One command
Add Auth0 to any Ashlr Stack project with a single command. Stack runs the auth flow, verifies the credential, and writes every secret slot into Phantom.
stack add auth0
Or describe what you're building and let Claude pick it up via stack recommend:
stack recommend "drop-in user auth for my app"Auth flow
Paste a long-lived API key once. Stack verifies it against the provider's API before writing to Phantom.
How-to: Create a Machine-to-Machine application in Auth0 → Applications and note the domain, client ID, and client secret.
Secret slots
stack add auth0 writes these 3 secret
slots into your Phantom vault:
AUTH0_DOMAINAUTH0_CLIENT_IDAUTH0_CLIENT_SECRET
The values never leave Phantom in plaintext. Your .env file references slot
names, and stack exec -- <cmd> swaps them in at process-spawn time via
Phantom's local proxy.
Related providers in Auth
- WorkOS — Enterprise SSO + Directory Sync. API key verified via GET /organizations.
- Clerk — Drop-in auth + users. Secret key stored in Phantom.
v1 notes
Browser SDK: @auth0/auth0-spa-js. Server SDK: auth0 (bundled).
FAQ
Do I need a Auth0 account to use it with Stack?
Yes — Stack provisions Auth0 on your behalf, but it authenticates as you. Paste a long-lived API key once. Stack verifies it against the provider's API before writing to Phantom. If you don't have a credential yet, create one at https://manage.auth0.com and paste it once.
Where does Stack store my Auth0 credentials?
In Phantom Secrets, an E2E-encrypted local vault. Stack writes the secret slot names (AUTH0_DOMAIN, AUTH0_CLIENT_ID, AUTH0_CLIENT_SECRET) into .stack.toml — the actual values live only in Phantom and never touch disk in plaintext.
Can I rotate or revoke this integration later?
Yes. Run `stack remove auth0` to pull the Auth0 service back out (Phantom secrets deleted, MCP entry removed, .stack.toml cleaned up). Rotate the underlying Auth0 credentials in their dashboard — https://manage.auth0.com — and Stack's next `doctor --fix` will pick up the new values.