP_REQUIRE_CSRF_TOKEN

Specifies whether a CSRF token is needed before the application can make API requests. If enabled, and if no CSRF token is stored, the application attempts to get a CSRF token before making a request. It takes a Boolean value, and defaults to false if not present. For example, to enable CSRF protection:

REACT_APP_REQUIRE_CSRF_TOKEN=true

REACT_APP_CSRF_ALLOWLIST

Specifies a comma-separated list of URL suffixes to allow, typically where enabling CSRF protection might cause an infinite loop. The default value is empty. For example:

REACT_APP_CSRF_ALLOWLIST=/logon.jsp,/logout.jsp,/j_security_check

Locale

REACT_APP_INTL_LOCALE

Specifies a locale to set the correct regional format for dates and numbers in the application. The value must align with the curam.environment.default.locale value that is set in your regional settings on the server, see The Application.prx file.

The format of the locale is xx-XX, for example. en-US, rather than en_US, which is the format on the server. For example, to set the US locale:

REACT_APP_INTL_LOCALE=en-US

Unauthorized redirect

REACT_APP_UNAUTHORIZED_REDIRECT_URL

Specifies the URL that the application redirects to when an unauthorized redirect occurs. By default, /login.

REACT_APP_UNAUTHORIZED_REDIRECT_URL=/login

Feature toggles

You can enable the display of specific features in the application.

REACT_APP_FEATURE_LIFE_EVENTS_ENABLED

Specifies whether to display the Life Events feature in the application with a Boolean value. It is enabled by default. For example, to enable Life Events:

REACT_APP_FEATURE_LIFE_EVENTS_ENABLED=true

For more information, see Enabling and disabling life events.

REACT_APP_FEATURE_APPEALS_ENABLED

Specifies whether to display the Appeals feature in the application with a Boolean value. It is disabled by default. For example:

REACT_APP_FEATURE_APPEALS_ENABLED=false

For more information, see Enabling and disabling appeals.

REACT_APP_FEATURE_VERIFICATIONS_ENABLED

Specifies whether to display the Citizen Verifications feature in the application with a Boolean value. It is disabled by default. For example, to enable Citizen Verifications:

REACT_APP_FEATURE_VERIFICATIONS_ENABLED=true

For more information, see Enabling or disabling verifications.

Connectivity handler

REACT_APP_CONNECTIVITY_INTERVAL

Specifies the interval in milliseconds between polling calls to check internet connectivity. By default, the system_configuration API is pinged every 5 seconds.

REACT_APP_CONNECTIVITY_INTERVAL=5000

REACT_APP_CONNECTIVITY_POLLING_ENABLED

(Development only) Specifies whether to poll to check internet connectivity. For development purposes, you can disable polling by setting the value to false.

REACT_APP_CONNECTIVITY_POLLING_ENABLED=true

You can customizing connectivity handling, for more information, see Implementing a connectivity handler.

User account status polling

To check whether a user has a standard or linked account when they submit an application, you can poll the user's account type to check for updates to their account status. This feature can be useful when an application is set up to automatically create linked accounts, such as in test or demonstration environments.

REACT_APP_USER_ACCOUNT_POLLING

For example:

REACT_APP_USER_ACCOUNT_POLLING={“api”: “/v1/ua/user_account_login”, “timeout”: “0", “interval”: “1000"}

Where:

• api

  Specifies a URL to call to check the user account type. By default, /v1/ua/user_account_login.

• timeout

  Specifies the timeout in milliseconds for the user account type polling to stop. By default, the timeout is set to 0, which disables user account type polling. Five seconds is a sensible period to allow for asynchronous processing to finish while not polling indefinitely.

• interval

  Specifies the interval in milliseconds between polling calls to check the user account type. By default, 1 second.

Application-specific verification polling

When a citizen submits an application, there is a delay while verifications are generated for that application. You can enable verification polling to handle this delay, allowing the page to wait and present the verifications when they become available. You can set the polling on (default) or off, and adjust the interval and duration. For more information about verification settings, see Customizing verifications.

REACT_APP_VERIFICATION_POLLING

For example:

REACT_APP_VERIFICATION_POLLING={"api": "/v1/ua/submitted_applications", "timeout": "10000", "interval": "1000"}

Where:

• api

  Specifies a URL to call to check the submitted applications for verifications. By default, /v1/ua/submitted_applications.

• timeout

  Specifies the timeout in milliseconds for the polling calls to stop. By default, 10 second.

• interval

  Specifies the interval in milliseconds between polling calls. By default, 1 second.

Document uploads

You can specify the allowed file formats and maximum size for the documents that users can upload.

REACT_APP_DOC_UPLOAD_FILE_FORMATS

Specifies the file name extension, including the dot separator, of the allowed file types for document uploads in a comma-separated list. By default, if you do not set this environment variable, the allowed file types are JPG, JPEG, PNG, TIFF, and PDF. To change the default file types, set this environment variable. For example:

REACT_APP_DOC_UPLOAD_FILE_FORMATS=".png,.jpg,.pdf"

If you specify an invalid file extension string, all file types are denied.

For more information, see Customizing file formats and size limits for file uploads.

REACT_APP_DOC_UPLOAD_SIZE_LIMIT

Specifies the maximum size limit for uploaded documents. By default, the maximum file size is 5 MB. To change the default file size, set this environment variable. For example:

REACT_APP_DOC_UPLOAD_SIZE_LIMIT=6

For more information, see Customizing file formats and size limits for file uploads.

REACT_APP_DOC_UPLOAD_LEAD_DAYS

Specifies a lead time in days to subtract from due dates to give caseworkers time to process applications before the actual due dates. This earlier date is then displayed to citizens in the application.

The default value of REACT_APP_DOC_UPLOAD_LEAD_DAYS is 0 days. The value that you set is converted to its absolute value and subtracted from the verification due date. For example, -1 and 1 have the same effect.

For example:

REACT_APP_DOC_UPLOAD_LEAD_DAYS=-7

For more information, see Customizing a file upload lead time for verifications.

Social Program Management Web Development Accelerator

For more information, see Generating Universal Access Redux modules.

WDA_MODULES_OUTPUT

(Development only) Specifies the directory to place module files generated by the IBM Social Program Management Web Development Accelerator, by default src/modules/generated. For example:

WDA_MODULES_OUTPUT=src/modules/generated

WDA_MODULES_CONFIG

(Development only) Specifies a JSON file in which to save the module configuration that you define, by default modules_config.json. This file contains the metadata that is used to generate the code. For example:

WDA_MODULES_CONFIG=src/modules/modules_config.json

It is recommended that you add only this file to source control.

WDA_SPM_SWAGGER

(Development only) Specifies the location of a copy of the IBM Cúram Social Program Management Swagger specification that defines which REST APIs are available to the Social Program Management Web Development Accelerator. For example:

WDA_SPM_SWAGGER=spm_swagger.json

You can copy this file from a running IBM Cúram Social Program Management instance at http://hostname:port/Rest/api/definitions/v1.

Application authentication

The default implementation for authentication is a Java™ Authentication and Authorization Service (JAAS) authentication method. If the JAAS authentication method does not suit, you can change to another authentication method, such as Single sign-on (SSO). Ensure that you set any related environmental variables where needed. For more information, see Universal Access authentication.

The following authentication methods are provided:

REACT_APP_AUTH_METHOD

• JAASAuthentication

  (Default) No further environmental variables needed.

• DevAuthentication

  (Development only) Specifies simple authentication during development that bypasses proper authentication (JAAS or SSO) and accepts the username dev without any password. The login process can run and allows access to the 'user account' password protected pages. If you specify simple authentication, you can set the optional user type environmental variable in Simple authentication for development.

• SSOSPAuthentication or SSOIDPAuthentication

  Specifies service-provider (SP)-initiated or identity provider (IdP)-initiated SAML 2.0 web SSO. If you set SSO authentication, you must set the related SSO environmental variables in Single sign-on (SSO) authentication.

  For example:

  REACT_APP_AUTH_METHOD=SSOIDPAuthentication

Simple authentication for development

(Development only) If you are using simple authentication for development, you can set the following environmental variable. For more information, see Customizing the authentication method.

REACT_APP_SIMPLE_AUTH_USER_TYPE

(Development only) Specifies a user type during development so you can test functionality for those users.

• PUBLIC, a public citizen account user.
• GENERATED, an anonymous generated account user.
• STANDARD, a standard registered account user.
• LINKED, a linked account user.
• null, no user type.

For more information about user types, see User account types.

For example, to test the application for a linked user:

REACT_APP_SIMPLE_AUTH_USER_TYPE=LINKED

Single sign-on (SSO) authentication

REACT_APP_SAMLSSO_ENABLED

Specifies whether SSO authentication is used in the application. By default, the IdP-initiated flow of the SAML SSO browser profile is used. A Boolean value is accepted. For example, to handle the SAML SSO browser profile in the application:

REACT_APP_SAMLSSO_ENABLED=true

REACT_APP_SAMLSSO_SP_MODE

(SP-initiated flow only) Specifies whether to use the SP-initiated flow of the SAML SSO Browser profile. By default, the default IdP-initiated flow of the SAML SSO Browser profile and this setting overrides it. A Boolean value is accepted. For example:

REACT_APP_SAMLSSO_SP_MODE=true

REACT_APP_SAMLSSO_USERLOGIN_URL

Specifies the IdP login page URL, that is, the URL where the application sends the user login credentials. For example:

REACT_APP_SAMLSSO_USERLOGIN_URL=<IdP_URL>/pkmslogin.form

REACT_APP_SAMLSSO_SP_ACS_URL

Specifies the ACS application server URL, that is, the service provider URL where the application sends the SAML response. For example:

REACT_APP_SAMLSSO_SP_ACS_URL=<ACS_URL>/samlsps/acs

REACT_APP_SAMLSSO_USERLOGOUT_URL

Specifies the IdP logout page URL, that is, the URL where the application sends the user logout request. For example:

REACT_APP_SAMLSSO_USERLOGOUT_URL=<IdP_URL>/pkmslogout

Intelligent Evidence Gathering (IEG)

For more information, see IEG in the Universal Access Responsive Web Application.

REACT_APP_DISPLAY_REQUIRED_LABEL

Specifies whether to indicate the required form fields or the optional form fields. As most questions in a typical form are required, indicating the optional questions rather than the required questions typically results in a less cluttered form. By default, optional fields are highlighted in IEG forms. For example, to display labels for required fields only:

REACT_APP_DISPLAY_REQUIRED_LABEL=true

REACT_APP_DATE_FORMAT

Specifies the date format for form fields, by default, MM/DD/YYYY. The valid values are dd-mm-yyyy and mm-dd-yyyy. If you omit the environment variable or set an invalid value, the default date format is used. For example, to change the date format to DD/MM/YYYY:

REACT_APP_DATE_FORMAT=dd-mm-yyyy

Note: Specific globalization considerations apply to the date format when it is used in hint text and messages. Ensure that you have the same date format in the REACT_APP_DATE_FORMAT environment variable, and in theDateAdapter_DateFormat and Errors_date messages in the intelligent-evidence-gathering-locales package.

REACT_APP_PHONE_MASK_FORMAT

Specifies a phone number mask for a form field in a question. The value must be in ISO 3166-1 alpha-2 code format, for example, US | CA | GB | DE. In your IEG script, you must add the wds-js-input-mask-phone class name to the question.

REACT_APP_PHONE_MASK_FORMAT=US

Where country is the locale that you want to use.

REACT_APP_PHONE_MASK_DELIMITER

Specifies a custom delimiter for phone numbers. For example, to convert 1 636 5600 5600 to 1-636-5600-5600:

REACT_APP_PHONE_MASK_DELIMITER=-

REACT_APP_PHONE_MASK_LEFT_ADDON

Specifies a fixed country code for phone number fields. For example, to convert 1-636-5600-5600 to +1-636-5600-5600:

REACT_APP_PHONE_MASK_LEFT_ADDON=+

REACT_APP_CURRENCY_MASK_LEFT_ADDON

Specifies a currency symbol to display before the amount. If you omit this value, US dollars are displayed by default. For example, to specify Euro:

REACT_APP_CURRENCY_MASK_LEFT_ADDON=$

REACT_APP_CURRENCY_MASK_RIGHT_ADDON

Specifies a currency symbol to display after the amount. If both left and right values are set, left takes precedence. For example, to specify Euro for Luxemburg:

REACT_APP_CURRENCY_MASK_RIGHT_ADDON=€