Question - auth0-spa-js vs auth0-js

[andrewoh531]

What's the difference between auth0-spa-js and auth0-js?

I was integrating using auth0-js and recently looked at React samples to see that it was completely different from before and now uses auth0-spa-js instead of auth0-js.

Should I switch over to auth0-spa-js from auth0-js?

[stevehobbsdev]

Hi @andrewoh531,

So auth0-spa-js is a new SDK that has been written from the ground up to support logging in to single page applications. auth0-js does this as well but it also provides a couple of other interfaces seperate from web authentication. So you can think of auth0-spa-js as just being the web authentication part of auth0-js (but has also been rewritten).

The SDK and the new documentation were just released yesterday so I can understand it's a bit frustrating that it has changed right under your feet! However, the old documentation has been migrated to the sample repository so you can still check it out if you wish to continue integrating with auth0-js (look at the readme file for each sample for the tutorial).

There is no requirement per say to switch over. However, you'll reap a number of benefits if you do:

• The interface is far simpler and requires you to do less work
• It implements a more secure protocol
• The library is smaller, reducing your build time compared to auth0-js
• As you're using React, we have a really nice wrapper you can use, making integration even simpler again (this will be pulled out into an NPM package eventually)

Hopefully that's enough to convince you - please let me know if you have any questions!

[andrewoh531]

Thanks @stevehobbsdev! That's exactly the info I was looking for!

[zmallah]

I'm noticing there isn't currently an implementation to make a login call with a custom interface or even to use lock, is this integration planned at all or no longer being supported? It would be very helpful for my use case to include a basic login call as present in auth0-js.

[luisrudge]

@zmallah what do you mean by login call with a custom interface? You can still use lock inside your universal login page.

[zmallah]

@luisrudge it was previously possible for me to define my own interface then make a generic login call using auth0-js, where I could pass in my username and password. I do not see this functionality present in the new auth0-spa-js...

[luisrudge]

Perfect. That's what we call ‘Embedded Login’ (https://auth0.com/docs/guides/login/universal-vs-embedded). This SDK only supports Universal Login, which means it will always display your Universal Login Page. For embedded Login, you can still use Auth0.js and Lock.

[zmallah]

Thank you, is there any way at all that this SDK would consider supporting an Embedded Login down the road? The wrapper and hooks used here solve a lot of the headaches I was having with the traditional Auth0.js package...

[luisrudge]

Not at this time. We're thinking on creating smaller SDKs like this one, targeted at more specific use cases like embedded login, use of the management api and hybrid apps, but this is still in the planning phase.

[zmallah]

That sounds like an excellent plan moving forward.

One last question, do you think it would be possible to make login requests auth0-js, but then handling the redirect and session with the new sdk?

[luisrudge]

No, that won't work because both libraries manage their internal state differently.