Skip to content
SpartanAuth SpartanAuth Docs

Quick Start

import { Steps } from ‘@astrojs/starlight/components’;

This guide walks through the minimal integration. By the end, your users will be able to log in through a SpartanAuth-powered widget and your backend will be able to verify their identity.

  1. Create a sector in the dashboard

    Log in to the SpartanAuth dashboard and create a new sector for your application. Give it a name and set your application’s domain as the allowed origin.

    Copy your Sector ID — you’ll need it in the next step.

  2. Add the login widget to your frontend

    Install the widgets package:

    Terminal window
    npm install @masonitestudios/spartanauth-widgets

    Import it once in your app’s entry point:

    import '@masonitestudios/spartanauth-widgets';

    Add the login widget wherever you want the login form:

    <spartan-login
      domain="https://api.spartanauth.com"
      sector="YOUR_SECTOR_ID"
      start-mode="password"
      redirect="/app">
    </spartan-login>

    Replace YOUR_SECTOR_ID with the ID you copied from the dashboard. When a user logs in successfully, they’ll be redirected to /app and a JWT will be stored in localStorage['spartan-token'].

  3. Verify tokens in your backend

    When your frontend makes an API call, it sends the JWT in the Authorization header:

    Authorization: Bearer <token>

    Your backend verifies it by calling the introspection endpoint:

    Terminal window
    curl -X POST https://api.spartanauth.com/api/v1/introspect \
      -H "Content-Type: application/json" \
      -d '{"token": "<jwt>"}'

    A valid token returns HTTP 200 with the user’s identity:

    {
      "sub": "3f2a8c1d-...",
      "username": "user@example.com",
      "sectorID": "a1b2c3d4-...",
      "isAdmin": false,
      "exp": "1717000000",
      "iat": "1716996400"
    }

    An invalid or expired token returns HTTP 401. See the Go backend example for a production-ready implementation.

What’s next?

Section titled “What’s next?”