Skip to Content
Get StartedQuick Start

Quick Start

This guide walks you through integrating Auris authentication into your application from scratch. By the end, you will have a working login flow that redirects users to the Auris-hosted login page, handles the callback, and displays the authenticated user’s information.

Estimated time: 5–10 minutes.


Prerequisites

  • Node.js 20+ (for JavaScript, React, and Next.js integrations)
  • PHP 7.4+ with Composer (for PHP integrations)
  • An Auris account — sign up at your Auris Console URL
  • An existing application project you want to add authentication to

Step 1: Create an Application in the Console

Before installing any SDK, register your application with Auris so it receives a Client ID.

  1. Log in to the Auris Console.
  2. Navigate to Applications in the sidebar.
  3. Click Create Application.
  4. Select the application type:
    • WEB — for browser-based apps (React, Next.js, Vue, Angular, server-rendered)
    • MOBILE — for native iOS or Android apps
    • M2M — for server-to-server or CLI tool integrations (no user login)
  5. Enter a display name for your application (e.g., My App - Development).
  6. Add your Redirect URI — the URL Auris will redirect to after a successful login:
    • Local development: http://localhost:3000/callback
    • Production: https://yourdomain.com/callback
  7. Click Create.

After creation, copy your Client ID from the application detail page. You will need it in the next steps.

Never expose your Client Secret in browser-side JavaScript. For WEB and MOBILE application types, Auris uses PKCE (Proof Key for Code Exchange) and does not require a client secret. Client secrets are only used for M2M (client_credentials) applications running server-side.


Step 2: Install the SDK

Choose the SDK that matches your stack. All packages are published to npm (JavaScript/TypeScript) or Packagist (PHP).

npm install @auris/nextjs @auris/react @auris/js

@auris/nextjs re-exports everything from @auris/react and @auris/js, so you only need one import path in a Next.js project.


Step 3: Configure Auris

Initialize the Auris client with your tenant domain and application Client ID.

Add AurisProvider to your root layout.tsx. The provider handles token storage, refresh, and the auth state context for all child components.

// app/layout.tsx import { AurisProvider } from '@auris/nextjs' export default function RootLayout({ children, }: { children: React.ReactNode }) { return ( <html lang="en"> <body> <AurisProvider domain="https://auth.yourdomain.com" clientId="YOUR_CLIENT_ID" redirectUri="http://localhost:3000/callback" > {children} </AurisProvider> </body> </html> ) }

Then add the Auris middleware to protect routes. Create or update middleware.ts at the project root:

// middleware.ts import { aurisMiddleware } from '@auris/nextjs/middleware' export default aurisMiddleware({ domain: process.env.AURIS_DOMAIN!, clientId: process.env.AURIS_CLIENT_ID!, // Routes that require authentication protectedPaths: ['/dashboard', '/settings', '/profile'], // Routes that skip auth checks entirely (OAuth callback must be public) publicPaths: ['/callback', '/login', '/'], }) export const config = { matcher: ['/((?!_next/static|_next/image|favicon.ico).*)'], }

Replace https://auth.yourdomain.com with your actual Auris tenant URL and YOUR_CLIENT_ID with the Client ID from Step 1.


Step 4: Add a Login Button

Trigger the login flow by redirecting the user to the Auris-hosted login page.

// components/LoginButton.tsx 'use client' import { useAuris } from '@auris/nextjs' export function LoginButton() { const { loginWithRedirect } = useAuris() return ( <button onClick={() => loginWithRedirect()}> Log in </button> ) }

To log the user in and redirect them to a specific page after authentication:

loginWithRedirect({ returnTo: '/dashboard' })

Step 5: Handle the Callback

After the user authenticates, Auris redirects them back to your redirectUri with an authorization code. Your application must exchange this code for tokens.

Create a callback page at the route matching your redirectUri. The @auris/nextjs SDK handles the code exchange automatically when it detects the code parameter in the URL.

// app/callback/page.tsx 'use client' import { useEffect } from 'react' import { useRouter } from 'next/navigation' import { useAuris } from '@auris/nextjs' export default function CallbackPage() { const { handleRedirectCallback, isLoading } = useAuris() const router = useRouter() useEffect(() => { handleRedirectCallback().then(() => { // Store intended destination in sessionStorage before loginWithRedirect() if needed router.replace('/dashboard') }) }, []) if (isLoading) { return <p>Completing login...</p> } return null }

Step 6: Display User Information

Once authenticated, retrieve and display the current user’s profile.

// app/dashboard/page.tsx 'use client' import { useUser, useAuris } from '@auris/nextjs' export default function DashboardPage() { const { user, isLoading } = useUser() const { isAuthenticated } = useAuris() if (isLoading) { return <p>Loading...</p> } if (!isAuthenticated) { return <p>You are not logged in.</p> } return ( <div> <h1>Welcome, {user?.firstName ?? user?.email}</h1> <p>Email: {user?.email}</p> <p>Roles: {user?.roles?.join(', ')}</p> </div> ) }

For server components, use getSession instead:

// app/dashboard/page.tsx (server component) import { getSession } from '@auris/nextjs/server' export default async function DashboardPage() { const session = await getSession({ domain: process.env.AURIS_DOMAIN!, clientId: process.env.AURIS_CLIENT_ID!, }) if (!session) { // Redirect to login if the middleware is not handling this route redirect('/login') } return ( <div> <h1>Welcome, {session.user.firstName}</h1> </div> ) }

Step 7: Add a Logout Button

'use client' import { useAuris } from '@auris/nextjs' export function LogoutButton() { const { logout } = useAuris() return ( <button onClick={() => logout()}> {/* Handle post-logout redirect in your router */} Log out </button> ) }

Environment Variables

Store your Auris configuration in environment variables, not in source code. You need two sets of variables: one for client-side (browser) use and one for server-side use.

# .env.local # Client-side: used by AurisProvider in the browser bundle NEXT_PUBLIC_AURIS_DOMAIN=https://auth.yourdomain.com NEXT_PUBLIC_AURIS_CLIENT_ID=your_client_id_here # Server-side: used by aurisMiddleware() and getSession() — never exposed to the browser AURIS_DOMAIN=https://auth.yourdomain.com AURIS_CLIENT_ID=your_client_id_here # For server-side M2M clients only (never expose this in the browser) AURIS_CLIENT_SECRET=your_client_secret_here # For JWT verification without a network call (optional, recommended for performance) AURIS_JWKS_URL=https://auth.yourdomain.com/.well-known/jwks.json

Then use them in your provider setup:

<AurisProvider domain={process.env.NEXT_PUBLIC_AURIS_DOMAIN!} clientId={process.env.NEXT_PUBLIC_AURIS_CLIENT_ID!} redirectUri={`${process.env.NEXT_PUBLIC_APP_URL}/callback`} >

And in server-side code (middleware, getSession):

// middleware.ts — uses AURIS_DOMAIN / AURIS_CLIENT_ID (no NEXT_PUBLIC_ prefix) aurisMiddleware({ domain: process.env.AURIS_DOMAIN!, clientId: process.env.AURIS_CLIENT_ID!, ... }) // Server component — same server-side vars getSession({ domain: process.env.AURIS_DOMAIN!, clientId: process.env.AURIS_CLIENT_ID! })

Environment variables prefixed with NEXT_PUBLIC_ are embedded in the browser bundle and are public. Only the domain and clientId should be public. Never expose AURIS_CLIENT_SECRET with a NEXT_PUBLIC_ prefix. The unprefixed AURIS_DOMAIN and AURIS_CLIENT_ID are server-only and are never sent to the browser.


Next Steps

Now that you have a basic login flow working, explore the features most relevant to your application:

Authentication methods

Authorization

User management

SDKs and API