Methods
authorize(options)
Redirects to the hosted login page (/authorize
) in order to start a new authN/authZ transaction
Parameters:
Name |
Type |
Description |
options |
Object
|
Properties
|
- Source:
- See:
-
authorize(options, cb)
Shows inside a new window the hosted login page (/authorize
) in order to start a new authN/authZ transaction and post its result using postMessage
.
Parameters:
Name |
Type |
Description |
options |
Object
|
Properties
Name |
Type |
Attributes |
Description |
domain |
String
|
<optional>
|
your Auth0 domain |
clientID |
String
|
<optional>
|
your Auth0 client identifier obtained when creating the client in the Auth0 Dashboard |
redirectUri |
String
|
|
url that the Auth0 will redirect after Auth with the Authorization Response |
responseType |
String
|
|
type of the response used by OAuth 2.0 flow. It can be any space separated list of the values code , token , id_token . https://openid.net/specs/oauth-v2-multiple-response-types-1_0 |
responseMode |
String
|
<optional>
|
how the Auth response is encoded and redirected back to the client. Supported values are query , fragment and form_post . https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes |
state |
String
|
<optional>
|
value used to mitigate XSRF attacks. https://auth0.com/docs/protocols/oauth2/oauth-state |
nonce |
String
|
<optional>
|
value used to mitigate replay attacks when using Implicit Grant. https://auth0.com/docs/api-auth/tutorials/nonce |
scope |
String
|
<optional>
|
scopes to be requested during Auth. e.g. openid email |
audience |
String
|
<optional>
|
identifier of the resource server who will consume the access token issued after Auth |
owp |
Boolean
|
<optional>
|
determines if Auth0 should render the relay page or not and the caller is responsible of handling the response. |
|
cb |
authorizeCallback
|
|
- Source:
- See:
-
buildAuthorizeUrl(options)
Builds and returns the /authorize
url in order to initialize a new authN/authZ transaction
Parameters:
Name |
Type |
Description |
options |
Object
|
Properties
|
- Source:
- See:
-
buildLogoutUrl(options)
Builds and returns the Logout url in order to initialize a new authN/authZ transaction
If you want to navigate the user to a specific URL after the logout, set that URL at the returnTo parameter. The URL should be included in any the appropriate Allowed Logout URLs list:
- If the client_id parameter is included, the returnTo URL must be listed in the Allowed Logout URLs set at the client level (see Setting Allowed Logout URLs at the App Level).
- If the client_id parameter is NOT included, the returnTo URL must be listed in the Allowed Logout URLs set at the account level (see Setting Allowed Logout URLs at the Account Level).
Parameters:
Name |
Type |
Description |
options |
Object
|
Properties
Name |
Type |
Attributes |
Description |
clientID |
String
|
<optional>
|
identifier of your client |
returnTo |
String
|
<optional>
|
URL to be redirected after the logout |
federated |
Boolean
|
<optional>
|
tells Auth0 if it should logout the user also from the IdP. |
|
- Source:
- See:
-
callback(options)
Handles the popup logic for the callback page.
Parameters:
Name |
Type |
Description |
options |
Object
|
Properties
Name |
Type |
Attributes |
Description |
hash |
String
|
|
the url hash. If not provided it will extract from window.location.hash |
state |
String
|
<optional>
|
value originally sent in state parameter to authorize to mitigate XSRF |
nonce |
String
|
<optional>
|
value originally sent in nonce parameter to authorize to prevent replay attacks |
_idTokenVerification |
String
|
<optional>
|
makes parseHash perform or skip id_token verification. We strongly recommend validating the id_token yourself if you disable the verification. |
|
- Source:
- See:
-
changePassword(options, cb)
Request an email with instruction to change a user's password
Parameters:
Name |
Type |
Description |
options |
Object
|
Properties
Name |
Type |
Description |
email |
String
|
address where the user will recieve the change password email. It should match the user's email in Auth0 |
connection |
String
|
name of the connection where the user was created |
|
cb |
changePasswordCallback
|
|
- Source:
- See:
-
changePassword(options, cb)
Request an email with instruction to change a user's password
Parameters:
Name |
Type |
Description |
options |
Object
|
Properties
Name |
Type |
Description |
email |
String
|
address where the user will recieve the change password email. It should match the user's email in Auth0 |
connection |
String
|
name of the connection where the user was created |
|
cb |
changePasswordCallback
|
|
- Source:
- See:
-
delegation(options, cb)
Makes a call to the /delegation
endpoint with either an id_token
or refresh_token
Parameters:
Name |
Type |
Description |
options |
Object
|
Properties
Name |
Type |
Attributes |
Description |
clientID |
String
|
<optional>
|
client identifier |
grantType |
String
|
|
grant type used for delegation. The only valid value is urn:ietf:params:oauth:grant-type:jwt-bearer |
idToken |
String
|
<optional>
|
valid token of the user issued after Auth. If no refresh_token is provided this parameter is required |
refreshToken |
String
|
<optional>
|
valid refresh token of the user issued after Auth. If no id_token is provided this parameter is required |
target |
String
|
<optional>
|
the target client id of the delegation |
scope |
String
|
<optional>
|
either openid or openid profile email |
apiType |
String
|
<optional>
|
the api to be called |
|
cb |
delegationCallback
|
|
- Source:
- See:
-
getSSOData(withActiveDirectories, cb)
Makes a call to the /ssodata
endpoint.
We recommend to avoid using this method and rely on your tenant hosted login page and using prompt=none via renewAuth
method.
Parameters:
Name |
Type |
Description |
withActiveDirectories |
Boolean
|
tells Auth0 to return AD data |
cb |
function
|
|
- Source:
getUser(userId, cb)
Parameters:
Name |
Type |
Description |
userId |
String
|
identifier of the user to retrieve |
cb |
userCallback
|
|
- Source:
- See:
-
linkUser(userId, secondaryUserToken, cb)
Parameters:
Name |
Type |
Description |
userId |
String
|
|
secondaryUserToken |
String
|
|
cb |
userCallback
|
|
- Source:
- See:
-
login(options, cb)
Makes a call to the oauth/token
endpoint with password-realm
grant type
Parameters:
Name |
Type |
Description |
options |
Object
|
Properties
Name |
Type |
Attributes |
Description |
username |
String
|
|
email or username of the user that will perform Auth |
password |
String
|
|
the password of the user that will perform Auth |
scope |
String
|
<optional>
|
scopes to be requested during Auth. e.g. openid email |
audience |
String
|
<optional>
|
identifier of the resource server who will consume the access token issued after Auth |
realm |
Object
|
|
the HRD domain or the connection name where the user belongs to. e.g. Username-Password-Authentication |
|
cb |
tokenCallback
|
function called with the result of the request |
- Source:
- See:
-
loginWithCredentials(options, cb)
Performs authentication with username/email and password with a database connection inside a new window
This method is not compatible with API Auth so if you need to fetch API tokens with audience
you should use authorize
or login
.
Parameters:
Name |
Type |
Description |
options |
Object
|
Properties
Name |
Type |
Attributes |
Description |
redirectUri |
String
|
<optional>
|
url that the Auth0 will redirect after Auth with the Authorization Response |
responseType |
String
|
<optional>
|
type of the response used. It can be any of the values code and token |
responseMode |
String
|
<optional>
|
how the AuthN response is encoded and redirected back to the client. Supported values are query and fragment |
scope |
String
|
<optional>
|
scopes to be requested during AuthN. e.g. openid email |
|
cb |
credentialsCallback
|
|
- Source:
loginWithCredentials(options, cb)
Performs authentication with username/email and password with a database connection
This method is not compatible with API Auth so if you need to fetch API tokens with audience
you should use authorize
or login
.
Parameters:
Name |
Type |
Description |
options |
Object
|
Properties
Name |
Type |
Attributes |
Description |
redirectUri |
String
|
<optional>
|
url that the Auth0 will redirect after Auth with the Authorization Response |
responseType |
String
|
<optional>
|
type of the response used. It can be any of the values code and token |
responseMode |
String
|
<optional>
|
how the AuthN response is encoded and redirected back to the client. Supported values are query and fragment |
scope |
String
|
<optional>
|
scopes to be requested during AuthN. e.g. openid email |
|
cb |
credentialsCallback
|
|
- Source:
loginWithDefaultDirectory(options, cb)
Makes a call to the oauth/token
endpoint with password
grant type to login to the default directory.
Parameters:
Name |
Type |
Description |
options |
Object
|
Properties
Name |
Type |
Attributes |
Description |
username |
String
|
|
email or username of the user that will perform Auth |
password |
String
|
|
the password of the user that will perform Auth |
scope |
String
|
<optional>
|
scopes to be requested during Auth. e.g. openid email |
audience |
String
|
<optional>
|
identifier of the resource server who will consume the access token issued after Auth |
|
cb |
tokenCallback
|
function called with the result of the request |
- Source:
- See:
-
loginWithResourceOwner(options, cb)
Performs authentication calling /oauth/ro
endpoint with username
and password for a given connection name.
This method is not compatible with API Auth so if you need to fetch API tokens with audience
you should use login
or loginWithDefaultDirectory
.
Parameters:
Name |
Type |
Description |
options |
Object
|
Properties
Name |
Type |
Attributes |
Description |
username |
String
|
|
email or username of the user that will perform Auth |
password |
String
|
|
the password of the user that will perform Auth |
connection |
Object
|
|
the connection name where the user belongs to. e.g. Username-Password-Authentication |
scope |
String
|
<optional>
|
scopes to be requested during Auth. e.g. openid email |
device |
String
|
<optional>
|
name of the device/browser where the Auth was requested |
|
cb |
tokenCallback
|
function called with the result of the request |
- Source:
logout(options)
Redirects to the auth0 logout endpoint
If you want to navigate the user to a specific URL after the logout, set that URL at the returnTo parameter. The URL should be included in any the appropriate Allowed Logout URLs list:
- If the client_id parameter is included, the returnTo URL must be listed in the Allowed Logout URLs set at the client level (see Setting Allowed Logout URLs at the App Level).
- If the client_id parameter is NOT included, the returnTo URL must be listed in the Allowed Logout URLs set at the account level (see Setting Allowed Logout URLs at the Account Level).
Parameters:
Name |
Type |
Description |
options |
Object
|
Properties
Name |
Type |
Attributes |
Description |
clientID |
String
|
<optional>
|
identifier of your client |
returnTo |
String
|
<optional>
|
URL to be redirected after the logout |
federated |
Boolean
|
<optional>
|
tells Auth0 if it should logout the user also from the IdP. |
|
- Source:
- See:
-
parseHash(options, cb)
Parse the url hash and extract the Auth response from a Auth flow started with authorize
Only validates id_tokens signed by Auth0 using the RS256 algorithm using the public key exposed
by the /.well-known/jwks.json
endpoint of your account.
Tokens signed with other algorithms, e.g. HS256 will not be accepted.
Parameters:
Name |
Type |
Description |
options |
Object
|
Properties
Name |
Type |
Attributes |
Description |
hash |
String
|
|
the url hash. If not provided it will extract from window.location.hash |
state |
String
|
<optional>
|
value originally sent in state parameter to authorize to mitigate XSRF |
nonce |
String
|
<optional>
|
value originally sent in nonce parameter to authorize to prevent replay attacks |
_idTokenVerification |
String
|
<optional>
|
makes parseHash perform or skip id_token verification. We strongly recommend validating the id_token yourself if you disable the verification. |
|
cb |
authorizeCallback
|
|
- Source:
passwordlessStart(options, cb)
Starts a passwordless authentication transaction.
Parameters:
Name |
Type |
Description |
options |
Object
|
Properties
Name |
Type |
Attributes |
Description |
send |
String
|
|
what will be sent via email which could be link or code . For SMS code is the only one valud |
phoneNumber |
String
|
<optional>
|
phone number where to send the code . This parameter is mutually exclusive with email |
email |
String
|
<optional>
|
email where to send the code or link . This parameter is mutually exclusive with phoneNumber |
connection |
String
|
|
name of the passwordless connection |
authParams |
Object
|
<optional>
|
additional Auth parameters when using link |
|
cb |
function
|
|
- Source:
- See:
-
passwordlessVerify(options, cb)
Verifies the passwordless TOTP and redirects to finish the passwordless transaction
Parameters:
Name |
Type |
Description |
options |
Object
|
Properties
Name |
Type |
Description |
type |
String
|
sms or email
|
phoneNumber |
String
|
only if type = sms |
email |
String
|
only if type = email |
connection |
String
|
the connection name |
verificationCode |
String
|
the TOTP code |
|
cb |
function
|
|
- Source:
passwordlessVerify(options, cb)
Verifies the passwordless TOTP and redirects to finish the passwordless transaction
Parameters:
Name |
Type |
Description |
options |
Object
|
Properties
Name |
Type |
Description |
type |
String
|
sms or email
|
phoneNumber |
String
|
only if type = sms |
email |
String
|
only if type = email |
connection |
String
|
the connection name |
verificationCode |
String
|
the TOTP code |
|
cb |
function
|
|
- Source:
Updates the user metdata. It will patch the user metdata with the attributes sent.
Parameters:
Name |
Type |
Description |
userId |
String
|
|
userMetadata |
Object
|
|
cb |
userCallback
|
|
- Source:
- See:
-
preload(options)
Initializes the popup window and returns the instance to be used later in order to avoid being blocked by the browser.
Parameters:
Name |
Type |
Description |
options |
Object
|
receives the window height and width and any other window feature to be sent to window.open |
- Source:
renewAuth(options)
Executes a silent authentication transaction under the hood in order to fetch a new tokens for the current session.
This method requires that all Auth is performed with authorize
Parameters:
Name |
Type |
Description |
options |
Object
|
Properties
|
- Source:
- See:
-
signup(options, cb)
Creates a new user in a Auth0 Database connection
Parameters:
Name |
Type |
Description |
options |
Object
|
Properties
Name |
Type |
Description |
email |
String
|
user email address |
password |
String
|
user password |
connection |
String
|
name of the connection where the user will be created |
|
cb |
signUpCallback
|
|
- Source:
- See:
-
signup(options, cb)
Creates a new user in a Auth0 Database connection
Parameters:
Name |
Type |
Description |
options |
Object
|
Properties
Name |
Type |
Description |
email |
String
|
user email address |
password |
String
|
user password |
connection |
String
|
name of the connection where the user will be created |
|
cb |
signUpCallback
|
|
- Source:
- See:
-
signupAndAuthorize(options, cb)
Signs up a new user, automatically logs the user in after the signup and returns the user token.
The login will be done using /oauth/token with password-realm grant type.
Parameters:
Name |
Type |
Description |
options |
Object
|
Properties
Name |
Type |
Description |
email |
String
|
user email address |
password |
String
|
user password |
connection |
String
|
name of the connection where the user will be created |
|
cb |
tokenCallback
|
|
- Source:
- See:
-
signupAndLogin(options, cb)
Signs up a new user and automatically logs the user in after the signup.
Parameters:
Name |
Type |
Description |
options |
Object
|
Properties
Name |
Type |
Description |
email |
String
|
user email address |
password |
String
|
user password |
connection |
String
|
name of the connection where the user will be created |
|
cb |
credentialsCallback
|
|
- Source:
signupAndLogin(options, cb)
Signs up a new user and automatically logs the user in after the signup.
This method is not compatible with API Auth so if you need to fetch API tokens with audience
you should use authorize
or signupAndAuthorize
.
Parameters:
Name |
Type |
Description |
options |
Object
|
Properties
Name |
Type |
Description |
email |
String
|
user email address |
password |
String
|
user password |
connection |
String
|
name of the connection where the user will be created |
|
cb |
credentialsCallback
|
|
- Source:
userInfo(accessToken, cb)
Makes a call to the /userinfo
endpoint and returns the user profile
Parameters:
Name |
Type |
Description |
accessToken |
String
|
token issued to a user after Auth |
cb |
userInfoCallback
|
|
- Source:
- See:
-
Type Definitions
authorizeCallback(erropt, resultopt)
Parameters:
Name |
Type |
Attributes |
Description |
err |
Error
|
<optional>
|
error returned by Auth0 with the reason of the Auth failure |
result |
Object
|
<optional>
|
result of the Auth request
Properties
Name |
Type |
Attributes |
Description |
accessToken |
String
|
<optional>
|
token that allows access to the specified resource server (identified by the audience parameter or by default Auth0's /userinfo endpoint) |
expiresIn |
Number
|
<optional>
|
number of seconds until the access token expires |
idToken |
String
|
<optional>
|
token that identifies the user |
refreshToken |
String
|
<optional>
|
token that can be used to get new access tokens from Auth0. Note that not all clients can request them or the resource server might not allow them. |
|
- Source:
changePasswordCallback(erropt)
Parameters:
Name |
Type |
Attributes |
Description |
err |
Error
|
<optional>
|
error returned by Auth0 with the reason why the request failed |
- Source:
credentialsCallback(erropt, resultopt)
Parameters:
Name |
Type |
Attributes |
Description |
err |
Error
|
<optional>
|
error returned by Auth0 with the reason of the Auth failure |
result |
Object
|
<optional>
|
result of the AuthN request
Properties
Name |
Type |
Attributes |
Description |
accessToken |
String
|
|
token that can be used with userinfo |
idToken |
String
|
<optional>
|
token that identifies the user |
refreshToken |
String
|
<optional>
|
token that can be used to get new access tokens from Auth0. Note that not all clients can request them or the resource server might not allow them. |
|
- Source:
delegationCallback(erropt, resultopt)
Parameters:
Name |
Type |
Attributes |
Description |
err |
Error
|
<optional>
|
error returned by Auth0 with the reason why the delegation failed |
result |
Object
|
<optional>
|
result of the delegation request. The payload depends on what ai type was used |
- Source:
signUpCallback(erropt, resultopt)
Parameters:
Name |
Type |
Attributes |
Description |
err |
Error
|
<optional>
|
error returned by Auth0 with the reason why the signup failed |
result |
Object
|
<optional>
|
result of the signup request
Properties
Name |
Type |
Description |
email |
Object
|
user's email |
emailVerified |
Object
|
if the user's email was verified |
|
- Source:
tokenCallback(erropt, resultopt)
Parameters:
Name |
Type |
Attributes |
Description |
err |
Error
|
<optional>
|
error returned by Auth0 with the reason of the Auth failure |
result |
Object
|
<optional>
|
result of the Auth request
Properties
Name |
Type |
Attributes |
Description |
accessToken |
String
|
|
token that allows access to the specified resource server (identified by the audience parameter or by default Auth0's /userinfo endpoint) |
expiresIn |
Number
|
|
number of seconds until the access token expires |
idToken |
String
|
<optional>
|
token that identifies the user |
refreshToken |
String
|
<optional>
|
token that can be used to get new access tokens from Auth0. Note that not all clients can request them or the resource server might not allow them. |
|
- Source:
userCallback(erropt, resultopt)
Parameters:
Name |
Type |
Attributes |
Description |
err |
Error
|
<optional>
|
failure reason for the failed request to Management API |
result |
Object
|
<optional>
|
user profile |
- Source:
userInfoCallback(erropt, userInfoopt)
Parameters:
Name |
Type |
Attributes |
Description |
err |
Error
|
<optional>
|
error returned by Auth0 |
userInfo |
Object
|
<optional>
|
user information |
- Source:
validateTokenCallback(erropt, payloadopt)
Parameters:
Name |
Type |
Attributes |
Description |
err |
Error
|
<optional>
|
error returned by while validating the token |
payload |
Object
|
<optional>
|
claims stored in the token |
- Source: