Quick Start
This guide walks you through integrating Auris authentication into your application from scratch. By the end, you will have a working login flow that redirects users to the Auris-hosted login page, handles the callback, and displays the authenticated user’s information.
Estimated time: 5–10 minutes.
Prerequisites
- Node.js 20+ (for JavaScript, React, and Next.js integrations)
- PHP 7.4+ with Composer (for PHP integrations)
- An Auris account — sign up at your Auris Console URL
- An existing application project you want to add authentication to
Step 1: Create an Application in the Console
Before installing any SDK, register your application with Auris so it receives a Client ID.
- Log in to the Auris Console.
- Navigate to Applications in the sidebar.
- Click Create Application.
- Select the application type:
- WEB — for browser-based apps (React, Next.js, Vue, Angular, server-rendered)
- MOBILE — for native iOS or Android apps
- M2M — for server-to-server or CLI tool integrations (no user login)
- Enter a display name for your application (e.g.,
My App - Development). - Add your Redirect URI — the URL Auris will redirect to after a successful login:
- Local development:
http://localhost:3000/callback - Production:
https://yourdomain.com/callback
- Local development:
- Click Create.
After creation, copy your Client ID from the application detail page. You will need it in the next steps.
Never expose your Client Secret in browser-side JavaScript. For WEB and MOBILE application types, Auris uses PKCE (Proof Key for Code Exchange) and does not require a client secret. Client secrets are only used for M2M (client_credentials) applications running server-side.
Step 2: Install the SDK
Choose the SDK that matches your stack. All packages are published to npm (JavaScript/TypeScript) or Packagist (PHP).
Next.js
npm install @auris/nextjs @auris/react @auris/js@auris/nextjs re-exports everything from @auris/react and @auris/js, so you only need
one import path in a Next.js project.
Step 3: Configure Auris
Initialize the Auris client with your tenant domain and application Client ID.
Next.js
Add AurisProvider to your root layout.tsx. The provider handles token storage, refresh, and the auth state context for all child components.
// app/layout.tsx
import { AurisProvider } from '@auris/nextjs'
export default function RootLayout({
children,
}: {
children: React.ReactNode
}) {
return (
<html lang="en">
<body>
<AurisProvider
domain="https://auth.yourdomain.com"
clientId="YOUR_CLIENT_ID"
redirectUri="http://localhost:3000/callback"
>
{children}
</AurisProvider>
</body>
</html>
)
}Then add the Auris middleware to protect routes. Create or update middleware.ts at the project root:
// middleware.ts
import { aurisMiddleware } from '@auris/nextjs/middleware'
export default aurisMiddleware({
domain: process.env.AURIS_DOMAIN!,
clientId: process.env.AURIS_CLIENT_ID!,
// Routes that require authentication
protectedPaths: ['/dashboard', '/settings', '/profile'],
// Routes that skip auth checks entirely (OAuth callback must be public)
publicPaths: ['/callback', '/login', '/'],
})
export const config = {
matcher: ['/((?!_next/static|_next/image|favicon.ico).*)'],
}Replace https://auth.yourdomain.com with your actual Auris tenant URL and YOUR_CLIENT_ID with the Client ID from Step 1.
Step 4: Add a Login Button
Trigger the login flow by redirecting the user to the Auris-hosted login page.
Next.js
// components/LoginButton.tsx
'use client'
import { useAuris } from '@auris/nextjs'
export function LoginButton() {
const { loginWithRedirect } = useAuris()
return (
<button onClick={() => loginWithRedirect()}>
Log in
</button>
)
}To log the user in and redirect them to a specific page after authentication:
loginWithRedirect({ returnTo: '/dashboard' })Step 5: Handle the Callback
After the user authenticates, Auris redirects them back to your redirectUri with an authorization code. Your application must exchange this code for tokens.
Next.js
Create a callback page at the route matching your redirectUri. The @auris/nextjs SDK handles the code exchange automatically when it detects the code parameter in the URL.
// app/callback/page.tsx
'use client'
import { useEffect } from 'react'
import { useRouter } from 'next/navigation'
import { useAuris } from '@auris/nextjs'
export default function CallbackPage() {
const { handleRedirectCallback, isLoading } = useAuris()
const router = useRouter()
useEffect(() => {
handleRedirectCallback().then(() => {
// Store intended destination in sessionStorage before loginWithRedirect() if needed
router.replace('/dashboard')
})
}, [])
if (isLoading) {
return <p>Completing login...</p>
}
return null
}Step 6: Display User Information
Once authenticated, retrieve and display the current user’s profile.
Next.js
// app/dashboard/page.tsx
'use client'
import { useUser, useAuris } from '@auris/nextjs'
export default function DashboardPage() {
const { user, isLoading } = useUser()
const { isAuthenticated } = useAuris()
if (isLoading) {
return <p>Loading...</p>
}
if (!isAuthenticated) {
return <p>You are not logged in.</p>
}
return (
<div>
<h1>Welcome, {user?.firstName ?? user?.email}</h1>
<p>Email: {user?.email}</p>
<p>Roles: {user?.roles?.join(', ')}</p>
</div>
)
}For server components, use getSession instead:
// app/dashboard/page.tsx (server component)
import { getSession } from '@auris/nextjs/server'
export default async function DashboardPage() {
const session = await getSession({
domain: process.env.AURIS_DOMAIN!,
clientId: process.env.AURIS_CLIENT_ID!,
})
if (!session) {
// Redirect to login if the middleware is not handling this route
redirect('/login')
}
return (
<div>
<h1>Welcome, {session.user.firstName}</h1>
</div>
)
}Step 7: Add a Logout Button
Next.js
'use client'
import { useAuris } from '@auris/nextjs'
export function LogoutButton() {
const { logout } = useAuris()
return (
<button onClick={() => logout()}>
{/* Handle post-logout redirect in your router */}
Log out
</button>
)
}Environment Variables
Store your Auris configuration in environment variables, not in source code. You need two sets of variables: one for client-side (browser) use and one for server-side use.
# .env.local
# Client-side: used by AurisProvider in the browser bundle
NEXT_PUBLIC_AURIS_DOMAIN=https://auth.yourdomain.com
NEXT_PUBLIC_AURIS_CLIENT_ID=your_client_id_here
# Server-side: used by aurisMiddleware() and getSession() — never exposed to the browser
AURIS_DOMAIN=https://auth.yourdomain.com
AURIS_CLIENT_ID=your_client_id_here
# For server-side M2M clients only (never expose this in the browser)
AURIS_CLIENT_SECRET=your_client_secret_here
# For JWT verification without a network call (optional, recommended for performance)
AURIS_JWKS_URL=https://auth.yourdomain.com/.well-known/jwks.jsonThen use them in your provider setup:
<AurisProvider
domain={process.env.NEXT_PUBLIC_AURIS_DOMAIN!}
clientId={process.env.NEXT_PUBLIC_AURIS_CLIENT_ID!}
redirectUri={`${process.env.NEXT_PUBLIC_APP_URL}/callback`}
>And in server-side code (middleware, getSession):
// middleware.ts — uses AURIS_DOMAIN / AURIS_CLIENT_ID (no NEXT_PUBLIC_ prefix)
aurisMiddleware({ domain: process.env.AURIS_DOMAIN!, clientId: process.env.AURIS_CLIENT_ID!, ... })
// Server component — same server-side vars
getSession({ domain: process.env.AURIS_DOMAIN!, clientId: process.env.AURIS_CLIENT_ID! })Environment variables prefixed with NEXT_PUBLIC_ are embedded in the browser bundle and are
public. Only the domain and clientId should be public. Never expose AURIS_CLIENT_SECRET
with a NEXT_PUBLIC_ prefix. The unprefixed AURIS_DOMAIN and AURIS_CLIENT_ID are server-only
and are never sent to the browser.
Next Steps
Now that you have a basic login flow working, explore the features most relevant to your application:
Authentication methods
- Social Login (Google, GitHub, Microsoft, and more)
- Passwordless / Magic Links
- SMS OTP
- Multi-Factor Authentication (TOTP, SMS, WebAuthn)
- Enterprise SSO (SAML 2.0 / OIDC)
Authorization
User management
SDKs and API