Class AuthService<TAppState>

constructor

• new AuthService<TAppState extends AppState = AppState>(
      auth0Client: Auth0Client,
      configFactory: AuthClientConfig,
      navigator: AbstractNavigator,
      authState: AuthState,
  ): AuthService<TAppState>

  Type Parameters

  • TAppState extends AppState = AppState

  Parameters

  • auth0Client: Auth0Client
  • configFactory: AuthClientConfig
  • navigator: AbstractNavigator
  • authState: AuthState

  Returns AuthService<TAppState>

ReadonlyappState$

Readonlyerror$

ReadonlyidTokenClaims$

ReadonlyisAuthenticated$

ReadonlyisLoading$

Readonlyuser$

createFetcher

• createFetcher<TOutput extends CustomFetchMinimalOutput = Response>(
      config?: FetcherConfig<TOutput>,
  ): Fetcher<TOutput>

  const fetcher = createFetcher(config);
  Copy

  Creates a custom fetcher instance that can be used to make authenticated HTTP requests. The fetcher automatically handles token refresh and can be configured with custom request/response handling.

  Type Parameters

  • TOutput extends CustomFetchMinimalOutput = Response

  Parameters

  • Optionalconfig: FetcherConfig<TOutput>

    Optional configuration for the fetcher

  Returns Fetcher<TOutput>

  A Fetcher instance configured with the Auth0 client.

generateDpopProof

• generateDpopProof(
      params: {
          accessToken: string;
          method: string;
          nonce?: string;
          url: string;
      },
  ): Observable<string>

  generateDpopProof(params).subscribe(proof => ...)
  Copy

  Generates a DPoP (Demonstrating Proof-of-Possession) proof JWT. This proof is used to bind access tokens to a specific client, providing an additional layer of security for token usage.

  Parameters

  • params: { accessToken: string; method: string; nonce?: string; url: string }

    Configuration for generating the DPoP proof

    • accessToken: string

      The access token to bind to the proof

    • method: string

      The HTTP method (e.g., 'GET', 'POST')

    • Optionalnonce?: string

      Optional DPoP nonce from the authorization server

    • url: string

      The URL of the resource server endpoint

  Returns Observable<string>

  An Observable that emits the generated DPoP proof as a JWT string.

getAccessTokenSilently

• getAccessTokenSilently(
      options: GetTokenSilentlyOptions & { detailedResponse: true },
  ): Observable<GetTokenSilentlyVerboseResponse>

  Fetches a new access token and returns the response from the /oauth/token endpoint, omitting the refresh token.

  Parameters

  • options: GetTokenSilentlyOptions & { detailedResponse: true }

    The options for configuring the token fetch.

  Returns Observable<GetTokenSilentlyVerboseResponse>

• getAccessTokenSilently(options?: GetTokenSilentlyOptions): Observable<string>

  Fetches a new access token and returns it.

  Parameters

  • Optionaloptions: GetTokenSilentlyOptions

    The options for configuring the token fetch.

  Returns Observable<string>

getAccessTokenWithPopup

• getAccessTokenWithPopup(
      options?: GetTokenWithPopupOptions,
  ): Observable<string | undefined>

  getTokenWithPopup(options).subscribe(token => ...)
  Copy

  Get an access token interactively.

  Opens a popup with the /authorize URL using the parameters provided as arguments. Random and secure state and nonce parameters will be auto-generated. If the response is successful, results will be valid according to their expiration times.

  Parameters

  • Optionaloptions: GetTokenWithPopupOptions

  Returns Observable<string | undefined>

getDpopNonce

• getDpopNonce(id?: string): Observable<string | undefined>

  getDpopNonce(id).subscribe(nonce => ...)
  Copy

  Gets the DPoP nonce for the specified domain or the default domain. The nonce is used in DPoP proof generation for token binding.

  Parameters

  • Optionalid: string

    Optional identifier for the domain. If not provided, uses the default domain.

  Returns Observable<string | undefined>

  An Observable that emits the DPoP nonce string or undefined if not available.

handleRedirectCallback

• handleRedirectCallback(
      url?: string,
  ): Observable<
      RedirectLoginResult<TAppState>
      | ConnectAccountRedirectResult<TAppState>,
  >

  handleRedirectCallback(url).subscribe(result => ...)
  Copy

  After the browser redirects back to the callback page, call handleRedirectCallback to handle success and error responses from Auth0. If the response is successful, results will be valid according to their expiration times.

  Calling this method also refreshes the authentication and user states.

  Parameters

  • Optionalurl: string

    The URL to that should be used to retrieve the state and code values. Defaults to window.location.href if not given.

  Returns Observable<
      RedirectLoginResult<TAppState>
      | ConnectAccountRedirectResult<TAppState>,
  >

loginWithPopup

• loginWithPopup(
      options?: PopupLoginOptions,
      config?: PopupConfigOptions,
  ): Observable<void>

  await loginWithPopup(options);
  Copy

  Opens a popup with the /authorize URL using the parameters provided as arguments. Random and secure state and nonce parameters will be auto-generated. If the response is successful, results will be valid according to their expiration times.

  IMPORTANT: This method has to be called from an event handler that was started by the user like a button click, for example, otherwise the popup will be blocked in most browsers.

  Parameters

  • Optionaloptions: PopupLoginOptions

    The login options

  • Optionalconfig: PopupConfigOptions

    Configuration for the popup window

  Returns Observable<void>

loginWithRedirect

• loginWithRedirect(options?: RedirectLoginOptions<TAppState>): Observable<void>

  loginWithRedirect(options);
  Copy

  Performs a redirect to /authorize using the parameters provided as arguments. Random and secure state and nonce parameters will be auto-generated.

  Parameters

  • Optionaloptions: RedirectLoginOptions<TAppState>

    The login options

  Returns Observable<void>

logout

• logout(options?: LogoutOptions): Observable<void>

  logout();
  Copy

  Clears the application session and performs a redirect to /v2/logout, using the parameters provided as arguments, to clear the Auth0 session. If the federated option is specified it also clears the Identity Provider session. If the openUrl option is set to false, it only clears the application session. It is invalid to set both the federated to true and openUrl to false, and an error will be thrown if you do. Read more about how Logout works at Auth0.

  Parameters

  • Optionaloptions: LogoutOptions

    The logout options

  Returns Observable<void>

ngOnDestroy

• ngOnDestroy(): void

  Called when the service is destroyed

  Returns void

setDpopNonce

• setDpopNonce(nonce: string, id?: string): Observable<void>

  setDpopNonce(nonce, id).subscribe(() => ...)
  Copy

  Sets the DPoP nonce for the specified domain or the default domain. This is typically used after receiving a new nonce from the authorization server.

  Parameters

  • nonce: string

    The DPoP nonce value to set.

  • Optionalid: string

    Optional identifier for the domain. If not provided, uses the default domain.

  Returns Observable<void>

  An Observable that completes when the nonce is set.