• Public
  • Public/Protected
  • All

Interface Auth0ProviderOptions

The main configuration to instantiate the Auth0Provider.


  • Auth0ProviderOptions


[key: string]: any

If you need to send custom parameters to the Authorization Server, make sure to use the original parameter name.



Optional advancedOptions

advancedOptions: { defaultScope?: string }

Changes to recommended defaults, like defaultScope

Type declaration

  • Optional defaultScope?: string

    The default scope to be included with all requests. If not provided, 'openid profile email' is used. This can be set to null in order to effectively remove the default scopes.

    Note: The openid scope is always applied regardless of this setting.

Optional audience

audience: string

The default audience to be used for requesting API access.

Optional authorizeTimeoutInSeconds

authorizeTimeoutInSeconds: number

A maximum number of seconds to wait before declaring background calls to /authorize as failed for timeout Defaults to 60s.

Optional cache

cache: ICache

Specify a custom cache implementation to use for token storage and retrieval. This setting takes precedence over cacheLocation if they are both specified.

Read more about creating a custom cache

Optional cacheLocation

cacheLocation: "memory" | "localstorage"

The location to use when storing cache data. Valid values are memory or localstorage. The default setting is memory.

Read more about changing storage options in the Auth0 docs

Optional children

children: ReactNode

The child nodes your Provider has wrapped


clientId: string

The Client ID found on your Application settings page


domain: string

Your Auth0 account domain such as 'example.auth0.com', 'example.eu.auth0.com' or , 'example.mycompany.com' (when using custom domains)

Optional invitation

invitation: string

The Id of an invitation to accept. This is available from the user invitation URL that is given when participating in a user invitation flow.

Optional issuer

issuer: string

The issuer to be used for validation of JWTs, optionally defaults to the domain above

Optional leeway

leeway: number

The value in seconds used to account for clock skew in JWT expirations. Typically, this value is no more than a minute or two at maximum. Defaults to 60s.

Optional maxAge

maxAge: string | number

Maximum allowable elapsed time (in seconds) since authentication. If the last time the user authenticated is greater than this value, the user must be reauthenticated.

Optional onRedirectCallback

onRedirectCallback: (appState: AppState) => void

By default this removes the code and state parameters from the url when you are redirected from the authorize page. It uses window.history but you might want to overwrite this if you are using a custom router, like react-router-dom See the EXAMPLES.md for more info.

Type declaration

Optional organization

organization: string

The Id of an organization to log in to.

This will specify an organization parameter in your user's login request and will add a step to validate the org_id claim in your user's ID Token.

Optional redirectUri

redirectUri: string

The default URL where Auth0 will redirect your browser to with the authentication result. It must be whitelisted in the "Allowed Callback URLs" field in your Auth0 Application's settings. If not provided here, it should be provided in the other methods that provide authentication.

Optional scope

scope: string

The default scope to be used on authentication requests. The defaultScope defined in the Auth0Client is included along with this scope

Optional skipRedirectCallback

skipRedirectCallback: boolean

By default, if the page url has code/state params, the SDK will treat them as Auth0's and attempt to exchange the code for a token. In some cases the code might be for something else (another OAuth SDK perhaps). In these instances you can instruct the client to ignore them eg

  skipRedirectCallback={window.location.pathname === '/stripe-oauth-callback'}

Optional useRefreshTokens

useRefreshTokens: boolean

If true, refresh tokens are used to fetch new access tokens from the Auth0 server. If false, the legacy technique of using a hidden iframe and the authorization_code grant with prompt=none is used. The default setting is false.

Note: Use of refresh tokens must be enabled by an administrator on your Auth0 client application.