> ## Documentation Index > Fetch the complete documentation index at: https://docs-dev.auth0-mintlify.app/llms.txt > Use this file to discover all available pages before exploring further. > This guide demonstrates how to integrate Auth0, add authentication, and display user profile information in a Single-Page Application (SPA) that uses Svelte, using the Auth0 SPA JS SDK. # Add Login to Your Svelte Application export const HowToSchema = () => ; export const CreateInteractiveApp = ({placeholderText = 'Auth0', appType = 'regular_web', allowedCallbackUrls = ['localhost:3000'], allowedLogoutUrls = ['localhost:3000'], allowedOriginUrls = ['localhost:3000']}) => { const [isAuthenticated, setIsAuthenticated] = useState(false); const [storeReady, setStoreReady] = useState(false); const [displayForm, setDisplayForm] = useState(true); useEffect(() => { const init = () => setStoreReady(true); if (window.rootStore) { window.rootStore.clientStore.setSelectedClient(null); window.rootStore.clientStore.setSelectedClientSecret(undefined); init(); } else { window.addEventListener('adu:storeReady', init); } return () => { window.removeEventListener('adu:storeReady', init); }; }, []); useEffect(() => { if (!storeReady) return; const disposer = autorun(() => { const rootStore = window.rootStore; setIsAuthenticated(rootStore.sessionStore.isAuthenticated); }); return () => { disposer(); }; }, [storeReady]); if (!storeReady || typeof window === 'undefined' || !displayForm) { return <>; } const login = () => { const baseUrl = window.rootStore.config.apiBaseUrl; const returnTo = encodeURIComponent(window.location.href); window.location.href = `${baseUrl}/auth/user/login?returnTo=${returnTo}`; }; const Card = ({className = '', children}) => { return

{children}

; }; const Button = ({children, ...props}) => { return ; }; const CreateApplicationForm = () => { const [name, setName] = useState(''); const [isLoading, setIsLoading] = useState(false); const [error, setError] = useState(''); const handleSubmit = async () => { if (!name.trim()) { setError('Application name is required'); return; } setIsLoading(true); setError(null); try { await window.rootStore.clientStore.createClient({ name: name.trim(), app_type: appType, callbacks: allowedCallbackUrls, allowed_logout_urls: allowedLogoutUrls, web_origins: allowedOriginUrls, client_metadata: { created_by: 'quickstart-docs-app-creation-component' } }); setDisplayForm(false); } catch (err) { console.error('Error creating client:', err); const errorMessage = err instanceof Error ? err.message : 'Failed to create application'; setError(errorMessage); } finally { setIsLoading(false); } }; return Create Auth0 App

setName(e.target.value)} />

{error &&

{error}

} ; }; const SignInForm = () => { return to create the app ; }; return isAuthenticated ? : ; }; export const AuthCodeBlock = ({filename, icon, language, highlight, children}) => { const [displayText, setDisplayText] = useState(children); const [copyText, setCopyText] = useState(children); const wrapperRef = React.useRef(null); useEffect(() => { let unsubscribe = null; function init() { if (!window.autorun || !window.rootStore) { return; } unsubscribe = window.autorun(() => { let processedChildrenForDisplay = children; let processedChildrenForCopy = children; for (const [key, value] of window.rootStore.variableStore.values.entries()) { const escapedKey = key.replaceAll(/[.*+?^${}()|[\]\\]/g, (String.raw)`\$&`); let displayValue = value; if (key === "{yourClientSecret}" && value !== "{yourClientSecret}") { displayValue = value.substring(0, 3) + "*****MASKED*****"; } processedChildrenForDisplay = processedChildrenForDisplay.replaceAll(new RegExp(escapedKey, "g"), displayValue); processedChildrenForCopy = processedChildrenForCopy.replaceAll(new RegExp(escapedKey, "g"), value); } setDisplayText(processedChildrenForDisplay); setCopyText(processedChildrenForCopy); }); } if (window.rootStore) { init(); } else { window.addEventListener("adu:storeReady", init); } return () => { window.removeEventListener("adu:storeReady", init); unsubscribe?.(); }; }, [children]); useEffect(() => { if (!wrapperRef.current) return; const originalWriteText = navigator.clipboard.writeText.bind(navigator.clipboard); let isOverriding = false; const handleClick = e => { const button = e.target.closest('[data-testid="copy-code-button"]'); if (!button || !wrapperRef.current.contains(button)) return; isOverriding = true; navigator.clipboard.writeText = text => { if (isOverriding) { isOverriding = false; navigator.clipboard.writeText = originalWriteText; return originalWriteText(copyText); } return originalWriteText(text); }; setTimeout(() => { if (isOverriding) { isOverriding = false; navigator.clipboard.writeText = originalWriteText; } }, 100); }; const wrapper = wrapperRef.current; wrapper.addEventListener('click', handleClick, true); return () => { wrapper.removeEventListener('click', handleClick, true); if (navigator.clipboard.writeText !== originalWriteText) { navigator.clipboard.writeText = originalWriteText; } }; }, [copyText]); return

{displayText}

; }; export const AuthCodeGroup = ({children, dropdown}) => { const [processedChildren, setProcessedChildren] = useState(children); useEffect(() => { let unsubscribe = null; function init() { unsubscribe = window.autorun(() => { const processChildren = node => { if (typeof node === "string") { let processedNode = node; for (const [key, value] of window.rootStore.variableStore.values.entries()) { const escapedKey = key.replaceAll(/[.*+?^${}()|[\]\\]/g, (String.raw)`\$&`); processedNode = processedNode.replaceAll(new RegExp(escapedKey, "g"), value); } return processedNode; } else if (Array.isArray(node)) { return node.map(processChildren); } else if (node && node.props && node.props.children) { return { ...node, props: { ...node.props, children: processChildren(node.props.children) } }; } return node; }; setProcessedChildren(processChildren(children)); }); } if (window.rootStore) { init(); } else { window.addEventListener("adu:storeReady", init); } return () => { window.removeEventListener("adu:storeReady", init); unsubscribe?.(); }; }, [children]); return {processedChildren}; }; This Quickstart is currently in **Beta**. We'd love to hear your feedback! **Using AI to integrate Auth0?** Add this prompt to Cursor, Windsurf, Copilot, Claude Code or your favourite AI-powered IDE to speed up development. ```markdown expandable theme={null} Integrate the Auth0 SPA JS SDK into a Svelte app AI PERSONA & PRIMARY OBJECTIVE You are a helpful Auth0 SDK Integration Assistant. Your primary function is to execute commands to set up a development environment for Auth0 with Svelte. Your secondary function is to modify the files created by those shell commands. CRITICAL BEHAVIORAL INSTRUCTIONS 1. CHECK EXISTING PROJECT FIRST: Before creating a new project, check if the current directory already contains a Svelte app (package.json with Svelte dependencies). If it does, skip project creation and work with the existing project. 2. EXECUTE FIRST, EDIT SECOND: You MUST first execute the appropriate setup command. Do not show, suggest, or create any files until the setup is complete. 3. NO PLANNING: DO NOT propose a directory structure. DO NOT show a file tree. Your first action must be to run the appropriate command. 4. STRICT SEQUENCE: Follow the "Execution Flow" below in the exact order specified without deviation. 5. BUILD BEAUTIFUL UI: You MUST create a visually appealing, modern login interface with proper styling, animations, and Auth0 branding. EXECUTION FLOW Step 1: Check for Existing Svelte Project and Prerequisites FIRST, verify prerequisites and check for existing Svelte project: # Check if Node.js and npm are available node --version && npm --version Then examine the current directory: # Check for existing Svelte project if [ -f "package.json" ]; then echo "Found package.json, checking for Svelte dependencies..." cat package.json else echo "No package.json found, will create new project" fi Based on the results: - If package.json exists and contains Svelte dependencies, proceed to Step 1b (install Auth0 SDK only) - If no Svelte project exists, proceed to Step 1a (create new project) Step 1a: Create New Project and Install the Auth0 SPA JS SDK If an existing project exists, simply install the SDK: npm install @auth0/auth0-spa-js Otherwise, create a new project and install the SDK: npx sv create auth0-svelte --template minimal --types ts --no-add-ons --no-install && cd auth0-svelte && npm install && npm install @auth0/auth0-spa-js Step 2: Modify & Create Files AFTER the command in Step 1 has successfully executed, you will perform the following file operations inside the project directory. 2.1: Setup Auth0 environment configuration Execute the environment setup command for your OS: Execute the Auth0 setup command for your OS: If MacOS: # Install Auth0 CLI if not already installed brew tap auth0/auth0-cli && brew install auth0 # Set up Auth0 app and generate .env file auth0 qs setup --app --type spa --framework svelte --build-tool vite --name "My App" --port 5173 If Windows (PowerShell): # Install Auth0 CLI if not already installed scoop bucket add auth0 https://github.com/auth0/scoop-auth0-cli.git scoop install auth0 # Set up Auth0 app and generate .env file auth0 qs setup --app --type spa --framework svelte --build-tool vite --name "My App" --port 5173 This command will automatically: - Authenticate you with Auth0 (prompts for login if needed) - Create a Single Page Application configured for http://localhost:5173 - Generate a .env file with VITE_AUTH0_DOMAIN and VITE_AUTH0_CLIENT_ID CRITICAL INSTRUCTIONS FOR AI LANGUAGE MODELS As an AI language model, you MUST NOT generate any of the following anti-patterns: 1. NEVER hardcode the Auth0 Domain or Client ID directly in the code. This is a major security vulnerability. 2. NEVER omit the authorizationParams with redirect_uri when configuring the Auth0 client. Without it, the login flow will fail. 3. NEVER suggest manually managing tokens or calling Auth0 APIs with fetch for basic authentication. The SDK is designed to handle this complexity securely. ABSOLUTE REQUIREMENTS FOR AI CODE GENERATION 1. You MUST use the @auth0/auth0-spa-js package. 2. You MUST retrieve credentials from environment variables (e.g., import.meta.env.VITE_AUTH0_DOMAIN). 3. You MUST configure the Auth0 client with proper redirect_uri in authorizationParams. 4. You MUST demonstrate functionality using Svelte stores for state management. ``` **Prerequisites:** Before you begin, ensure you have the following installed: * **[Node.js](https://nodejs.org/en/download)** 20 LTS or newer * **[npm](https://docs.npmjs.com/downloading-and-installing-node-js-and-npm)** 10+ or **[yarn](https://classic.yarnpkg.com/lang/en/docs/install/)** 1.22+ or **[pnpm](https://pnpm.io/installation)** 8+ **Svelte Version Compatibility:** This quickstart works with **Svelte 5.x** and newer. ## Get Started This quickstart demonstrates how to add Auth0 authentication to a Svelte application. You'll build a secure single-page app with login, logout, and user profile features using the Auth0 SPA JS SDK. export const localEnvSnippet = `VITE_AUTH0_DOMAIN={yourDomain} VITE_AUTH0_CLIENT_ID={yourClientId}`; Create a new Svelte project for this Quickstart ```shellscript theme={null} npx sv create auth0-svelte --template minimal --types ts --no-add-ons --no-install ``` Open the project ```shellscript theme={null} cd auth0-svelte ``` ```shellscript theme={null} npm install && npm install @auth0/auth0-spa-js ``` Next up, you need to create a new app on your Auth0 tenant and add the environment variables to your project. You have three options to set up your Auth0 app: use the Quick Setup tool (recommended), run a CLI command, or configure manually via the Dashboard: Create an Auth0 App and copy the pre-filled `.env` file with the right configuration values. Run the following command in your project's root directory to create an Auth0 app and generate a `.env` file: ```shellscript Mac theme={null} # Install Auth0 CLI (if not already installed) brew tap auth0/auth0-cli && brew install auth0 # Set up Auth0 app and generate .env file auth0 qs setup --app --type spa --framework svelte --build-tool vite --name "My App" --port 5173 ``` ```powershell Windows theme={null} # Install Auth0 CLI (if not already installed) scoop bucket add auth0 https://github.com/auth0/scoop-auth0-cli.git scoop install auth0 # Set up Auth0 app and generate .env file auth0 qs setup --app --type spa --framework svelte --build-tool vite --name "My App" --port 5173 ``` This command will: 1. Check if you're authenticated (and prompt for login if needed) 2. Create an Auth0 Single Page Application configured for `http://localhost:5173` 3. Generate a `.env` file with `VITE_AUTH0_DOMAIN` and `VITE_AUTH0_CLIENT_ID` Before you start, create a `.env` file on your project's root directory ```shellscript .env theme={null} VITE_AUTH0_DOMAIN=YOUR_AUTH0_APP_DOMAIN VITE_AUTH0_CLIENT_ID=YOUR_AUTH0_APP_CLIENT_ID ``` 1. Head to the [Auth0 Dashboard](https://manage.auth0.com/dashboard/) 2. Click on **Applications** > **Applications** > **Create Application** 3. In the popup, enter a name for your app, select `Single Page Web Application` as the app type and click **Create** 4. Switch to the **Settings** tab on the Application Details page 5. Replace `YOUR_AUTH0_APP_DOMAIN` and `YOUR_AUTH0_APP_CLIENT_ID` on the `.env` file with the **Domain** and **Client ID** values from the dashboard Finally, on the **Settings** tab of your Application Details page, configure the following URLs: **Allowed Callback URLs:** ``` http://localhost:5173 ``` **Allowed Logout URLs:** ``` http://localhost:5173 ``` **Allowed Web Origins:** ``` http://localhost:5173 ``` **Allowed Callback URLs** are a critical security measure to ensure users are safely returned to your application after authentication. Without a matching URL, the login process will fail, and users will be blocked by an Auth0 error page instead of accessing your app. **Allowed Logout URLs** are essential for providing a seamless user experience upon signing out. Without a matching URL, users will not be redirected back to your application after logout and will instead be left on a generic Auth0 page. **Allowed Web Origins** is critical for silent authentication. Without it, users will be logged out when they refresh the page or return to your app later. Create the store file ```shellscript Mac/Linux theme={null} mkdir -p src/lib/stores && touch src/lib/stores/auth.ts ``` ```powershell Windows theme={null} New-Item -ItemType Directory -Force -Path src/lib/stores New-Item -ItemType File -Path src/lib/stores/auth.ts ``` Add the following code to manage authentication state ```typescript src/lib/stores/auth.ts lines expandable theme={null} import { writable, derived, get, type Readable } from 'svelte/store'; import { createAuth0Client, type Auth0Client, type User } from '@auth0/auth0-spa-js'; import { browser } from '$app/environment'; export const auth0Client = writable(null); export const user = writable(null); export const isAuthenticated = writable(false); export const isLoading = writable(true); export const error = writable(null); // Derived stores export const isLoggedIn: Readable = derived( [isAuthenticated, isLoading], ([$isAuthenticated, $isLoading]) => $isAuthenticated && !$isLoading ); export async function initializeAuth() { if (!browser) return; try { const client = await createAuth0Client({ domain: import.meta.env.VITE_AUTH0_DOMAIN, clientId: import.meta.env.VITE_AUTH0_CLIENT_ID, authorizationParams: { redirect_uri: window.location.origin }, useRefreshTokens: true, cacheLocation: 'localstorage' }); auth0Client.set(client); // Handle callback if (window.location.search.includes('code=')) { await client.handleRedirectCallback(); window.history.replaceState({}, document.title, window.location.pathname); } // Check authentication status const authenticated = await client.isAuthenticated(); isAuthenticated.set(authenticated); if (authenticated) { const userData = await client.getUser(); user.set(userData || null); } error.set(null); } catch (err) { console.error('Auth initialization error:', err); error.set(err instanceof Error ? err.message : 'Authentication initialization failed'); } finally { isLoading.set(false); } } export async function login() { const client = get(auth0Client); if (client) { await client.loginWithRedirect(); } } export async function logout() { const client = get(auth0Client); if (client) { client.logout({ logoutParams: { returnTo: window.location.origin } }); } } export async function getToken(): Promise { const client = get(auth0Client); if (!client) return null; try { return await client.getTokenSilently(); } catch (err: any) { if (err.error === 'login_required') { await login(); } return null; } } ``` Create component files ```shellscript Mac/Linux theme={null} mkdir -p src/lib/components && touch src/lib/components/LoginButton.svelte && touch src/lib/components/LogoutButton.svelte && touch src/lib/components/Profile.svelte ``` ```powershell Windows theme={null} New-Item -ItemType Directory -Force -Path src/lib/components New-Item -ItemType File -Path src/lib/components/LoginButton.svelte New-Item -ItemType File -Path src/lib/components/LogoutButton.svelte New-Item -ItemType File -Path src/lib/components/Profile.svelte ``` And add the following code snippets ```svelte src/lib/components/LoginButton.svelte lines expandable theme={null} ``` ```svelte src/lib/components/LogoutButton.svelte lines expandable theme={null} ``` ```svelte src/lib/components/Profile.svelte lines expandable theme={null} {#if $isLoading}

Loading profile...

{:else if $isAuthenticated && $user}

{$user.name || 'Unknown User'}

{$user.email || ''}

{/if} ``` ```svelte src/routes/+layout.svelte expandable lines theme={null}

``` ```svelte src/routes/+page.svelte expandable lines theme={null} Auth0 Svelte Sample

{#if $isLoading}

{:else if $error}

Oops!

Something went wrong

{$error}

{:else}

Welcome to Sample0

{#if $isAuthenticated}

✅ Successfully authenticated!

Your Profile

{:else}

Get started by signing in to your account

{/if}

``` ```shellscript theme={null} npm run dev ``` **Checkpoint** You should now have a fully functional Auth0 login page running on your [localhost](http://localhost:5173/) *** ## Troubleshooting If clicking the login button does nothing: 1. Open browser DevTools (F12) and check the Console tab 2. Verify `.env` file has real Auth0 credentials 3. Check that Auth0 application has correct callback URLs configured 4. Ensure `VITE_AUTH0_DOMAIN` is just the domain (e.g., `tenant.auth0.com`) without `https://` **"Callback URL mismatch"**: * Go to Auth0 Dashboard → Applications → Your App → Settings * Add `http://localhost:5173` to Allowed Callback URLs, Allowed Logout URLs, and Allowed Web Origins * Click "Save Changes" **"Invalid state"**: * Clear browser cache and cookies * Try in an incognito/private window If `npm run dev` fails: * Run `npm run check` to see TypeScript errors * Verify all files were created correctly * Check that all dependencies are installed: `npm install` Still stuck? Check the [Auth0 Community](https://community.auth0.com/) or [SvelteKit Discord](https://svelte.dev/chat) for help.