The @auth0/auth0-auth-js library provides API's to interact with Auth0's Authentication Api's from withing JavaScript applications.

It contains methods to build Authorization URLs and Logout URLs, implement Backchannel Logout, verifying a logout token, and to request Tokens using the Authorization Code Flow and Refresh Tokens, as well as retrieving a Token for a Connection.

📚 Documentation - 🚀 Getting Started - 💬 Feedback

• Examples - examples for your different use cases.
• Docs Site - explore our docs site and learn more about Auth0.

npm i @auth0/auth0-auth-js

This library requires Node.js 20 LTS and newer LTS versions.

Create an instance of the AuthClient. This instance will be imported and used anywhere we need access to the authentication methods.

import { AuthClient } from '@auth0/auth0-auth-js';

const authClient = new AuthClient({
  domain: '<AUTH0_DOMAIN>',
  clientId: '<AUTH0_CLIENT_ID>',
  clientSecret: '<AUTH0_CLIENT_SECRET>',
});

The AUTH0_DOMAIN, AUTH0_CLIENT_ID, and AUTH0_CLIENT_SECRET can be obtained from the Auth0 Dashboard once you've created an application.

Build the URL to redirect the user-agent to to request authorization at Auth0.

const authClient = new AuthClient({
  // ...
  authorizationParams: {
    redirect_uri: '<AUTH0_REDIRECT_URI>',
  },
  // ...
});

The `AUTH0_REDIRECT_URI` is needed to tell Auth0 what URL to redirect back to after successfull authentication, e.g. `http://localhost:3000/auth/callback`.

[!IMPORTANT]
You will need to register the AUTH0_REDIRECT_URI in your Auth0 Application as an Allowed Callback URL via the Auth0 Dashboard.

In order to build the authorization URL, call buildAuthorizationUrl(), and redirect the user to the returned URL.

const { authorizationUrl, codeVerifier } = await authClient.buildAuthorizationUrl();

• authorizationUrl: The URL to redirect the user to.
• codeVerifier: The code verifier that should be stored and used when exchanging the code for tokens.

Build the URL to redirect the user-agent to to request logout at Auth0.

const logoutUrl = authClient.buildLogoutUrl({
  returnTo: '<AUTH0_LOGOUT_RETURN_URL>',
});

[!IMPORTANT]
You will need to register the AUTH0_LOGOUT_RETURN_URL in your Auth0 Application as an Allowed Logout URL via the Auth0 Dashboard.

The AUTH0_LOGOUT_RETURN_URL is needed to tell Auth0 what URL to redirect back to after successfully logging out, e.g. http://localhost:3000.

A full overview of examples can be found in EXAMPLES.md.

We appreciate feedback and contribution to this repo! Before you get started, please read the following:

• Auth0's general contribution guidelines
• Auth0's code of conduct guidelines
• This repo's contribution guide

To provide feedback or report a bug, please raise an issue on our issue tracker.

Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.

Auth0 is an easy to implement, adaptable authentication and authorization platform. To learn more checkout Why Auth0?

This project is licensed under the MIT license. See the LICENSE file for more info.