We’ve rolled out a major update to two courses in our Decoupled Headless Drupal guide: Get Started with React and Drupal Together and API Authentication with JSON:API in Drupal. These updates (and a new tutorial!) bring our tutorials in line with current security best practices and modern React development tooling. Huge thanks to lead trainer, Joe Shindelar, for the heavy lift on this one.
New tutorial: Use Vite to Start a Decoupled React Application
We’ve published a new tutorial, Use Vite to Start a Decoupled React Application. Vite lets you scaffold a React application with modern tooling, instant startup, and hot module replacement. It’s a great fit for decoupled apps that talk to Drupal’s JSON:API. After creating the scaffold, you’ll port code from earlier tutorials into the new structure.
This tutorial replaces the now-archived Use create-react-app to Start a Decoupled React Application. The archived version is still available for reference, but we recommend Vite going forward.
Updates to OAuth 2 tutorials
The password grant flow has been deprecated and removed from the 6.x release of the Drupal Simple OAuth module. All our OAuth tutorials now use the authorization code + PKCE flow, the current security best practice.
Highlights of this update:
- Updated OAuth flow from password grant to authorization code + PKCE
- Added helper functions with refresh token support
- Updated code examples and screenshots
- Improved explanations of OAuth concepts
- Added React Router integration for OAuth callback handling
- Removed deprecated CSRF token requirements
Tutorials updated
We’d love your feedback as we continue keeping our tutorials up to date.
![11 Best Managed Web Hosting Providers in 2025,Sep – [Reviewed]](https://gooooood.net/wp-content/uploads/2025/09/11-best-managed-web-hosting-providers-in-2025sep-reviewed.png)
