await auth0.checkSession();
-
+Auth0 SDK for Single Page Applications using Authorization Code Grant Flow with PKCE.
+await auth0.checkSession();
+
Check if the user is logged in using getTokenSilently
. The difference
with getTokenSilently
is that this doesn't return a token, but it will
pre-fill the token cache.
Optional
options: GetTokenSilentlyOptionsconst claims = await auth0.getIdTokenClaims();
-
+Optional
options: GetTokenSilentlyOptionsFetches a new access token and returns the response from the /oauth/token endpoint, omitting the refresh token.
-Fetches a new access token and returns it.
-Optional
options: GetTokenSilentlyOptionsconst token = await auth0.getTokenWithPopup(options);
-
+Fetches a new access token and returns the response from the /oauth/token endpoint, omitting the refresh token.
+Fetches a new access token and returns it.
+Optional
options: GetTokenSilentlyOptionsconst token = await auth0.getTokenWithPopup(options);
+
Opens a popup with the /authorize
URL using the parameters
provided as arguments. Random and secure state
and nonce
parameters will be auto-generated. If the response is successful,
results will be valid according to their expiration times.
const user = await auth0.getUser();
-
+After the browser redirects back to the callback page, +
TUser The type to return, has to extend User.
+After the browser redirects back to the callback page,
call handleRedirectCallback
to handle success and error
responses from Auth0. If the response is successful, results
will be valid according to their expiration times.
const isAuthenticated = await auth0.isAuthenticated();
-
+try {
await auth0.loginWithPopup(options);
} catch(e) {
if (e instanceof PopupCancelledError) {
// Popup was closed before login completed
}
}
-
+try {
await auth0.loginWithPopup(options);
} catch(e) {
if (e instanceof PopupCancelledError) {
// Popup was closed before login completed
}
}
+
Opens a popup with the /authorize
URL using the parameters
provided as arguments. Random and secure state
and nonce
parameters will be auto-generated. If the response is successful,
@@ -224,94 +59,15 @@
Optional
options: PopupLoginOptionsOptional
config: PopupConfigOptionsawait auth0.loginWithRedirect(options);
-
+Optional
options: PopupLoginOptionsOptional
config: PopupConfigOptionsawait auth0.loginWithRedirect(options);
+
Performs a redirect to /authorize
using the parameters
provided as arguments. Random and secure state
and nonce
parameters will be auto-generated.
await auth0.logout(options);
-
+await auth0.logout(options);
+
Clears the application session and performs a redirect to /v2/logout
, using
the parameters provided as arguments, to clear the Auth0 session.
If the federated
option is specified it also clears the Identity Provider session.
Read more about how Logout works at Auth0.
Thrown when handling the redirect callback fails, will be one of Auth0's +
Thrown when handling the redirect callback fails, will be one of Auth0's Authentication API's Standard Error Responses: https://auth0.com/docs/api/authentication?javascript#standard-error-responses
-Static
fromStatic
fromOptional
suffix: stringOptional
audienceOptional
scopeOptional
suffixStatic
fromUtility function to build a CacheKey
instance from a cache entry
An instance of CacheKey
The entry
-Static
fromOptional
suffix: stringOptional
audienceOptional
scopeOptional
suffixStatic
fromUtility function to build a CacheKey
instance from a cache entry
The entry
+An instance of CacheKey
Static
fromThrown when network requests to the Auth server fail.
-Static
fromThrown when network requests to the Auth server fail.
+Static
fromError thrown when the token exchange results in a mfa_required
error
Static
fromError thrown when the token exchange results in a mfa_required
error
Static
fromError thrown when there is no refresh token to use
-Static
fromError thrown when there is no refresh token to use
+Static
fromThrown when network requests to the Auth server fail.
-Static
fromThrown when network requests to the Auth server fail.
+Static
fromError thrown when the login popup times out (if the user does not complete auth)
-Static
fromError thrown when the login popup times out (if the user does not complete auth)
+Static
fromThrown when silent auth times out (usually due to a configuration issue) or +
Thrown when silent auth times out (usually due to a configuration issue) or when network requests to the Auth server timeout.
-Static
fromStatic
fromOptional
addressOptional
birthdateOptional
emailOptional
email_Optional
family_Optional
genderOptional
given_Optional
localeOptional
middle_Optional
nameOptional
nicknameOptional
phone_Optional
phone_Optional
pictureOptional
preferred_Optional
profileOptional
subOptional
updated_Optional
websiteOptional
zoneinfoOptional
addressOptional
birthdateOptional
emailOptional
email_Optional
family_Optional
genderOptional
given_Optional
localeOptional
middle_Optional
nameOptional
nicknameOptional
phone_Optional
phone_Optional
pictureOptional
preferred_Optional
profileOptional
subOptional
updated_Optional
websiteOptional
zoneinfoAsynchronously creates the Auth0Client instance and calls checkSession
.
Asynchronously creates the Auth0Client instance and calls checkSession
.
Note: There are caveats to using this in a private browser tab, which may not silently authenticae a user on page refresh. Please see the checkSession docs for more info.
- -An instance of Auth0Client
-The client options
-The client options
+An instance of Auth0Client
+📚 Documentation - 🚀 Getting Started - 💻 API Reference - 💬 Feedback
- - -📚 Documentation - 🚀 Getting Started - 💻 API Reference - 💬 Feedback
+Using npm in your project directory run the following command:
-npm install @auth0/auth0-spa-js
-
+Using npm in your project directory run the following command:
+npm install @auth0/auth0-spa-js
+
From the CDN:
-<script src="https://cdn.auth0.com/js/auth0-spa-js/2.1/auth0-spa-js.production.js"></script>
-
-
-
- Create a Single Page Application in the Auth0 Dashboard.
+<script src="https://cdn.auth0.com/js/auth0-spa-js/2.1/auth0-spa-js.production.js"></script>
+
+Create a Single Page Application in the Auth0 Dashboard.
If you're using an existing application, verify that you have configured the following settings in your Single Page Application:
@@ -68,28 +38,16 @@
Configure Auth0
These URLs should reflect the origins that your application is running on. Allowed Callback URLs may also include a path, depending on where you're handling the callback (see below).
Take note of the Client ID and Domain values under the "Basic Information" section. You'll need these values in the next step.
- - -Create an Auth0Client
instance before rendering or initializing your application. You should only have one instance of the client.
import { createAuth0Client } from '@auth0/auth0-spa-js';
//with async/await
const auth0 = await createAuth0Client({
domain: '<AUTH0_DOMAIN>',
clientId: '<AUTH0_CLIENT_ID>',
authorizationParams: {
redirect_uri: '<MY_CALLBACK_URL>'
}
});
//or, you can just instantiate the client on its own
import { Auth0Client } from '@auth0/auth0-spa-js';
const auth0 = new Auth0Client({
domain: '<AUTH0_DOMAIN>',
clientId: '<AUTH0_CLIENT_ID>',
authorizationParams: {
redirect_uri: '<MY_CALLBACK_URL>'
}
});
//if you do this, you'll need to check the session yourself
try {
await auth0.getTokenSilently();
} catch (error) {
if (error.error !== 'login_required') {
throw error;
}
}
-
-
-
- You can then use login using the Auth0Client
instance you created:
<button id="login">Click to Login</button>
-
-//redirect to the Universal Login Page
document.getElementById('login').addEventListener('click', async () => {
await auth0.loginWithRedirect();
});
//in your callback route (<MY_CALLBACK_URL>)
window.addEventListener('load', async () => {
const redirectResult = await auth0.handleRedirectCallback();
//logged in. you can get the user profile like this:
const user = await auth0.getUser();
console.log(user);
});
-
+Create an Auth0Client
instance before rendering or initializing your application. You should only have one instance of the client.
import { createAuth0Client } from '@auth0/auth0-spa-js';
//with async/await
const auth0 = await createAuth0Client({
domain: '<AUTH0_DOMAIN>',
clientId: '<AUTH0_CLIENT_ID>',
authorizationParams: {
redirect_uri: '<MY_CALLBACK_URL>'
}
});
//or, you can just instantiate the client on its own
import { Auth0Client } from '@auth0/auth0-spa-js';
const auth0 = new Auth0Client({
domain: '<AUTH0_DOMAIN>',
clientId: '<AUTH0_CLIENT_ID>',
authorizationParams: {
redirect_uri: '<MY_CALLBACK_URL>'
}
});
//if you do this, you'll need to check the session yourself
try {
await auth0.getTokenSilently();
} catch (error) {
if (error.error !== 'login_required') {
throw error;
}
}
+
+You can then use login using the Auth0Client
instance you created:
<button id="login">Click to Login</button>
+
+//redirect to the Universal Login Page
document.getElementById('login').addEventListener('click', async () => {
await auth0.loginWithRedirect();
});
//in your callback route (<MY_CALLBACK_URL>)
window.addEventListener('load', async () => {
const redirectResult = await auth0.handleRedirectCallback();
//logged in. you can get the user profile like this:
const user = await auth0.getUser();
console.log(user);
});
+
For other comprehensive examples, see the EXAMPLES.md document.
- - -Explore API Methods available in auth0-spa-js.
+Explore API Methods available in auth0-spa-js.
We appreciate feedback and contribution to this repo! Before you get started, please see the following:
+We appreciate feedback and contribution to this repo! Before you get started, please see the following:
To provide feedback or report a bug, please raise an issue on our issue tracker.
- - -Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.
- - -To provide feedback or report a bug, please raise an issue on our issue tracker.
+Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.
+
This project is licensed under the MIT license. See the LICENSE file for more info. -
Optional
Internal
auth0Internal property to send information about the client to the authorization server.
-Optional
env?: { Optional
authorizationURL parameters that will be sent back to the Authorization Server. This can be known parameters +
Optional
Internal
auth0Internal property to send information about the client to the authorization server.
+Optional
env?: { Optional
authorizationURL parameters that will be sent back to the Authorization Server. This can be known parameters defined by Auth0 or custom parameters that you define.
-Optional
authorizeA maximum number of seconds to wait before declaring background calls to /authorize as failed for timeout +
Optional
authorizeA maximum number of seconds to wait before declaring background calls to /authorize as failed for timeout Defaults to 60s.
-Optional
cacheSpecify a custom cache implementation to use for token storage and retrieval. This setting takes precedence over cacheLocation
if they are both specified.
Optional
cacheThe location to use when storing cache data. Valid values are memory
or localstorage
.
+
Optional
cacheSpecify a custom cache implementation to use for token storage and retrieval. This setting takes precedence over cacheLocation
if they are both specified.
Optional
cacheThe location to use when storing cache data. Valid values are memory
or localstorage
.
The default setting is memory
.
Read more about changing storage options in the Auth0 docs
-The Client ID found on your Application settings page
-Optional
cookieThe domain the cookie is accessible from. If not set, the cookie is scoped to +
The Client ID found on your Application settings page
+Optional
cookieThe domain the cookie is accessible from. If not set, the cookie is scoped to the current domain, including the subdomain.
Note: setting this incorrectly may cause silent authentication to stop working on page load.
To keep a user logged in across multiple subdomains set this to your
top-level domain and prefixed with a .
(eg: .example.com
).
Your Auth0 account domain such as 'example.auth0.com'
,
+
Your Auth0 account domain such as 'example.auth0.com'
,
'example.eu.auth0.com'
or , 'example.mycompany.com'
(when using custom domains)
Optional
httpSpecify the timeout for HTTP calls using fetch
. The default is 10 seconds.
Optional
issuerThe issuer to be used for validation of JWTs, optionally defaults to the domain above
-Optional
leewayThe value in seconds used to account for clock skew in JWT expirations. +
Optional
httpSpecify the timeout for HTTP calls using fetch
. The default is 10 seconds.
Optional
issuerThe issuer to be used for validation of JWTs, optionally defaults to the domain above
+Optional
leewayThe value in seconds used to account for clock skew in JWT expirations. Typically, this value is no more than a minute or two at maximum. Defaults to 60s.
-Optional
legacySets an additional cookie with no SameSite attribute to support legacy browsers +
Optional
legacySets an additional cookie with no SameSite attribute to support legacy browsers that are not compatible with the latest SameSite changes. This will log a warning on modern browsers, you can disable the warning by setting this to false but be aware that some older useragents will not work, See https://www.chromium.org/updates/same-site/incompatible-clients Defaults to true
-Optional
nowModify the value used as the current time during the token validation.
+Optional
nowModify the value used as the current time during the token validation.
Note: Using this improperly can potentially compromise the token validation.
-Optional
sessionNumber of days until the cookie auth0.is.authenticated
will expire
+
Optional
sessionNumber of days until the cookie auth0.is.authenticated
will expire
Defaults to 1.
Optional
useIf true
, the SDK will use a cookie when storing information about the auth transaction while
+
Optional
useIf true
, the SDK will use a cookie when storing information about the auth transaction while
the user is going through the authentication flow on the authorization server.
The default is false
, in which case the SDK will use session storage.
You might want to enable this if you rely on your users being able to authenticate using flows that +
You might want to enable this if you rely on your users being able to authenticate using flows that may end up spanning across multiple tabs (e.g. magic links) or you cannot otherwise rely on session storage being available.
-Optional
useIf true, data to the token endpoint is transmitted as x-www-form-urlencoded data, if false it will be transmitted as JSON. The default setting is true
.
Optional
useIf true, data to the token endpoint is transmitted as x-www-form-urlencoded data, if false it will be transmitted as JSON. The default setting is true
.
Note: Setting this to false
may affect you if you use Auth0 Rules and are sending custom, non-primitive data. If you disable this,
please verify that your Auth0 Rules continue to work as intended.
Optional
useIf true, refresh tokens are used to fetch new access tokens from the Auth0 server. If false, the legacy technique of using a hidden iframe and the authorization_code
grant with prompt=none
is used.
+
Optional
useIf true, refresh tokens are used to fetch new access tokens from the Auth0 server. If false, the legacy technique of using a hidden iframe and the authorization_code
grant with prompt=none
is used.
The default setting is false
.
Note: Use of refresh tokens must be enabled by an administrator on your Auth0 client application.
-Optional
useIf true, fallback to the technique of using a hidden iframe and the authorization_code
grant with prompt=none
when unable to use refresh tokens. If false, the iframe fallback is not used and
+
Optional
useIf true, fallback to the technique of using a hidden iframe and the authorization_code
grant with prompt=none
when unable to use refresh tokens. If false, the iframe fallback is not used and
errors relating to a failed refresh_token
grant should be handled appropriately. The default setting is false
.
Note: There might be situations where doing silent auth with a Web Message response from an iframe is not possible,
like when you're serving your application from the file system or a custom protocol (like in a Desktop or Native app).
In situations like this you can disable the iframe fallback and handle the failed refresh_token
grant and prompt the user to login interactively with loginWithRedirect
or loginWithPopup
."
E.g. Using the file:
protocol in an Electron application does not support that legacy technique.
let token: string;
try {
token = await auth0.getTokenSilently();
} catch (e) {
if (e.error === 'missing_refresh_token' || e.error === 'invalid_grant') {
auth0.loginWithRedirect();
}
}
-
-let token: string;
try {
token = await auth0.getTokenSilently();
} catch (e) {
if (e.error === 'missing_refresh_token' || e.error === 'invalid_grant') {
auth0.loginWithRedirect();
}
}
+
+Optional
workerIf provided, the SDK will load the token worker from this URL instead of the integrated blob
. An example of when this is useful is if you have strict
+Content-Security-Policy (CSP) and wish to avoid needing to set worker-src: blob:
. We recommend either serving the worker, which you can find in the module
+at <module_path>/dist/auth0-spa-js.worker.production.js
, from the same host as your application or using the Auth0 CDN
+https://cdn.auth0.com/js/auth0-spa-js/<version>/auth0-spa-js.worker.production.js
.
Note: The worker is only used when useRefreshTokens: true
, cacheLocation: 'memory'
, and the cache
is not custom.
Optional
acr_Optional
audienceThe default audience to be used for requesting API access.
-Optional
connectionThe name of the connection configured for your application. +
If you need to send custom parameters to the Authorization Server, +make sure to use the original parameter name.
+Optional
acr_Optional
audienceThe default audience to be used for requesting API access.
+Optional
connectionThe name of the connection configured for your application. If null, it will redirect to the Auth0 Login Page and show the Login Widget.
-Optional
displayOptional
display'page'
: displays the UI with a full page view'popup'
: displays the UI with a popup window'touch'
: displays the UI in a way that leverages a touch interface'wap'
: displays the UI with a "feature phone" type interfaceOptional
id_Previously issued ID Token.
-Optional
invitationThe Id of an invitation to accept. This is available from the user invitation URL that is given when participating in a user invitation flow.
-Optional
login_The user's email address or other identifier. When your app knows +
Optional
id_Previously issued ID Token.
+Optional
invitationThe Id of an invitation to accept. This is available from the user invitation URL that is given when participating in a user invitation flow.
+Optional
login_The user's email address or other identifier. When your app knows which user is trying to authenticate, you can provide this parameter to pre-fill the email box or select the right session for sign-in.
This currently only affects the classic Lock experience.
-Optional
max_Maximum allowable elapsed time (in seconds) since authentication. +
Optional
max_Maximum allowable elapsed time (in seconds) since authentication. If the last time the user authenticated is greater than this value, the user must be reauthenticated.
-Optional
organizationThe organization to log in to.
+Optional
organizationThe organization to log in to.
This will specify an organization
parameter in your user's login request.
org_
), it will be validated against the org_id
claim of your user's ID Token. The validation is case-sensitive.org_
), it will be validated against the org_name
claim of your user's ID Token. The validation is case-insensitive.Optional
promptOptional
prompt'none'
: do not prompt user for login or consent on reauthentication'login'
: prompt user for reauthentication'consent'
: prompt user for consent before processing request'select_account'
: prompt user to select an accountOptional
redirect_The default URL where Auth0 will redirect your browser to with +
Optional
redirect_The default URL where Auth0 will redirect your browser to with the authentication result. It must be whitelisted in the "Allowed Callback URLs" field in your Auth0 Application's settings. If not provided here, it should be provided in the other methods that provide authentication.
-Optional
scopeThe default scope to be used on authentication requests.
+Optional
scopeThe default scope to be used on authentication requests.
This defaults to profile email
if not set. If you are setting extra scopes and require
profile
and email
to be included then you must include them in the provided scope.
Note: The openid
scope is always applied regardless of this setting.
Optional
screen_Provides a hint to Auth0 as to what flow should be displayed. +
Optional
screen_Provides a hint to Auth0 as to what flow should be displayed. The default behavior is to show a login page but you can override this by passing 'signup' to show the signup page instead.
This only affects the New Universal Login Experience.
-Optional
ui_The space-separated list of language tags, ordered by preference. +
Optional
ui_The space-separated list of language tags, ordered by preference.
For example: 'fr-CA fr en'
.
Optional
authorizationParameters that will be sent back to Auth0 as part of a request.
-Optional
audience?: stringThe audience that was used in the authentication request
-Optional
redirect_There's no actual redirect when getting a token silently, +
Optional
authorizationParameters that will be sent back to Auth0 as part of a request.
+If you need to send custom parameters to the Authorization Server, +make sure to use the original parameter name.
+Optional
audience?: stringThe audience that was used in the authentication request
+Optional
redirect_There's no actual redirect when getting a token silently,
but, according to the spec, a redirect_uri
param is required.
Auth0 uses this parameter to validate that the current origin
matches the redirect_uri
origin
when sending the response.
It must be whitelisted in the "Allowed Web Origins" in your
Auth0 Application's settings.
Optional
scope?: stringThe scope that was used in the authentication request
-Optional
cacheWhen off
, ignores the cache and always sends a
+
Optional
scope?: stringThe scope that was used in the authentication request
+Optional
cacheWhen off
, ignores the cache and always sends a
request to Auth0.
When cache-only
, only reads from the cache and never sends a request to Auth0.
Defaults to on
, where it both reads from the cache and sends a request to Auth0 as needed.
Optional
detailedIf true, the full response from the /oauth/token endpoint (or the cache, if the cache was used) is returned +
Optional
detailedIf true, the full response from the /oauth/token endpoint (or the cache, if the cache was used) is returned
(minus refresh_token
if one was issued). Otherwise, just the access token is returned.
The default is false
.
Optional
timeoutA maximum number of seconds to wait before declaring the background /authorize call as failed for timeout +
Optional
timeoutA maximum number of seconds to wait before declaring the background /authorize call as failed for timeout Defaults to 60s.
-Optional
authorizationURL parameters that will be sent back to the Authorization Server. This can be known parameters +
Optional
authorizationURL parameters that will be sent back to the Authorization Server. This can be known parameters defined by Auth0 or custom parameters that you define.
-Optional
cacheWhen off
, ignores the cache and always sends a request to Auth0.
+
Optional
cacheWhen off
, ignores the cache and always sends a request to Auth0.
When cache-only
, only reads from the cache and never sends a request to Auth0.
Defaults to on
, where it both reads from the cache and sends a request to Auth0 as needed.
Optional
allOptional
allOptional
acrOptional
addressOptional
amrOptional
at_Optional
audOptional
auth_Optional
azpOptional
birthdateOptional
c_Optional
cnfOptional
emailOptional
email_Optional
expOptional
family_Optional
genderOptional
given_Optional
iatOptional
issOptional
jtiOptional
localeOptional
middle_Optional
nameOptional
nbfOptional
nicknameOptional
nonceOptional
org_Optional
org_Optional
phone_Optional
phone_Optional
pictureOptional
preferred_Optional
profileOptional
sidOptional
sub_Optional
updated_Optional
websiteOptional
zoneinfoOptional
acrOptional
addressOptional
amrOptional
at_Optional
audOptional
auth_Optional
azpOptional
birthdateOptional
c_Optional
cnfOptional
emailOptional
email_Optional
expOptional
family_Optional
genderOptional
given_Optional
iatOptional
issOptional
jtiOptional
localeOptional
middle_Optional
nameOptional
nbfOptional
nicknameOptional
nonceOptional
org_Optional
org_Optional
phone_Optional
phone_Optional
pictureOptional
preferred_Optional
profileOptional
sidOptional
sub_Optional
updated_Optional
websiteOptional
zoneinfoOptional
clientThe clientId
of your application.
Optional
clientThe clientId
of your application.
If this property is not set, then the clientId
that was used during initialization of the SDK is sent to the logout endpoint.
If this property is set to null
, then no client ID value is sent to the logout endpoint.
Optional
logoutParameters to pass to the logout endpoint. This can be known parameters defined by Auth0 or custom parameters +
Optional
logoutParameters to pass to the logout endpoint. This can be known parameters defined by Auth0 or custom parameters you wish to provide.
-Optional
federated?: booleanWhen supported by the upstream identity provider, +
If you need to send custom parameters to the logout endpoint, make sure to use the original parameter name.
+Optional
federated?: booleanWhen supported by the upstream identity provider, forces the user to logout of their identity provider and from Auth0. Read more about how federated logout works at Auth0
-Optional
returnThe URL where Auth0 will redirect your browser to after the logout.
+Optional
returnThe URL where Auth0 will redirect your browser to after the logout.
Note: If the client_id
parameter is included, the
returnTo
URL that is provided must be listed in the
Application's "Allowed Logout URLs" in the Auth0 dashboard.
@@ -76,75 +21,14 @@
Optional
returnOptional
onUsed to control the redirect and not rely on the SDK to do the actual redirect.
- -await auth0.logout({
async onRedirect(url) {
window.location.replace(url);
}
});
-
-
-since v2.0.1, use openUrl
instead.
Optional
openUsed to control the redirect and not rely on the SDK to do the actual redirect.
+Optional
onUsed to control the redirect and not rely on the SDK to do the actual redirect.
+await auth0.logout({
async onRedirect(url) {
window.location.replace(url);
}
});
+
+since v2.0.1, use openUrl
instead.
Optional
openUsed to control the redirect and not rely on the SDK to do the actual redirect.
Set to false
to disable the redirect, or provide a function to handle the actual redirect yourself.
await auth0.logout({
openUrl(url) {
window.location.replace(url);
}
});
-
-
-import { Browser } from '@capacitor/browser';
await auth0.logout({
async openUrl(url) {
await Browser.open({ url });
}
});
-
-await auth0.logout({
openUrl(url) {
window.location.replace(url);
}
});
+
+import { Browser } from '@capacitor/browser';
await auth0.logout({
async openUrl(url) {
await Browser.open({ url });
}
});
+
+Optional
clientThe clientId
of your application.
Optional
clientThe clientId
of your application.
If this property is not set, then the clientId
that was used during initialization of the SDK is sent to the logout endpoint.
If this property is set to null
, then no client ID value is sent to the logout endpoint.
Optional
logoutParameters to pass to the logout endpoint. This can be known parameters defined by Auth0 or custom parameters +
Optional
logoutParameters to pass to the logout endpoint. This can be known parameters defined by Auth0 or custom parameters you wish to provide.
-Optional
federated?: booleanWhen supported by the upstream identity provider, +
If you need to send custom parameters to the logout endpoint, make sure to use the original parameter name.
+Optional
federated?: booleanWhen supported by the upstream identity provider, forces the user to logout of their identity provider and from Auth0. Read more about how federated logout works at Auth0
-Optional
returnThe URL where Auth0 will redirect your browser to after the logout.
+Optional
returnThe URL where Auth0 will redirect your browser to after the logout.
Note: If the client_id
parameter is included, the
returnTo
URL that is provided must be listed in the
Application's "Allowed Logout URLs" in the Auth0 dashboard.
@@ -73,33 +19,4 @@
Optional
returnOptional
popupAccepts an already-created popup window to use. If not specified, the SDK +
Optional
popupAccepts an already-created popup window to use. If not specified, the SDK will create its own. This may be useful for platforms like iOS that have security restrictions around when popups can be invoked (e.g. from a user click event)
-Optional
timeoutThe number of seconds to wait for a popup response before +
Optional
timeoutThe number of seconds to wait for a popup response before throwing a timeout error. Defaults to 60s
-Optional
authorizationURL parameters that will be sent back to the Authorization Server. This can be known parameters +
Optional
appUsed to store state before doing the redirect
-Optional
authorizationURL parameters that will be sent back to the Authorization Server. This can be known parameters +
Optional
appUsed to store state before doing the redirect
+Optional
authorizationURL parameters that will be sent back to the Authorization Server. This can be known parameters defined by Auth0 or custom parameters that you define.
-Optional
fragmentUsed to add to the URL fragment before redirecting
-Optional
onUsed to control the redirect and not rely on the SDK to do the actual redirect.
- -const client = new Auth0Client({
async onRedirect(url) {
window.location.replace(url);
}
});
-
-
-since v2.0.1, use openUrl
instead.
Optional
openUsed to control the redirect and not rely on the SDK to do the actual redirect.
- -const client = new Auth0Client({
openUrl(url) {
window.location.replace(url);
}
});
-
-
-import { Browser } from '@capacitor/browser';
const client = new Auth0Client({
async openUrl(url) {
await Browser.open({ url });
}
});
-
-Optional
fragmentUsed to add to the URL fragment before redirecting
+Optional
onUsed to control the redirect and not rely on the SDK to do the actual redirect.
+const client = new Auth0Client({
async onRedirect(url) {
window.location.replace(url);
}
});
+
+since v2.0.1, use openUrl
instead.
Optional
openUsed to control the redirect and not rely on the SDK to do the actual redirect.
+const client = new Auth0Client({
openUrl(url) {
window.location.replace(url);
}
});
+
+import { Browser } from '@capacitor/browser';
const client = new Auth0Client({
async openUrl(url) {
await Browser.open({ url });
}
});
+
+Optional
decodedOptional
id_Optional
oauthOptional
refresh_Optional
decodedOptional
id_Optional
oauthOptional
refresh_Optional
audience?: stringOptional
scope?: stringOptional
audience?: stringOptional
scope?: stringThe possible locations where tokens can be stored
-The possible locations where tokens can be stored
+Optional
refresh_Optional
scope?: stringOptional
refresh_Optional
scope?: string
Auth0 SDK for Single Page Applications using Authorization Code Grant Flow with PKCE.
-