await auth0.checkSession();
Check if the user is logged in using getTokenSilently. The difference
with getTokenSilently is that this doesn't return a token, but it will
pre-fill the token cache.
This method also heeds the auth0.{clientId}.is.authenticated cookie, as an optimization
to prevent calling Auth0 unnecessarily. If the cookie is not present because
there was no previous login (or it has expired) then tokens will not be refreshed.
It should be used for silently logging in the user when you instantiate the
Auth0Client constructor. You should not need this if you are using the
createAuth0Client factory.
Note: the cookie may not be present if running an app using a private tab, as some
browsers clear JS cookie data and local storage when the tab or page is closed, or on page reload. This effectively
means that checkSession could silently return without authenticating the user on page refresh when
using a private tab, despite having previously logged in. As a workaround, use getTokenSilently instead
and handle the possible login_required error as shown in the readme.
Optional options: GetTokenSilentlyOptionsExchanges an external subject token for an Auth0 token via a token exchange request.
The options required to perform the token exchange.
A promise that resolves to the token endpoint response, which contains the issued Auth0 tokens.
This method implements the token exchange grant as specified in RFC 8693 by first validating the provided subject token type and then constructing a token request to the /oauth/token endpoint. The request includes the following parameters:
grant_type: Hard-coded to "urn:ietf:params:oauth:grant-type:token-exchange".subject_token: The external token provided via the options.subject_token_type: The type of the external token (validated by this function).scope: A unique set of scopes, generated by merging the scopes supplied in the options
with the SDK’s default scopes.audience: The target audience, as determined by the SDK's authorization configuration.Example Usage:
// Define the token exchange options
const options: CustomTokenExchangeOptions = {
subject_token: 'eyJhbGciOiJIUzI1NiIsInR5cCI6Ikp...',
subject_token_type: 'urn:acme:legacy-system-token',
scope: ['openid', 'profile']
};
// Exchange the external token for Auth0 tokens
try {
const tokenResponse = await instance.exchangeToken(options);
console.log('Token response:', tokenResponse);
} catch (error) {
console.error('Token exchange failed:', error);
}
Fetches a new access token and returns the response from the /oauth/token endpoint, omitting the refresh token.
Fetches a new access token and returns it.
Optional options: GetTokenSilentlyOptionsconst token = await auth0.getTokenWithPopup(options);
Opens a popup with the /authorize URL using the parameters
provided as arguments. Random and secure state and nonce
parameters will be auto-generated. If the response is successful,
results will be valid according to their expiration times.
After the browser redirects back to the callback page,
call handleRedirectCallback to handle success and error
responses from Auth0. If the response is successful, results
will be valid according to their expiration times.
try {
await auth0.loginWithPopup(options);
} catch(e) {
if (e instanceof PopupCancelledError) {
// Popup was closed before login completed
}
}
Opens a popup with the /authorize URL using the parameters
provided as arguments. Random and secure state and nonce
parameters will be auto-generated. If the response is successful,
results will be valid according to their expiration times.
IMPORTANT: This method has to be called from an event handler that was started by the user like a button click, for example, otherwise the popup will be blocked in most browsers.
Optional options: PopupLoginOptionsOptional config: PopupConfigOptionsawait auth0.loginWithRedirect(options);
Performs a redirect to /authorize using the parameters
provided as arguments. Random and secure state and nonce
parameters will be auto-generated.
await auth0.logout(options);
Clears the application session and performs a redirect to /v2/logout, using
the parameters provided as arguments, to clear the Auth0 session.
If the federated option is specified it also clears the Identity Provider session.
Read more about how Logout works at Auth0.
Auth0 SDK for Single Page Applications using Authorization Code Grant Flow with PKCE.