The simplest way to use the SDK is to use the named exports (HandleAuth, HandleLogin,
HandleLogout, HandleCallback, HandleProfile, GetSession, GetAccessToken,
WithApiAuthRequired, and WithPageAuthRequired).
If you don't want to configure the SDK with environment variables or you want more fine grained control over the
instance, you can create an instance yourself and use the handlers and helpers from that.
First, export your configured instance from another module:
IMPORTANT If you use InitAuth0, you should not use the other named exports as they will use a different
instance of the SDK. Also note - this is for the server side part of the SDK - you will always use named exports for
the front end components: {@Link UserProvider}, {@Link UseUser} and the
front end version of {@Link WithPageAuthRequired}
Configuration properties.
The Server part of the SDK can be configured in 2 ways.
1. Environment Variables
The simplest way to use the SDK is to use the named exports (HandleAuth, HandleLogin, HandleLogout, HandleCallback, HandleProfile, GetSession, GetAccessToken, WithApiAuthRequired, and WithPageAuthRequired).
When you use these named exports, an instance of the SDK is created for you which you can configure using environment variables:
Required
AUTH0_SECRET
: See secret.AUTH0_ISSUER_BASE_URL
: See issuerBaseURL.AUTH0_BASE_URL
: See baseURL.AUTH0_CLIENT_ID
: See clientID.AUTH0_CLIENT_SECRET
: See clientSecret.Optional
AUTH0_CLOCK_TOLERANCE
: See clockTolerance.AUTH0_HTTP_TIMEOUT
: See httpTimeout.AUTH0_ENABLE_TELEMETRY
: See enableTelemetry.AUTH0_IDP_LOGOUT
: See idpLogout.AUTH0_ID_TOKEN_SIGNING_ALG
: See idTokenSigningAlg.AUTH0_LEGACY_SAME_SITE_COOKIE
: See legacySameSiteCookie.AUTH0_IDENTITY_CLAIM_FILTER
: See identityClaimFilter.NEXT_PUBLIC_AUTH0_LOGIN
: See routes.AUTH0_CALLBACK
: See routes.AUTH0_POST_LOGOUT_REDIRECT
: See routes.AUTH0_AUDIENCE
: See authorizationParams.AUTH0_SCOPE
: See authorizationParams.AUTH0_ORGANIZATION
: See organization.AUTH0_SESSION_NAME
: See name.AUTH0_SESSION_ROLLING
: See rolling.AUTH0_SESSION_ROLLING_DURATION
: See rollingDuration.AUTH0_SESSION_ABSOLUTE_DURATION
: See absoluteDuration.AUTH0_SESSION_AUTO_SAVE
: See autoSave.AUTH0_COOKIE_DOMAIN
: See domain.AUTH0_COOKIE_PATH
: See path.AUTH0_COOKIE_TRANSIENT
: See transient.AUTH0_COOKIE_HTTP_ONLY
: See httpOnly.AUTH0_COOKIE_SECURE
: See secure.AUTH0_COOKIE_SAME_SITE
: See sameSite.AUTH0_CLIENT_ASSERTION_SIGNING_KEY
: See clientAssertionSigningKeyAUTH0_CLIENT_ASSERTION_SIGNING_ALG
: See clientAssertionSigningAlg2. Create your own instance using InitAuth0
If you don't want to configure the SDK with environment variables or you want more fine grained control over the instance, you can create an instance yourself and use the handlers and helpers from that.
First, export your configured instance from another module:
Then import it into your route handler:
IMPORTANT If you use InitAuth0, you should not use the other named exports as they will use a different instance of the SDK. Also note - this is for the server side part of the SDK - you will always use named exports for the front end components: {@Link UserProvider}, {@Link UseUser} and the front end version of {@Link WithPageAuthRequired}