AuthenticationClient

auth. AuthenticationClient

Authentication API SDK.

This client must used to access Auth0's Authentication API.

Constructor

new AuthenticationClient(options)

Source:
Parameters:
Name Type Description
options Object

Options for the Authentication Client SDK.

Name Type Attributes Description
domain String

AuthenticationClient server domain.

clientId String <optional>

Default client ID.

clientSecret String <optional>

Default client Secret.

supportedAlgorithms String <optional>

Algorithms that your application expects to receive

__bypassIdTokenValidation Boolean <optional>

Whether the id_token should be validated or not

Example

The AuthenticationClient constructor takes an optional client ID, if specified it will be used as default value for all endpoints that accept a client ID.

var AuthenticationClient = require('auth0').AuthenticationClient;
var auth0 = new AuthenticationClient({
  domain: '{YOUR_ACCOUNT}.auth0.com',
  clientId: '{OPTIONAL_CLIENT_ID}'
});

Members

database :DatabaseAuthenticator

Database authenticator.

Source:
Type:
  • DatabaseAuthenticator

oauth :OAuthAuthenticator

OAuth authenticator.

Source:
Type:
  • OAuthAuthenticator

passwordless :PasswordlessAuthenticator

Passwordless authenticator.

Source:
Type:
  • PasswordlessAuthenticator

tokens :TokensManager

Tokens manager.

Source:
Type:
  • TokensManager

users :UsersManager

Users manager.

Source:
Type:
  • UsersManager

Methods

changePassword(data) → {Promise|undefined}

Change password using a database or active directory service.

Source:
Parameters:
Name Type Description
data Object

User data object.

Name Type Description
email String

User email.

password String

User password.

connection String

Identity provider for the user.

Returns:
Type:
Promise | undefined
Example

Given the user email, the connection specified and the new password to use, Auth0 will send a forgot password email. Once the user clicks on the confirm password change link, the new password specified in this POST will be set to this user. Find more information in the API Docs.

var data = {
  email: '{EMAIL}',
  password: '{PASSWORD}',
  connection: 'Username-Password-Authentication'
};

auth0.changePassword(data, function (err, message) {
  if (err) {
    // Handle error.
  }

  console.log(message);
});

clientCredentialsGrant(options) → {Promise|undefined}

Gets an access token using the client credentials grant flow.

Source:
Parameters:
Name Type Description
options Object
Name Type Attributes Description
scope String <optional>

scopes to request to be added to the returned access token

audience String <optional>

audience or identifier of the API where the access token will be used, e.g. Auth0 Management API

Returns:
Type:
Promise | undefined
Example

Gets an access token using the client credentials grant flow. Find more information in the API Docs.

auth0.clientCredentialsGrant({
  audience: 'https://tenant.auth0.com/api/v2/',
  scope: 'read:users update:users'
}, function (err, response) {
  if (err) {
    // Handle error.
  }

  console.log(response);
});

getDelegationToken(data) → {Promise|undefined}

Exchange the token of the logged in user with a token that is valid to call the API (signed with the API secret).

Source:
Parameters:
Name Type Description
data Object

Token data object.

Name Type Description
id_token String

The user ID token.

api_type String

The API type (aws, firebase, etc).

target String

The target client ID.

grant_type String

The grant type.

Returns:
Type:
Promise | undefined
Example

Given an existing token, this endpoint will generate a new token signed with the target client secret. This is used to flow the identity of the user from the application to an API or across different APIs that are protected with different secrets. Find more information in the API Docs.

var data = {
  id_token: '{ID_TOKEN}',
  api_type: 'app',
  target: '{TARGET}',
  grant_type: 'urn:ietf:params:oauth:grant-type:jwt-bearer'
};

auth0.getDelegationToken(data, function (err, token) {
  if (err) {
    // Handle error.
  }

  console.log(token);
});

getProfile(accessToken) → {Promise|undefined}

Given an access token get the user profile linked to it.

Source:
Parameters:
Name Type Description
accessToken String

The user access token.

Returns:
Type:
Promise | undefined
Example

Get the user information based on the Auth0 access token (obtained during login). Find more information in the API Docs.

auth0.getProfile(data, function (err, userInfo) {
  if (err) {
    // Handle error.
  }

  console.log(userInfo);
});

passwordGrant(userData) → {Promise|undefined}

Sign in using a username and password

Source:
Parameters:
Name Type Description
userData Object

User credentials object.

Name Type Attributes Description
username String

Username.

password String

User password.

realm String <optional>

Name of the realm to use to authenticate or the connection name

Returns:
Type:
Promise | undefined
Example

Given the user's credentials perform the OAuth password grant or Password Realm grant if a realm is provided, it will return a JSON with the access_token and id_token. More information in the API Docs .

var data = {
  client_id: '{CLIENT_ID}',  // Optional field.
  username: '{USERNAME}',
  password: '{PASSWORD}'
  realm: '{CONNECTION_NAME}', // Optional field.
  scope: 'openid'  // Optional field.
};

auth0.oauth.token(data, function (err, userData) {
  if (err) {
    // Handle error.
  }

  console.log(userData);
});

refreshToken(userData) → {Promise|undefined}

Sign in using a refresh token

Source:
Parameters:
Name Type Description
userData Object

User credentials object.

Name Type Description
refresh_token String

Refresh token.

Returns:
Type:
Promise | undefined
Example

Given a refresh token from a previous authentication request, it will return a JSON with the access_token and id_token. More information in the API Docs .

var data = {
  client_id: '{CLIENT_ID}', // Optional field.
  refresh_token: '{REFRESH_TOKEN}',
};

auth0.refreshToken(data, function (err, userData) {
  if (err) {
    // Handle error.
  }

  console.log(userData);
});

requestChangePasswordEmail(data) → {Promise|undefined}

Request a change password email using a database or active directory service.

Source:
Parameters:
Name Type Description
data Object

User data object.

Name Type Description
email String

User email.

connection String

Identity provider for the user.

Returns:
Type:
Promise | undefined
Example

Given the user email, the connection specified, Auth0 will send a change password email. once the user clicks on the confirm password change link, the new password specified in this POST will be set to this user. Find more information in the var data = { email: '{EMAIL}', connection: 'Username-Password-Authentication' }; auth0.requestChangePasswordEmail(data, function (err, message) { if (err) { // Handle error. } console.log(message); });

requestEmailCode(data) → {Promise|undefined}

Start passwordless flow sending an email.

Source:
Parameters:
Name Type Description
data Object

User data object.

Name Type Attributes Description
email String

User email address.

authParams Object <optional>

Authentication parameters.

Returns:
Type:
Promise | undefined
Example

Given the user `email` address, it will send an email with a verification code. You can then authenticate with this user using the `/oauth/ro` endpoint using the email as username and the code as password. Find more information in the API Docs

var data = {
  email: '{EMAIL}',
  authParams: {} // Optional auth params.
};

auth0.requestEmailCode(data, function (err) {
  if (err) {
    // Handle error.
  }
};

Start passwordless flow sending an email.

Source:
Parameters:
Name Type Description
data Object

User data object.

Name Type Attributes Description
email String

User email address.

authParams Object <optional>

Authentication parameters.

Returns:
Type:
Promise | undefined
Example

Given the user `email` address, it will send an email with a link. You can then authenticate with this user opening the link and he will be automatically logged in to the application. Optionally, you can append/override parameters to the link (like `scope`, `redirect_uri`, `protocol`, `response_type`, etc.) using `authParams` object. Find more information in the API Docs

var data = {
  email: '{EMAIL}',
  authParams: {} // Optional auth params.
};

auth0.requestMagicLink(data, function (err) {
  if (err) {
    // Handle error.
  }
};

requestSMSCode(data) → {Promise|undefined}

Start passwordless flow sending an SMS.

Source:
Parameters:
Name Type Description
data Object

User data object.

Name Type Description
phone_number String

The user phone number.

Returns:
Type:
Promise | undefined
Example

Given the user `phone_number`, it will send a SMS message with a verification code. You can then authenticate with this user using the `/oauth/ro` endpoint specifying `phone_number` as `username` and `code` as `password`:

var data = {
  phone_number: '{PHONE}'
};

auth0.requestSMSCode(data, function (err) {
  if (err) {
    // Handle error.
  }

});

verifySMSCode(data) → {Promise|undefined}

Sign in with the given user credentials.

Source:
Parameters:
Name Type Description
data Object

Credentials object.

Name Type Description
username String

Phone number.

password String

Verification code.

target String

Target client ID.

grant_type String

Grant type.

Returns:
Type:
Promise | undefined
Examples

Given the user credentials (`phone_number` and `code`), it will do the authentication on the provider and return a JSON with the `access_token` and `id_token`.

var data = {
  username: '{PHONE_NUMBER}',
  password: '{VERIFICATION_CODE}'
};

auth0.verifySMSCode(data, function (err) {
  if (err) {
    // Handle error.
  }
});

The user data object has the following structure.

{
  id_token: String,
  access_token: String,
  token_type: String
}