Skip to main content
Get up and running with Ave authentication in your application quickly using our SDK.

Install the SDK

npm install @ave-id/sdk

Integrate authentication

1

Initiate login

Use the client helper to redirect users to Ave’s login page with PKCE security.
import { startPkceLogin } from "@ave-id/sdk/client";

// When user clicks "Sign in with Ave"
await startPkceLogin({
  clientId: "YOUR_CLIENT_ID",
  redirectUri: "https://yourapp.com/callback",
  scope: "openid profile email"
});
This automatically:
  • Generates a secure PKCE code verifier
  • Creates the code challenge
  • Stores the verifier in sessionStorage
  • Redirects to Ave’s login page
2

Handle the callback

After authentication, Ave redirects back to your redirectUri with a code. Exchange it for tokens on your server.
import { exchangeCodeServer } from "@ave-id/sdk/server";

// In your callback route handler
const tokens = await exchangeCodeServer(
  {
    clientId: "YOUR_CLIENT_ID",
    clientSecret: process.env.AVE_CLIENT_SECRET,
    redirectUri: "https://yourapp.com/callback"
  },
  {
    code: codeFromQuery
  }
);

// tokens.access_token - Opaque token for API calls
// tokens.access_token_jwt - JWT token with user claims
// tokens.id_token - OpenID Connect ID token
// tokens.refresh_token - For refreshing expired tokens
3

Get user information

Use the access token to fetch user profile data.
import { fetchUserInfo } from "@ave-id/sdk";

const user = await fetchUserInfo(
  { clientId: "YOUR_CLIENT_ID" },
  tokens.access_token
);

console.log(user);
// {
//   sub: "identity_...",
//   preferred_username: "alice",
//   name: "Alice Smith",
//   email: "[email protected]",
//   picture: "https://..."
// }
4

Refresh tokens

When the access token expires, use the refresh token to get a new one.
import { refreshToken } from "@ave-id/sdk";

const newTokens = await refreshToken(
  {
    clientId: "YOUR_CLIENT_ID",
    redirectUri: "https://yourapp.com/callback"
  },
  {
    refreshToken: tokens.refresh_token
  }
);
Refresh tokens are single-use and automatically rotated for security. Each refresh returns a new refresh token.

Alternative: Use the embed SDK

For a more integrated experience, use @ave-id/embed to show Ave’s login UI directly in your app without redirects. 
import { mountAveEmbed } from "@ave-id/embed";

mountAveEmbed({
  container: document.getElementById("ave-container"),
  clientId: "YOUR_CLIENT_ID",
  redirectUri: "https://yourapp.com/callback",
  onSuccess: ({ redirectUrl }) => {
    window.location.href = redirectUrl;
  }
});

Next Steps

OAuth flow

Learn about the complete OAuth 2.0 flow

Client helpers

Explore browser-side SDK functions

Server helpers

Backend token exchange and validation

Embed components

Integrate Ave UI into your app

Build docs developers (and LLMs) love

Get started for freeTalk to us