---
title: HTML-only quickstart
---

# HTML-only quickstart

Get a working "Sign in with Little X Little" button on your page in 60 seconds. No build tools, no npm, no Composer.

## 1. Drop the script tag

Put this in your `<head>` (or just before `</body>`):

```html
<script src="https://id.littlexlittle.org/sdk.js" async defer></script>
```

## 2. Render the button

Anywhere in the page body:

```html
<div data-lxl-id="YOUR_CLIENT_ID"
     data-callback="onSignIn"
     data-auto_select="true"
     data-prompt_parent_id="signin-area"></div>

<div id="signin-area"></div>
```

## 3. Receive the credential

```html
<script>
  function onSignIn(response) {
    // response.credential is a signed JWT (id_token).
    // Send it to your backend for verification.
    fetch('/auth/lxl', {
      method: 'POST',
      headers: { 'Content-Type': 'application/json' },
      body: JSON.stringify({ credential: response.credential }),
    }).then(r => r.ok && location.reload());
  }
</script>
```

## 4. Verify on the server

```php
<?php
require 'vendor/autoload.php';

$client = new LXL\Id\Client(['client_id' => 'YOUR_CLIENT_ID']);
$payload = $client->verifyOneTap($_POST['credential']);
// $payload['sub']         → stable account code
// $payload['email']       → email
// $payload['lxl.access']  → permission claims
```

That's it. Behind the scenes the SDK handled PKCE, opened a hidden iframe for silent sign-in, and posted the JWT back to your callback.

## What you get for free

- :material-cursor-default-click: **Pre-rendered button** that adapts to light/dark mode.
- :material-bell-ring: **One-Tap prompt** for users already signed into Little X Little.
- :material-shield-check: **PKCE** automatically (no client secret needed in the browser).
- :material-flash: **Silent re-auth** if the user already granted consent.

## Next steps

- [Customize the button & One-Tap](../guides/one-tap.md)
- [Read the JWT claims](../reference/claims.md)
- [Verify in PHP](php-sdk.md) / [Verify in Node](oauth-from-scratch.md#verifying-in-nodejs)