The auth0-js package is a JavaScript client library for integrating Auth0 authentication and authorization services into web applications. It provides a variety of methods for handling user authentication, managing user sessions, and interacting with Auth0's API.
What are auth0-js's main functionalities?
User Authentication
This feature allows you to authenticate users by redirecting them to the Auth0 login page. The code sample demonstrates how to initialize the Auth0 client and trigger the authentication process.
This feature handles the authentication callback after the user has logged in. The code sample shows how to parse the URL hash to extract authentication tokens.
auth0.parseHash((err, authResult) => {
if (authResult && authResult.accessToken && authResult.idToken) {
window.location.hash = '';
// Save the tokens in local storage or a cookie
} else if (err) {
console.error('Error parsing hash:', err);
}
});
User Logout
This feature allows you to log out users from the application. The code sample demonstrates how to trigger the logout process and redirect the user to a specified URL.
This feature allows you to silently authenticate users without redirecting them to the login page. The code sample shows how to check the user's session and obtain new tokens if needed.
auth0.checkSession({}, (err, authResult) => {
if (err) {
console.error('Error during silent authentication:', err);
} else {
// Use the authResult to get new tokens
}
});
Passport is a popular authentication middleware for Node.js. It provides a wide range of authentication strategies, including OAuth, OpenID, and more. Unlike auth0-js, which is specific to Auth0, Passport is more flexible and can be used with various authentication providers.
Firebase Authentication provides backend services for easy use of authentication in web and mobile apps. It supports various authentication methods like email/password, phone, and social providers. Compared to auth0-js, Firebase Authentication is part of the larger Firebase platform, offering more integrated services.
After installing the auth0-js module using npm, you'll need to bundle it up along with all of its dependencies, or import it using:
import auth0 from'auth0-js';
Configure the SDK
auth0.WebAuth
Provides support for all the authentication flows.
var auth0 = new auth0.WebAuth({
domain: '{YOUR_AUTH0_DOMAIN}',
clientID: '{YOUR_AUTH0_CLIENT_ID}'
});
auth0.Authentication
Provides an API client for the Auth0 Authentication API.
var auth0 = new auth0.Authentication({
domain: '{YOUR_AUTH0_DOMAIN}',
clientID: '{YOUR_AUTH0_CLIENT_ID}'
});
auth0.Management
Provides an API Client for the Auth0 Management API (only methods meant to be used from the client with the user token). You should use an access_token with the https://YOUR_DOMAIN.auth0.com/api/v2/ audience to make this work. For more information, read the user management section of the Auth0.js documentation.
var auth0 = new auth0.Management({
domain: '{YOUR_AUTH0_DOMAIN}',
token: '{ACCESS_TOKEN_FROM_THE_USER}'
});
Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.
Auth0 is an easy to implement, adaptable authentication and authorization platform. To learn more checkout Why Auth0?
This project is licensed under the MIT license. See the LICENSE file for more info.
The npm package auth0-js receives a total of 35,030 weekly downloads. As such, auth0-js popularity was classified as popular.
We found that auth0-js demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago.Ā It has 49 open source maintainers collaborating on the project.
Package last updated on 21 Oct 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.