- Express OpenID Connect SDK: The easiest way to implement the flow, which will do most of the heavy-lifting for you. If you use our Javascript SDK, please ensure you are implementing mitigations that are appropriate for your architecture. To learn more, read Auth0.js Reference.
- Authentication API: If you prefer to build your own solution, keep reading to learn how to call our API directly.
Prerequisites
Register your app with Auth0. To learn more, read Register Single Page Applications.- Select Single-Page App as the Application Type.
- Add an Allowed Callback URL of
{https://yourApp/callback}. - Make sure your application’s Grant Types include Implicit. To learn more, read Update Grant Types.
Authorize user
Request the user’s authorization and redirect back to your app. To begin the flow, you’ll need to get the user’s authorization. This step may include one or more of the following processes:- Authenticating the user;
- Redirecting the user to an to handle authentication;
- Checking for active (SSO) sessions;
- Obtaining user consent for the requested permission level, unless consent has been previously given.
Authorization URL example
Parameters
As an example, your HTML snippet for your authorization URL when adding login to your app might look like:
Response
If all goes well, you’ll receive anHTTP 302 response. The requested credentials are encoded in the body:
response_type.
Auth0 will also return any state value you included in your call to the authorization URL.
ID tokens contain user information that must be decoded and extracted.
Use cases
Basic authentication request
This example shows the most basic request you can make when authorizing the user in step 1. It displays the Auth0 login screen and allows the user to sign in with any of your configured connections: This will return an ID token, which you can parse from your redirect URL.Request user’s name and profile picture
In addition to the usual user authentication, this example shows how to request additional user details, such as name and picture. To request the user’s name and picture, you need to add the appropriate scopes when authorizing the user: Now, your ID token will contain the requested name and picture claims. When you decode the ID token, it will look similar to:Request user log in with GitHub
In addition to the usual user authentication, this example shows how to send users directly to a social identity provider, such as GitHub. For this example to work, you need to go to Auth0 Dashboard > Authentication > Social and configure the appropriate connection. Get the connection name from the Settings tab. To send users directly to the GitHub login screen, you need to pass theconnection parameter and set its value to the connection name (in this case, github) when authorizing the user:
Now, your ID Token will contain a sub claim with the user’s unique ID returned from GitHub. When you decode the ID Token, it will look similar to: