Class Auth0Client

await auth0.checkSession();
Copy

Check if the user is logged in using getTokenSilently. The difference with getTokenSilently is that this doesn't return a token, but it will pre-fill the token cache.

This method also heeds the auth0.{clientId}.is.authenticated cookie, as an optimization to prevent calling Auth0 unnecessarily. If the cookie is not present because there was no previous login (or it has expired) then tokens will not be refreshed.

It should be used for silently logging in the user when you instantiate the Auth0Client constructor. You should not need this if you are using the createAuth0Client factory.

Note: the cookie may not be present if running an app using a private tab, as some browsers clear JS cookie data and local storage when the tab or page is closed, or on page reload. This effectively means that checkSession could silently return without authenticating the user on page refresh when using a private tab, despite having previously logged in. As a workaround, use getTokenSilently instead and handle the possible login_required error as shown in the readme.

const claims = await auth0.getIdTokenClaims();
Copy

Returns all claims from the id_token if available.

Fetches a new access token and returns the response from the /oauth/token endpoint, omitting the refresh token.

Fetches a new access token and returns it.

const token = await auth0.getTokenWithPopup(options);
Copy

Opens a popup with the /authorize URL using the parameters provided as arguments. Random and secure state and nonce parameters will be auto-generated. If the response is successful, results will be valid according to their expiration times.

const user = await auth0.getUser();
Copy

Returns the user information if available (decoded from the id_token).

Typeparam

TUser The type to return, has to extend User.

After the browser redirects back to the callback page, call handleRedirectCallback to handle success and error responses from Auth0. If the response is successful, results will be valid according to their expiration times.

const isAuthenticated = await auth0.isAuthenticated();
Copy

Returns true if there's valid information stored, otherwise returns false.

try {
 await auth0.loginWithPopup(options);
} catch(e) {
 if (e instanceof PopupCancelledError) {
   // Popup was closed before login completed
 }
}
Copy

Opens a popup with the /authorize URL using the parameters provided as arguments. Random and secure state and nonce parameters will be auto-generated. If the response is successful, results will be valid according to their expiration times.

IMPORTANT: This method has to be called from an event handler that was started by the user like a button click, for example, otherwise the popup will be blocked in most browsers.

await auth0.loginWithRedirect(options);
Copy

Performs a redirect to /authorize using the parameters provided as arguments. Random and secure state and nonce parameters will be auto-generated.

await auth0.logout(options);
Copy

Clears the application session and performs a redirect to /v2/logout, using the parameters provided as arguments, to clear the Auth0 session.

If the federated option is specified it also clears the Identity Provider session. Read more about how Logout works at Auth0.