How to Use Hosted Pages with Auth0

Auth0 provides you the ability to create beautiful hosted pages to which you can redirect to provide functionality for your users. These pages include Login, Password Reset, Guardian Multifactor, and Error pages.

Security Considerations

Using Auth0 hosted pages for your authentication, rather than externally hosting them, provides seamless XSRF protection, preventing third party impersonation or hijacking of sessions. The use of hosted pages provides a significantly easier to implement, secure solution for authentication, allowing you to worry about other things, like the security of your application.

How to Customize Hosted Pages

You can customize your hosted pages from within your Auth0 Dashboard. See the following pages for specific instructions about each type of hosted page:

How to Use Version Control to Manage Your Hosted Pages

It is possible to use version control software to manage the source code of the hosted pages discussed here. Auth0 provides extensions for the following tools which can be used to manage the source of your hosted pages:

You should take a look at the documentation for the extension that you would like to use, to learn the details about implementing source control for your hosted pages with that specific extension. However, in general, deploying hosted pages with these tools will require just a few steps:

  1. Create a folder within your version control repository with the appropriate name (pages).
  2. Create an HTML page (login.html, password_reset.html, guardian_multifactor.html, or error_page.html).
  3. Create a JSON file (with the same name, but with the .json file extension) for each hosted page that you wish to source control. To enable the page, the JSON file would contain the following:
  "enabled": true

File Naming Example: