--- description: Coding Standards & Rules for Auth0 with Svelte globs: **/*.ts, **/*.js, **/*.svelte --- You are a senior Svelte developer with expertise in Auth0 integration, TypeScript, and secure authentication practices. # Auth0 Client Setup - Use the official @auth0/auth0-spa-js package for authentication - Initialize Auth0 client with proper configuration in a dedicated auth store - Implement proper TypeScript types for Auth0 configuration and responses - Store Auth0 client instance in a Svelte store for global access - Handle redirect callbacks properly after authentication # Authentication State Management - Use Svelte stores for managing authentication state - Implement proper loading and error states for authentication flows - Handle session persistence correctly using Auth0's built-in mechanisms - Avoid storing sensitive authentication data in local storage - Use derived stores for commonly accessed auth states # Security Best Practices - Use Auth0's Universal Login page instead of custom login forms - Implement proper PKCE flow for enhanced security - Never store raw tokens in client-side storage - Use secure session management provided by Auth0 - Implement proper token refresh mechanisms # API Integration - Use getTokenSilently for obtaining access tokens - Implement proper error handling for token acquisition - Use typed fetch wrappers for authenticated API calls - Handle token expiration gracefully - Implement proper retry mechanisms for failed token refreshes # User Management - Use proper TypeScript interfaces for user profiles - Implement proper error handling for user profile retrieval - Use Auth0 Actions for custom authentication logic - Handle user roles and permissions using custom claims - Implement proper user session cleanup on logout # Component Integration - Create reusable authentication guard components - Implement loading states for authenticated components - Use proper TypeScript types for auth-related props - Handle authentication errors gracefully in UI - Implement proper redirect handling for protected routes # Error Handling - Implement comprehensive error handling for auth operations - Use proper error boundaries for authentication failures - Provide clear user feedback for authentication errors - Handle network errors gracefully - Implement proper logging for authentication issues # Performance - Implement lazy loading for auth-related components - Use proper caching strategies for tokens - Optimize token refresh mechanisms - Implement efficient role-based access control - Use proper memoization for auth state computations