Global

Methods

authorize(options)

Redirects to the hosted login page (/authorize) in order to start a new authN/authZ transaction

Parameters:
Name Type Description
options Object
Properties
Name Type Attributes Description
domain String <optional>

your Auth0 domain

clientID String <optional>

your Auth0 client identifier obtained when creating the client in the Auth0 Dashboard

redirectUri String

url that the Auth0 will redirect after Auth with the Authorization Response

responseType String

type of the response used by OAuth 2.0 flow. It can be any space separated list of the values code, token, id_token. https://openid.net/specs/oauth-v2-multiple-response-types-1_0

responseMode String <optional>

how the Auth response is encoded and redirected back to the client. Supported values are query, fragment and form_post. https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes

state String <optional>

value used to mitigate XSRF attacks. https://auth0.com/docs/protocols/oauth2/oauth-state

nonce String <optional>

value used to mitigate replay attacks when using Implicit Grant. https://auth0.com/docs/api-auth/tutorials/nonce

scope String <optional>

scopes to be requested during Auth. e.g. openid email

audience String <optional>

identifier of the resource server who will consume the access token issued after Auth

Source:
See:

authorize(options, cb)

Shows inside a new window the hosted login page (/authorize) in order to start a new authN/authZ transaction and post its result using postMessage.

Parameters:
Name Type Description
options Object
Properties
Name Type Attributes Description
domain String <optional>

your Auth0 domain

clientID String <optional>

your Auth0 client identifier obtained when creating the client in the Auth0 Dashboard

redirectUri String

url that the Auth0 will redirect after Auth with the Authorization Response

responseType String

type of the response used by OAuth 2.0 flow. It can be any space separated list of the values code, token, id_token. https://openid.net/specs/oauth-v2-multiple-response-types-1_0

responseMode String <optional>

how the Auth response is encoded and redirected back to the client. Supported values are query, fragment and form_post. https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes

state String <optional>

value used to mitigate XSRF attacks. https://auth0.com/docs/protocols/oauth2/oauth-state

nonce String <optional>

value used to mitigate replay attacks when using Implicit Grant. https://auth0.com/docs/api-auth/tutorials/nonce

scope String <optional>

scopes to be requested during Auth. e.g. openid email

audience String <optional>

identifier of the resource server who will consume the access token issued after Auth

owp Boolean <optional>

determines if Auth0 should render the relay page or not and the caller is responsible of handling the response.

cb authorizeCallback
Source:
See:

buildAuthorizeUrl(options)

Builds and returns the /authorize url in order to initialize a new authN/authZ transaction

Parameters:
Name Type Description
options Object
Properties
Name Type Attributes Description
domain String <optional>

your Auth0 domain

clientID String <optional>

your Auth0 client identifier obtained when creating the client in the Auth0 Dashboard

redirectUri String

url that the Auth0 will redirect after Auth with the Authorization Response

responseType String

type of the response used by OAuth 2.0 flow. It can be any space separated list of the values code, token, id_token. https://openid.net/specs/oauth-v2-multiple-response-types-1_0

responseMode String <optional>

how the Auth response is encoded and redirected back to the client. Supported values are query, fragment and form_post. https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes

state String <optional>

value used to mitigate XSRF attacks. https://auth0.com/docs/protocols/oauth2/oauth-state

nonce String <optional>

value used to mitigate replay attacks when using Implicit Grant. https://auth0.com/docs/api-auth/tutorials/nonce

scope String <optional>

scopes to be requested during Auth. e.g. openid email

audience String <optional>

identifier of the resource server who will consume the access token issued after Auth

Source:
See:

buildLogoutUrl(options)

Builds and returns the Logout url in order to initialize a new authN/authZ transaction

If you want to navigate the user to a specific URL after the logout, set that URL at the returnTo parameter. The URL should be included in any the appropriate Allowed Logout URLs list:

  • If the client_id parameter is included, the returnTo URL must be listed in the Allowed Logout URLs set at the client level (see Setting Allowed Logout URLs at the App Level).
  • If the client_id parameter is NOT included, the returnTo URL must be listed in the Allowed Logout URLs set at the account level (see Setting Allowed Logout URLs at the Account Level).
Parameters:
Name Type Description
options Object
Properties
Name Type Attributes Description
clientID String <optional>

identifier of your client

returnTo String <optional>

URL to be redirected after the logout

federated Boolean <optional>

tells Auth0 if it should logout the user also from the IdP.

Source:
See:

callback(options)

Handles the popup logic for the callback page.

Parameters:
Name Type Description
options Object
Properties
Name Type Attributes Description
hash String

the url hash. If not provided it will extract from window.location.hash

state String <optional>

value originally sent in state parameter to authorize to mitigate XSRF

nonce String <optional>

value originally sent in nonce parameter to authorize to prevent replay attacks

_idTokenVerification String <optional>

makes parseHash perform or skip id_token verification. We strongly recommend validating the id_token yourself if you disable the verification.

Source:
See:

changePassword(options, cb)

Request an email with instruction to change a user's password

Parameters:
Name Type Description
options Object
Properties
Name Type Description
email String

address where the user will recieve the change password email. It should match the user's email in Auth0

connection String

name of the connection where the user was created

cb changePasswordCallback
Source:
See:

changePassword(options, cb)

Request an email with instruction to change a user's password

Parameters:
Name Type Description
options Object
Properties
Name Type Description
email String

address where the user will recieve the change password email. It should match the user's email in Auth0

connection String

name of the connection where the user was created

cb changePasswordCallback
Source:
See:

delegation(options, cb)

Makes a call to the /delegation endpoint with either an id_token or refresh_token

Parameters:
Name Type Description
options Object
Properties
Name Type Attributes Description
clientID String <optional>

client identifier

grantType String

grant type used for delegation. The only valid value is urn:ietf:params:oauth:grant-type:jwt-bearer

idToken String <optional>

valid token of the user issued after Auth. If no refresh_token is provided this parameter is required

refreshToken String <optional>

valid refresh token of the user issued after Auth. If no id_token is provided this parameter is required

target String <optional>

the target client id of the delegation

scope String <optional>

either openid or openid profile email

apiType String <optional>

the api to be called

cb delegationCallback
Source:
See:

getSSOData(withActiveDirectories, cb)

Makes a call to the /ssodata endpoint. We recommend to avoid using this method and rely on your tenant hosted login page and using prompt=none via renewAuth method.

Parameters:
Name Type Description
withActiveDirectories Boolean

tells Auth0 to return AD data

cb function
Source:

getUser(userId, cb)

Returns the user profile

Parameters:
Name Type Description
userId String

identifier of the user to retrieve

cb userCallback
Source:
See:

linkUser(userId, secondaryUserToken, cb)

Link two users

Parameters:
Name Type Description
userId String
secondaryUserToken String
cb userCallback
Source:
See:

login(options, cb)

Makes a call to the oauth/token endpoint with password-realm grant type

Parameters:
Name Type Description
options Object
Properties
Name Type Attributes Description
username String

email or username of the user that will perform Auth

password String

the password of the user that will perform Auth

scope String <optional>

scopes to be requested during Auth. e.g. openid email

audience String <optional>

identifier of the resource server who will consume the access token issued after Auth

realm Object

the HRD domain or the connection name where the user belongs to. e.g. Username-Password-Authentication

cb tokenCallback

function called with the result of the request

Source:
See:

loginWithCredentials(options, cb)

Performs authentication with username/email and password with a database connection inside a new window

This method is not compatible with API Auth so if you need to fetch API tokens with audience you should use authorize or login.

Parameters:
Name Type Description
options Object
Properties
Name Type Attributes Description
redirectUri String <optional>

url that the Auth0 will redirect after Auth with the Authorization Response

responseType String <optional>

type of the response used. It can be any of the values code and token

responseMode String <optional>

how the AuthN response is encoded and redirected back to the client. Supported values are query and fragment

scope String <optional>

scopes to be requested during AuthN. e.g. openid email

cb credentialsCallback
Source:

loginWithCredentials(options, cb)

Performs authentication with username/email and password with a database connection

This method is not compatible with API Auth so if you need to fetch API tokens with audience you should use authorize or login.

Parameters:
Name Type Description
options Object
Properties
Name Type Attributes Description
redirectUri String <optional>

url that the Auth0 will redirect after Auth with the Authorization Response

responseType String <optional>

type of the response used. It can be any of the values code and token

responseMode String <optional>

how the AuthN response is encoded and redirected back to the client. Supported values are query and fragment

scope String <optional>

scopes to be requested during AuthN. e.g. openid email

cb credentialsCallback
Source:

loginWithDefaultDirectory(options, cb)

Makes a call to the oauth/token endpoint with password grant type to login to the default directory.

Parameters:
Name Type Description
options Object
Properties
Name Type Attributes Description
username String

email or username of the user that will perform Auth

password String

the password of the user that will perform Auth

scope String <optional>

scopes to be requested during Auth. e.g. openid email

audience String <optional>

identifier of the resource server who will consume the access token issued after Auth

cb tokenCallback

function called with the result of the request

Source:
See:

loginWithResourceOwner(options, cb)

Performs authentication calling /oauth/ro endpoint with username and password for a given connection name.

This method is not compatible with API Auth so if you need to fetch API tokens with audience you should use login or loginWithDefaultDirectory.

Parameters:
Name Type Description
options Object
Properties
Name Type Attributes Description
username String

email or username of the user that will perform Auth

password String

the password of the user that will perform Auth

connection Object

the connection name where the user belongs to. e.g. Username-Password-Authentication

scope String <optional>

scopes to be requested during Auth. e.g. openid email

device String <optional>

name of the device/browser where the Auth was requested

cb tokenCallback

function called with the result of the request

Source:

logout(options)

Redirects to the auth0 logout endpoint

If you want to navigate the user to a specific URL after the logout, set that URL at the returnTo parameter. The URL should be included in any the appropriate Allowed Logout URLs list:

  • If the client_id parameter is included, the returnTo URL must be listed in the Allowed Logout URLs set at the client level (see Setting Allowed Logout URLs at the App Level).
  • If the client_id parameter is NOT included, the returnTo URL must be listed in the Allowed Logout URLs set at the account level (see Setting Allowed Logout URLs at the Account Level).
Parameters:
Name Type Description
options Object
Properties
Name Type Attributes Description
clientID String <optional>

identifier of your client

returnTo String <optional>

URL to be redirected after the logout

federated Boolean <optional>

tells Auth0 if it should logout the user also from the IdP.

Source:
See:

parseHash(options, cb)

Parse the url hash and extract the Auth response from a Auth flow started with authorize

Only validates id_tokens signed by Auth0 using the RS256 algorithm using the public key exposed by the /.well-known/jwks.json endpoint of your account. Tokens signed with other algorithms, e.g. HS256 will not be accepted.

Parameters:
Name Type Description
options Object
Properties
Name Type Attributes Description
hash String

the url hash. If not provided it will extract from window.location.hash

state String <optional>

value originally sent in state parameter to authorize to mitigate XSRF

nonce String <optional>

value originally sent in nonce parameter to authorize to prevent replay attacks

_idTokenVerification String <optional>

makes parseHash perform or skip id_token verification. We strongly recommend validating the id_token yourself if you disable the verification.

cb authorizeCallback
Source:

passwordlessStart(options, cb)

Starts a passwordless authentication transaction.

Parameters:
Name Type Description
options Object
Properties
Name Type Attributes Description
send String

what will be sent via email which could be link or code. For SMS code is the only one valud

phoneNumber String <optional>

phone number where to send the code. This parameter is mutually exclusive with email

email String <optional>

email where to send the code or link. This parameter is mutually exclusive with phoneNumber

connection String

name of the passwordless connection

authParams Object <optional>

additional Auth parameters when using link

cb function
Source:
See:

passwordlessVerify(options, cb)

Verifies the passwordless TOTP and redirects to finish the passwordless transaction

Parameters:
Name Type Description
options Object
Properties
Name Type Description
type String

sms or email

phoneNumber String

only if type = sms

email String

only if type = email

connection String

the connection name

verificationCode String

the TOTP code

cb function
Source:

passwordlessVerify(options, cb)

Verifies the passwordless TOTP and redirects to finish the passwordless transaction

Parameters:
Name Type Description
options Object
Properties
Name Type Description
type String

sms or email

phoneNumber String

only if type = sms

email String

only if type = email

connection String

the connection name

verificationCode String

the TOTP code

cb function
Source:

patchUserMetadata(userId, userMetadata, cb)

Updates the user metdata. It will patch the user metdata with the attributes sent.

Parameters:
Name Type Description
userId String
userMetadata Object
cb userCallback
Source:
See:

preload(options)

Initializes the popup window and returns the instance to be used later in order to avoid being blocked by the browser.

Parameters:
Name Type Description
options Object

receives the window height and width and any other window feature to be sent to window.open

Source:

renewAuth(options)

Executes a silent authentication transaction under the hood in order to fetch a new tokens for the current session. This method requires that all Auth is performed with authorize

Parameters:
Name Type Description
options Object
Properties
Name Type Attributes Description
domain String <optional>

your Auth0 domain

clientID String <optional>

your Auth0 client identifier obtained when creating the client in the Auth0 Dashboard

redirectUri String <optional>

url that the Auth0 will redirect after Auth with the Authorization Response

responseType String <optional>

type of the response used by OAuth 2.0 flow. It can be any space separated list of the values code, token, id_token. https://openid.net/specs/oauth-v2-multiple-response-types-1_0

responseMode String <optional>

how the Auth response is encoded and redirected back to the client. Supported values are query, fragment and form_post. https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes

state String <optional>

value used to mitigate XSRF attacks. https://auth0.com/docs/protocols/oauth2/oauth-state

nonce String <optional>

value used to mitigate replay attacks when using Implicit Grant. https://auth0.com/docs/api-auth/tutorials/nonce

scope String <optional>

scopes to be requested during Auth. e.g. openid email

audience String <optional>

identifier of the resource server who will consume the access token issued after Auth

Source:
See:

signup(options, cb)

Creates a new user in a Auth0 Database connection

Parameters:
Name Type Description
options Object
Properties
Name Type Description
email String

user email address

password String

user password

connection String

name of the connection where the user will be created

cb signUpCallback
Source:
See:

signup(options, cb)

Creates a new user in a Auth0 Database connection

Parameters:
Name Type Description
options Object
Properties
Name Type Description
email String

user email address

password String

user password

connection String

name of the connection where the user will be created

cb signUpCallback
Source:
See:

signupAndAuthorize(options, cb)

Signs up a new user, automatically logs the user in after the signup and returns the user token. The login will be done using /oauth/token with password-realm grant type.

Parameters:
Name Type Description
options Object
Properties
Name Type Description
email String

user email address

password String

user password

connection String

name of the connection where the user will be created

cb tokenCallback
Source:
See:

signupAndLogin(options, cb)

Signs up a new user and automatically logs the user in after the signup.

Parameters:
Name Type Description
options Object
Properties
Name Type Description
email String

user email address

password String

user password

connection String

name of the connection where the user will be created

cb credentialsCallback
Source:

signupAndLogin(options, cb)

Signs up a new user and automatically logs the user in after the signup.

This method is not compatible with API Auth so if you need to fetch API tokens with audience you should use authorize or signupAndAuthorize.

Parameters:
Name Type Description
options Object
Properties
Name Type Description
email String

user email address

password String

user password

connection String

name of the connection where the user will be created

cb credentialsCallback
Source:

userInfo(accessToken, cb)

Makes a call to the /userinfo endpoint and returns the user profile

Parameters:
Name Type Description
accessToken String

token issued to a user after Auth

cb userInfoCallback
Source:
See:

Type Definitions

authorizeCallback(erropt, resultopt)

Parameters:
Name Type Attributes Description
err Error <optional>

error returned by Auth0 with the reason of the Auth failure

result Object <optional>

result of the Auth request

Properties
Name Type Attributes Description
accessToken String <optional>

token that allows access to the specified resource server (identified by the audience parameter or by default Auth0's /userinfo endpoint)

expiresIn Number <optional>

number of seconds until the access token expires

idToken String <optional>

token that identifies the user

refreshToken String <optional>

token that can be used to get new access tokens from Auth0. Note that not all clients can request them or the resource server might not allow them.

Source:

changePasswordCallback(erropt)

Parameters:
Name Type Attributes Description
err Error <optional>

error returned by Auth0 with the reason why the request failed

Source:

credentialsCallback(erropt, resultopt)

Parameters:
Name Type Attributes Description
err Error <optional>

error returned by Auth0 with the reason of the Auth failure

result Object <optional>

result of the AuthN request

Properties
Name Type Attributes Description
accessToken String

token that can be used with userinfo

idToken String <optional>

token that identifies the user

refreshToken String <optional>

token that can be used to get new access tokens from Auth0. Note that not all clients can request them or the resource server might not allow them.

Source:

delegationCallback(erropt, resultopt)

Parameters:
Name Type Attributes Description
err Error <optional>

error returned by Auth0 with the reason why the delegation failed

result Object <optional>

result of the delegation request. The payload depends on what ai type was used

Source:

signUpCallback(erropt, resultopt)

Parameters:
Name Type Attributes Description
err Error <optional>

error returned by Auth0 with the reason why the signup failed

result Object <optional>

result of the signup request

Properties
Name Type Description
email Object

user's email

emailVerified Object

if the user's email was verified

Source:

tokenCallback(erropt, resultopt)

Parameters:
Name Type Attributes Description
err Error <optional>

error returned by Auth0 with the reason of the Auth failure

result Object <optional>

result of the Auth request

Properties
Name Type Attributes Description
accessToken String

token that allows access to the specified resource server (identified by the audience parameter or by default Auth0's /userinfo endpoint)

expiresIn Number

number of seconds until the access token expires

idToken String <optional>

token that identifies the user

refreshToken String <optional>

token that can be used to get new access tokens from Auth0. Note that not all clients can request them or the resource server might not allow them.

Source:

userCallback(erropt, resultopt)

Parameters:
Name Type Attributes Description
err Error <optional>

failure reason for the failed request to Management API

result Object <optional>

user profile

Source:

userInfoCallback(erropt, userInfoopt)

Parameters:
Name Type Attributes Description
err Error <optional>

error returned by Auth0

userInfo Object <optional>

user information

Source:

validateTokenCallback(erropt, payloadopt)

Parameters:
Name Type Attributes Description
err Error <optional>

error returned by while validating the token

payload Object <optional>

claims stored in the token

Source: