UI Widget β
The @authhero/widget is a server-driven UI web component for authentication flows, built on StencilJS.
Overview β
The widget is a pure UI component that can be embedded in either:
- Hosted Login Pages - Server-rendered pages controlled by AuthHero
- Client Applications - Directly in your SPA or website
It uses a server-driven UI (SDUI) architecture where all authentication logic lives on the server. The widget simply renders what the server tells it to render and emits events for user interactions.
Key Features β
- π― Framework Agnostic - Works with React, Vue, Angular, or vanilla JS
- π Server-Driven - All logic lives on the server, no client-side auth code
- π¦ Web Component - Built with StencilJS for maximum compatibility
- π¨ Customizable - Full branding support (colors, logo, fonts)
- β‘ SSR Support - Can be server-side rendered and hydrated
- π Event-Based - Pure UI that emits events for auth library integration
- π Universal - Same widget works for all integration patterns
How It Works β
The widget tracks two key pieces of state:
state(required) - The login session identifier, always passed as a query string parameterformId(required) - The form to render (e.g.,login,signup,mfa)
The formId can be provided in two ways:
- Path-based:
/u/flow/login/screen?state=abc123 - Query-based:
/u/flow/screen?form=login&state=abc123
This dual-mode support allows the widget to work in both:
- Hosted pages where the form is known at page render time (path-based)
- SPAs where the form and screen are controlled dynamically (query-based)
Documentation β
- Getting Started - Installation and basic usage
- Client-Server Protocol - How the widget communicates with the server
- SSR & Hydration - Server-side rendering guide
- Props & Events - Widget properties and events reference
- Integration Patterns - Different ways to integrate the widget
- Customization - Branding, theming, and CSS styling
- API Reference - Screen configuration and components
Client-Server Communication β
The widget implements a custom Server-Driven UI (SDUI) protocol for authentication flows. This is not a StencilJS built-in featureβit's a custom implementation built on top of the web component framework.
When auto-submit="true" and auto-navigate="true" are set, the widget:
- POSTs form data as JSON to the screen's action URL
- Processes the server response (next screen or redirect)
- Updates the browser URL via
history.pushState()for seamless navigation
See the Client-Server Protocol documentation for full details on the request/response format and implementation.
Quick Example β
Request:
POST /u2/screen/identifier?state=abc123
Content-Type: application/json
{ "data": { "username": "user@example.com" } }Response:
{
"screen": { "name": "enter-password", "action": "/u2/screen/enter-password?state=abc123", ... },
"screenId": "enter-password",
"navigateUrl": "/u2/enter-password?state=abc123"
}The widget renders the new screen and updates the browser URL to /u2/enter-password?state=abc123 without a page reload.
Quick Start β
Installation β
npm install @authhero/widget
# or
pnpm add @authhero/widgetBasic Example β
<!DOCTYPE html>
<html>
<head>
<script type="module" src="/widget/authhero-widget.esm.js"></script>
</head>
<body>
<authhero-widget api-url="/u/flow/login/screen" auto-submit="true">
</authhero-widget>
<script>
const widget = document.querySelector("authhero-widget");
widget.addEventListener("flowComplete", (e) => {
if (e.detail.redirectUrl) {
window.location.href = e.detail.redirectUrl;
}
});
</script>
</body>
</html>Further Reading β
- Universal Login Flows - Complete flow documentation
- Auth0 Forms API - Forms API reference
- StencilJS Documentation - Web component framework