Auth0 Single Page App SDK

The Auth0 Single Page App SDK is a new JavaScript library for implementing authentication & authorization in single page apps (SPA) with Auth0. It provides a high-level API and handles a lot of the details so you can secure SPAs using best practices while writing less code.

The Auth0 SPA SDK handles grant and protocol details, token expiration and renewal, as well as token storage and cacheing. Under the hood, it implements Universal Login and the Authorization Code Grant Flow with PKCE.

The library is hosted on GitHub and you can find the API documentation here.

If you're planning on migrating a SPA that uses auth0.js to the Auth0 SPA SDK, check out Migrate from Auth0.js to the Auth0 Single Page App SDK for examples.

If you encounter some problems or errors when using the new JavaScript SDK, please check out the FAQ to see if your issue is covered there.

Configure Auth0 APIs


You have a few options for using auth0-spa-js in your project:

From the CDN:

Using npm:

Using yarn:

Create an API

Getting Started

Define Permissions

Create the client

First, you'll need to create a new instance of Auth0Client client object. Create the Auth0Client instance before rendering or initializing your application. You should only have one instance of the client.

Validate Access Tokens

Login and Get User Info

Next, create a button users can click to start logging in.

Listen for click events on the button you created. When the event occurs, use the desired login method to authenticate the user (loginWithPopup() in this example). After the user is authenticated, you can retrieve the user profile with the getUser() method.

Install dependencies

Call an API

To call your API, start by getting the user's Access Token. Then use the Access Token in your request. In this example the getTokenSilently method is used to retrieve the Access Token.

Configure the middleware


Finally, add a button users can click to logout.

Protect API Endpoints


jQuery is used in the following examples.

Login with Popup

Login with Redirect

Login with Redirect Callback

Get Access Token with no interaction

Get Access Token with Popup

Get Access Token for a different audience

Get User

Get ID Token Claims

Logout (default)

Logout with no Client ID