JavaScript (Web)
Integrate Authgear to your website with the Web SDK
Last updated
Integrate Authgear to your website with the Web SDK
Last updated
In this guide, you'll learn how to integrate Authgear into your website using the . In the token approach, the Authgear server returns an access token and a refresh token to your SPA application after successful user authentication.
Your application can send the access token in subsequent HTTP requests to access protected resources.
Follow this guide to add Authgear SDK to any web application in under 🕐 10 minutes.
See and clone the full code for the demo app for this tutorial in .
This guide uses the Authgear Web SDK for integrating Authgear with a SPA Web app. Supported browsers include:
Last 2 Firefox major versions
Last 2 Chrome major versions
Last 2 Edge major versions
Last 3 Safari major versions
Signup for an Authgear Portal account in . Or you can use your self-deployed Authgear.
From the Project listing, create a new Project or select an existing Project. After that, we will need to create an application in the project.
Go to Applications on the left menu bar.
Click ⊕Add Application in the top toolbar.
Input the name of your application and select the application type Single Page Application. Click the Save button to proceed.
On the next screen you will see a list of tutorials for different frameworks, click on Next to skip to your client application configuration page.
First, decide the paths in your website that users will be redirected to after they have authenticated with Authgear.
To run the demo app in this tutorial offline, scroll to the URIs section of your client application page add the following URI:
Under Authorized Redirect URIs add http://localhost:3000/
Note that the trailing "/" in the above URLs must be included.
Click on the Save button to keep your changes.
In this section, we'll create a simple web page and use the Authgear Web JavaScript SDK to add user authentication to the page.
For this guide, we'll create a basic web application with only one page. Follow these steps to set up the application. First, create a new directory on your computer for the project. You can do this in a terminal using the following commands:
We'll create an Express.js server in the web project directory so that we can access the HTML page in a web browser using http://localhost:3000
. Run the following commands from the root of your web project directory to install Express:
Now create a server.js
file in the root folder of your project. Add the following code to server.js:
Next, open the package.json
in your project directory and add the following lines in the script section:
Note that the above you may use your preferred tool/environment to serve the HTML file and skip the step of creating an Express server.
Create a new file called index.html
in the root of your project directory. Add the following code to the file:
The content index.html
is a simple web page that contains some text, a Log in button, and a Log out button. In later steps, we will implement the onclick
events for both steps such that each calls the correct function from the Authgear Web JavaScript SDK.
The Web JS SDK is available on a CDN that you can include in any webpage using the following script tag:
We recommend that you use the npm package to add Authgear to your web application when you're using build tools like Vite and Webpack, and when building with frameworks like React, Vue, Angular, etc.
The easiest way to add a JavaScript library such as the Authgear SDK to a generic Single Page Application (a basic .html
file page), is to use a CDN. Hence, we'll use the CDN method to add the Authgear Web JavaScript SDK to our demo application for this tutorial.
To install the Authgear SDK, add the Authgear SDK CDN <script> tag to index.html
on a new line just before the </body>
. Your index.html should look like this at this point:
With that, we have added the Authgear SDK to a basic HTML page and we are ready to start making calls to its functions.
At this point, the structure of your project folder should look like this:
To test your progress so far save your files then run the npm run dev
command. Next open localhost:3000
on your preferred web browser and you should see a page that looks like this:
Create a new public/js
directory in the root of your project directory.
Create a new file called app.js
in the public/js
directory. Add the following content to app.js
:
In app.js, the configureClient()
function gets an instance of the Authgear Web SDK (authgearClient
) and then calls the configure()
function of the SDK to initialize Authgear.
You can find value for clientID
and endpoint
from your Authgear client application configuration page.
Finally, link app.js
in index.html
using <script src="js/app.js"></script>
just above the line with the Authgear CDN <script>
tag as shown below:
When the user clicks login/signup on your website, make a start authorization call to redirect them to the login/signup page (AuthUI).
In this step, we'll implement the login()
function that is called when the Log in button is pressed.
Update app.js
by adding the following code after the declaration of the configureClient()
function:
Make sure you have added http://localhost:3000/
as an Authorized Redirect URI in the portal for your Authgear client application. Note that the last "/" in the URL is required.
After the user authenticates on the login page, the user will be redirected to the redirectURI
with a code
parameter in the URL query. In the redirectURI
of your application, make a finish authorization call to handle the authentication result. This will attempt to exchange the code
for the access token and user info.
Once authorization succeeds, the application should be able to display user info and access protected resources.
To handle the redirect after authentication, we'll call the Authgear SDK's finishAuthentication()
function when there's a code parameter in the URL of the current page. To do that, update the window.onload
callback in app.js to the following:
The updateUI()
function will update the state of the webpage when the user's logged-in state changes. Add the following code to the end of app.js to implement updateUI
:
The complete content of app.js at the end of this step should look like this:
At this point, your file structure should look like this:
Save all changes in your code, and rerun your app on a web browser. This time, clicking on the Log in button should redirect you to your Authgear project's user login page (AuthUI).
When you start launching the application. You may want to know if the user has logged in. (e.g. Redirect users to log in if they haven't logged in). The sessionState
reflects the user logged-in state in the SDK local state. That means even thesessionState
is AUTHENTICATED
, the session may be invalid if it is revoked remotely. After initializing the Authgear SDK, call fetchUserInfo
to update the sessionState
as soon as it is proper to do so.
The value of sessionState
can be UNKNOWN
, NO_SESSION
or AUTHENTICATED
. Initially the sessionState
is UNKNOWN
. After a call to authgearClient.configure
, the session state would become AUTHENTICATED
if a previous session was found, or NO_SESSION
if such session was not found.
In some cases, you may need to obtain current user info through the SDK. (e.g. Display email address in the UI). Use the fetchUserInfo
function to obtain the user info.
Use the logout
function to log out the user. The user will be redirected to your Authgear endpoint to log out their session. You should provide the redirectURI
for the user to return to your app.
Once you have logged-in user, you can start making authenticated requests to backend APIs as described below.
There are two ways to include the access token in the HTTP requests to your application server.
You can get the access token through authgearClient.accessToken
. Call refreshAccessTokenIfNeeded
every time before using the access token, the function will check and make the network call to refresh the access token only if it is expired. Include the access token in the Authorization header of the application request.
The Web JS SDK is also available as . That can be installed using any of the following commands:
See more user info .
Authgear SDK provides the fetch
function for you to call your application server. This fetch
function will include the Authorization header in your application request, and handle refresh access token automatically. The authgearClient.fetch
implements .
To protect your application server from unauthorized access. You will need to .
For detailed documentation on the JavaScript Web SDK, visit