@auth0/auth0-react
    Preparing search index...

    Interface Auth0ContextInterface<TUser>

    Contains the authenticated state and authentication methods provided by the useAuth0 hook.

    interface Auth0ContextInterface<TUser extends User = User> {
        connectAccountWithRedirect: (
            options: RedirectConnectAccountOptions,
        ) => Promise<void>;
        createFetcher: <TOutput extends CustomFetchMinimalOutput = Response>(
            config?: FetcherConfig<TOutput>,
        ) => Fetcher<TOutput>;
        error: Error | undefined;
        exchangeToken: (
            options: CustomTokenExchangeOptions,
        ) => Promise<TokenEndpointResponse>;
        generateDpopProof: (
            params: {
                accessToken: string;
                method: string;
                nonce?: string;
                url: string;
            },
        ) => Promise<string>;
        getAccessTokenSilently: {
            (
                options: GetTokenSilentlyOptions & { detailedResponse: true },
            ): Promise<GetTokenSilentlyVerboseResponse>;
            (options?: GetTokenSilentlyOptions): Promise<string>;
            (
                options: GetTokenSilentlyOptions,
            ): Promise<string | GetTokenSilentlyVerboseResponse>;
        };
        getAccessTokenWithPopup: (
            options?: GetTokenWithPopupOptions,
            config?: PopupConfigOptions,
        ) => Promise<string | undefined>;
        getConfiguration: () => Readonly<ClientConfiguration>;
        getDpopNonce: (id?: string) => Promise<string | undefined>;
        getIdTokenClaims: () => Promise<IdToken | undefined>;
        handleRedirectCallback: (
            url?: string,
        ) => Promise<ConnectAccountRedirectResult | RedirectLoginResult<any>>;
        isAuthenticated: boolean;
        isLoading: boolean;
        loginWithCustomTokenExchange: (
            options: CustomTokenExchangeOptions,
        ) => Promise<TokenEndpointResponse>;
        loginWithPopup: (
            options?: PopupLoginOptions,
            config?: PopupConfigOptions,
        ) => Promise<void>;
        loginWithRedirect: (
            options?: RedirectLoginOptions<AppState>,
        ) => Promise<void>;
        logout: (options?: LogoutOptions) => Promise<void>;
        setDpopNonce: (nonce: string, id?: string) => Promise<void>;
        user: TUser | undefined;
    }

    Type Parameters

    Hierarchy

    • AuthState<TUser>
      • Auth0ContextInterface
    Index

    Properties

    connectAccountWithRedirect createFetcher error exchangeToken generateDpopProof getAccessTokenSilently getAccessTokenWithPopup getConfiguration getDpopNonce getIdTokenClaims handleRedirectCallback isAuthenticated isLoading loginWithCustomTokenExchange loginWithPopup loginWithRedirect logout setDpopNonce user

    Properties

    connectAccountWithRedirect: (
        options: RedirectConnectAccountOptions,
    ) => Promise<void>
    await connectAccountWithRedirect({
      connection: 'google-oauth2',
      scopes: ['openid', 'profile', 'email', 'https://www.googleapis.com/auth/drive.readonly'],
      authorization_params: {
        // additional authorization params to forward to the authorization server
      }
    });

    Redirects to the /connect URL using the parameters provided as arguments. This then redirects to the connection's login page where the user can authenticate and authorize the account to be connected.

    If connecting the account is successful onRedirectCallback will be called with the details of the connected account.

    createFetcher: <TOutput extends CustomFetchMinimalOutput = Response>(
        config?: FetcherConfig<TOutput>,
    ) => Fetcher<TOutput>

    Returns a new Fetcher class that will contain a fetchWithAuth() method. This is a drop-in replacement for the Fetch API's fetch() method, but will handle certain authentication logic for you, like building the proper auth headers or managing DPoP nonces and retries automatically.

    Check the EXAMPLES.md file for a deeper look into this method.

    Type Declaration

      • <TOutput extends CustomFetchMinimalOutput = Response>(
            config?: FetcherConfig<TOutput>,
        ): Fetcher<TOutput>

      • Returns a new Fetcher class that will contain a fetchWithAuth() method. This is a drop-in replacement for the Fetch API's fetch() method, but will handle certain authentication logic for you, like building the proper auth headers or managing DPoP nonces and retries automatically.

        Check the EXAMPLES.md file for a deeper look into this method.

        Type Parameters

        • TOutput extends CustomFetchMinimalOutput = Response

        Parameters

        Returns Fetcher<TOutput>

    error: Error | undefined
    exchangeToken: (
        options: CustomTokenExchangeOptions,
    ) => Promise<TokenEndpointResponse>

    Type Declaration

    Use loginWithCustomTokenExchange() instead. This method will be removed in the next major version.

    const tokenResponse = await exchangeToken({
      subject_token: 'external_token_value',
      subject_token_type: 'urn:acme:legacy-system-token',
      scope: 'openid profile email'
    });

    Exchanges an external subject token for Auth0 tokens and logs the user in.

    This method implements the token exchange grant as specified in RFC 8693. It performs a token exchange by sending a request to the /oauth/token endpoint with the external token and returns Auth0 tokens (access token, ID token, etc.).

    Example:

    // Instead of:
    const tokens = await exchangeToken(options);

    // Use:
    const tokens = await loginWithCustomTokenExchange(options);
    generateDpopProof: (
        params: {
            accessToken: string;
            method: string;
            nonce?: string;
            url: string;
        },
    ) => Promise<string>

    Returns a string to be used to demonstrate possession of the private key used to cryptographically bind access tokens with DPoP.

    It requires enabling the Auth0ClientOptions.useDpop option.

    Type Declaration

      • (
            params: {
                accessToken: string;
                method: string;
                nonce?: string;
                url: string;
            },
        ): Promise<string>

      • Returns a string to be used to demonstrate possession of the private key used to cryptographically bind access tokens with DPoP.

        It requires enabling the Auth0ClientOptions.useDpop option.

        Parameters

        • params: { accessToken: string; method: string; nonce?: string; url: string }

        Returns Promise<string>

    getAccessTokenSilently: {
        (
            options: GetTokenSilentlyOptions & { detailedResponse: true },
        ): Promise<GetTokenSilentlyVerboseResponse>;
        (options?: GetTokenSilentlyOptions): Promise<string>;
        (
            options: GetTokenSilentlyOptions,
        ): Promise<string | GetTokenSilentlyVerboseResponse>;
    }
    const token = await getAccessTokenSilently(options);

    If there's a valid token stored, return it. Otherwise, opens an iframe with the /authorize URL using the parameters provided as arguments. Random and secure state and nonce parameters will be auto-generated. If the response is successful, results will be valid according to their expiration times.

    If refresh tokens are used, the token endpoint is called directly with the 'refresh_token' grant. If no refresh token is available to make this call, the SDK will only fall back to using an iframe to the '/authorize' URL if the useRefreshTokensFallback setting has been set to true. By default this setting is false.

    This method may use a web worker to perform the token call if the in-memory cache is used.

    If an audience value is given to this function, the SDK always falls back to using an iframe to make the token exchange.

    Note that in all cases, falling back to an iframe requires access to the auth0 cookie.

    getAccessTokenWithPopup: (
        options?: GetTokenWithPopupOptions,
        config?: PopupConfigOptions,
    ) => Promise<string | undefined>
    const token = await getTokenWithPopup(options, config);

    Get an access token interactively.

    Opens a popup with the /authorize URL using the parameters provided as arguments. Random and secure state and nonce parameters will be auto-generated. If the response is successful, results will be valid according to their expiration times.

    getConfiguration: () => Readonly<ClientConfiguration>
    const config = getConfiguration();
    // { domain: 'tenant.auth0.com', clientId: 'abc123' }

    Returns a readonly copy of the initialization configuration containing the domain and clientId.

    Type Declaration

      • (): Readonly<ClientConfiguration>

      • Returns a readonly copy of the initialization configuration.

        Returns Readonly<ClientConfiguration>

        An object containing domain and clientId

        const auth0 = new Auth0Client({
          domain: 'tenant.auth0.com',
          clientId: 'abc123'
        });

        const config = auth0.getConfiguration();
        // { domain: 'tenant.auth0.com', clientId: 'abc123' }
    getDpopNonce: (id?: string) => Promise<string | undefined>

    Returns the current DPoP nonce used for making requests to Auth0.

    It can return undefined because when starting fresh it will not be populated until after the first response from the server.

    It requires enabling the Auth0ClientOptions.useDpop option.

    Type Declaration

      • (id?: string): Promise<string | undefined>

      • Returns the current DPoP nonce used for making requests to Auth0.

        It can return undefined because when starting fresh it will not be populated until after the first response from the server.

        It requires enabling the Auth0ClientOptions.useDpop option.

        Parameters

        • Optionalid: string

          The identifier of a nonce: if absent, it will get the nonce used for requests to Auth0. Otherwise, it will be used to select a specific non-Auth0 nonce.

        Returns Promise<string | undefined>

    The nonce value.

    The identifier of a nonce: if absent, it will get the nonce used for requests to Auth0. Otherwise, it will be used to select a specific non-Auth0 nonce.

    getIdTokenClaims: () => Promise<IdToken | undefined>
    const claims = await getIdTokenClaims();

    Returns all claims from the id_token if available.

    handleRedirectCallback: (
        url?: string,
    ) => Promise<ConnectAccountRedirectResult | RedirectLoginResult<any>>

    After the browser redirects back to the callback page, call handleRedirectCallback to handle success and error responses from Auth0. If the response is successful, results will be valid according to their expiration times.

    Type Declaration

      • (url?: string): Promise<ConnectAccountRedirectResult | RedirectLoginResult<any>>

      • Parameters

        • Optionalurl: string

          The URL to that should be used to retrieve the state and code values. Defaults to window.location.href if not given.

        Returns Promise<ConnectAccountRedirectResult | RedirectLoginResult<any>>

    isAuthenticated: boolean
    isLoading: boolean
    loginWithCustomTokenExchange: (
        options: CustomTokenExchangeOptions,
    ) => Promise<TokenEndpointResponse>
    await loginWithCustomTokenExchange(options);

    Exchanges an external subject token for Auth0 tokens and logs the user in. This method implements the Custom Token Exchange grant as specified in RFC 8693.

    The exchanged tokens are automatically cached, establishing an authenticated session. After calling this method, you can use getUser(), getIdTokenClaims(), and getTokenSilently() to access the user's information and tokens.

    Type Declaration

      • (options: CustomTokenExchangeOptions): Promise<TokenEndpointResponse>

      • Parameters

        Returns Promise<TokenEndpointResponse>

        A promise that resolves to the token endpoint response, which contains the issued Auth0 tokens (access_token, id_token, etc.).

        The request includes the following parameters:

        • grant_type: "urn:ietf:params:oauth:grant-type:token-exchange"
        • subject_token: The external token to exchange
        • subject_token_type: The type identifier of the external token
        • scope: Merged scopes from the request and SDK defaults
        • audience: Target audience (defaults to SDK configuration)
        • organization: Optional organization ID/name for org-scoped authentication

        Example Usage:

        const options = {
          subject_token: 'eyJhbGciOiJIUzI1NiIsInR5cCI6Ikp...',
          subject_token_type: 'urn:acme:legacy-system-token',
          scope: 'openid profile email',
          audience: 'https://api.example.com',
          organization: 'org_12345'
        };

        try {
          const tokenResponse = await loginWithCustomTokenExchange(options);
          console.log('Access token:', tokenResponse.access_token);

          // User is now logged in - access user info
          const user = await getUser();
          console.log('Logged in user:', user);
        } catch (error) {
          console.error('Token exchange failed:', error);
        }
    loginWithPopup: (
        options?: PopupLoginOptions,
        config?: PopupConfigOptions,
    ) => Promise<void>
    await loginWithPopup(options, config);

    Opens a popup with the /authorize URL using the parameters provided as arguments. Random and secure state and nonce parameters will be auto-generated. If the response is successful, results will be valid according to their expiration times.

    IMPORTANT: This method has to be called from an event handler that was started by the user like a button click, for example, otherwise the popup will be blocked in most browsers.

    loginWithRedirect: (options?: RedirectLoginOptions<AppState>) => Promise<void>
    await loginWithRedirect(options);

    Performs a redirect to /authorize using the parameters provided as arguments. Random and secure state and nonce parameters will be auto-generated.

    logout: (options?: LogoutOptions) => Promise<void>
    auth0.logout({ logoutParams: { returnTo: window.location.origin } });

    Clears the application session and performs a redirect to /v2/logout, using the parameters provided as arguments, to clear the Auth0 session. If the logoutParams.federated option is specified, it also clears the Identity Provider session. Read more about how Logout works at Auth0.

    setDpopNonce: (nonce: string, id?: string) => Promise<void>

    Sets the current DPoP nonce used for making requests to Auth0.

    It requires enabling the Auth0ClientOptions.useDpop option.

    Type Declaration

      • (nonce: string, id?: string): Promise<void>

      • Sets the current DPoP nonce used for making requests to Auth0.

        It requires enabling the Auth0ClientOptions.useDpop option.

        Parameters

        • nonce: string

          The nonce value.

        • Optionalid: string

          The identifier of a nonce: if absent, it will set the nonce used for requests to Auth0. Otherwise, it will be used to select a specific non-Auth0 nonce.

        Returns Promise<void>

    The nonce value.

    The identifier of a nonce: if absent, it will set the nonce used for requests to Auth0. Otherwise, it will be used to select a specific non-Auth0 nonce.

    user: TUser | undefined

    Settings

    Member Visibility

    On This Page

    Properties