• Public
  • Public/Protected
  • All


  • BaseLoginOptions
    • Auth0ClientOptions


[key: string]: any

If you need to send custom parameters to the Authorization Server, make sure to use the original parameter name.



Optional acr_values

acr_values: string

Optional advancedOptions

advancedOptions: AdvancedOptions

Changes to recommended defaults, like defaultScope

Optional audience

audience: string

The default audience to be used for requesting API access.

Optional authorizeTimeoutInSeconds

authorizeTimeoutInSeconds: number

A maximum number of seconds to wait before declaring background calls to /authorize as failed for timeout Defaults to 60s.

Optional cache

cache: ICache

Specify a custom cache implementation to use for token storage and retrieval. This setting takes precedence over cacheLocation if they are both specified.

Optional cacheLocation

cacheLocation: CacheLocation

The location to use when storing cache data. Valid values are memory or localstorage. The default setting is memory.

Read more about changing storage options in the Auth0 docs


client_id: string

The Client ID found on your Application settings page

Optional connection

connection: string

The name of the connection configured for your application. If null, it will redirect to the Auth0 Login Page and show the Login Widget.

Optional cookieDomain

cookieDomain: string

The domain the cookie is accessible from. If not set, the cookie is scoped to the current domain, including the subdomain.

Note: setting this incorrectly may cause silent authentication to stop working on page load.

To keep a user logged in across multiple subdomains set this to your top-level domain and prefixed with a . (eg: .example.com).

Optional display

display: "page" | "popup" | "touch" | "wap"
  • 'page': displays the UI with a full page view
  • 'popup': displays the UI with a popup window
  • 'touch': displays the UI in a way that leverages a touch interface
  • 'wap': displays the UI with a "feature phone" type interface


domain: string

Your Auth0 account domain such as 'example.auth0.com', 'example.eu.auth0.com' or , 'example.mycompany.com' (when using custom domains)

Optional httpTimeoutInSeconds

httpTimeoutInSeconds: number

Specify the timeout for HTTP calls using fetch. The default is 10 seconds.

Optional id_token_hint

id_token_hint: string

Previously issued ID Token.

Optional invitation

invitation: string

The Id of an invitation to accept. This is available from the user invitation URL that is given when participating in a user invitation flow.

Optional issuer

issuer: string

The issuer to be used for validation of JWTs, optionally defaults to the domain above

Optional leeway

leeway: number

The value in seconds used to account for clock skew in JWT expirations. Typically, this value is no more than a minute or two at maximum. Defaults to 60s.

Optional legacySameSiteCookie

legacySameSiteCookie: boolean

Sets an additional cookie with no SameSite attribute to support legacy browsers that are not compatible with the latest SameSite changes. This will log a warning on modern browsers, you can disable the warning by setting this to false but be aware that some older useragents will not work, See https://www.chromium.org/updates/same-site/incompatible-clients Defaults to true

Optional login_hint

login_hint: string

The user's email address or other identifier. When your app knows which user is trying to authenticate, you can provide this parameter to pre-fill the email box or select the right session for sign-in.

This currently only affects the classic Lock experience.

Optional max_age

max_age: string | number

Maximum allowable elasped time (in seconds) since authentication. If the last time the user authenticated is greater than this value, the user must be reauthenticated.

Optional nowProvider

nowProvider: () => Promise<number> | number

Modify the value used as the current time during the token validation.

Note: Using this improperly can potentially compromise the token validation.

Type declaration

    • (): Promise<number> | number
    • Returns Promise<number> | number

Optional organization

organization: string

The Id of an organization to log in to.

This will specify an organization parameter in your user's login request and will add a step to validate the org_id claim in your user's ID Token.

Optional prompt

prompt: "none" | "login" | "consent" | "select_account"
  • 'none': do not prompt user for login or consent on reauthentication
  • 'login': prompt user for reauthentication
  • 'consent': prompt user for consent before processing request
  • 'select_account': prompt user to select an account

Optional redirect_uri

redirect_uri: string

The default URL where Auth0 will redirect your browser to with the authentication result. It must be whitelisted in the "Allowed Callback URLs" field in your Auth0 Application's settings. If not provided here, it should be provided in the other methods that provide authentication.

Optional scope

scope: string

The default scope to be used on authentication requests. The defaultScope defined in the Auth0Client is included along with this scope

Optional screen_hint

screen_hint: "signup" | "login" | string

Provides a hint to Auth0 as to what flow should be displayed. The default behavior is to show a login page but you can override this by passing 'signup' to show the signup page instead.

This only affects the New Universal Login Experience.

Optional sessionCheckExpiryDays

sessionCheckExpiryDays: number

Number of days until the cookie auth0.is.authenticated will expire Defaults to 1.

Optional ui_locales

ui_locales: string

The space-separated list of language tags, ordered by preference. For example: 'fr-CA fr en'.

Optional useCookiesForTransactions

useCookiesForTransactions: boolean

If true, the SDK will use a cookie when storing information about the auth transaction while the user is going through the authentication flow on the authorization server.

The default is false, in which case the SDK will use session storage.


You might want to enable this if you rely on your users being able to authenticate using flows that may end up spanning across multiple tabs (e.g. magic links) or you cannot otherwise rely on session storage being available.

Optional useFormData

useFormData: boolean

When true, data to the token endpoint is transmitted as x-www-form-urlencoded data instead of JSON. The default is false, but will default to true in a future major version.

Note: Setting this to true may affect you if you use Auth0 Rules and are sending custom, non-primative data. If you enable this, please verify that your Auth0 Rules continue to work as intended.

Optional useRefreshTokens

useRefreshTokens: boolean

If true, refresh tokens are used to fetch new access tokens from the Auth0 server. If false, the legacy technique of using a hidden iframe and the authorization_code grant with prompt=none is used. The default setting is false.

Note: Use of refresh tokens must be enabled by an administrator on your Auth0 client application.

Optional useRefreshTokensFallback

useRefreshTokensFallback: boolean

If true, fallback to the technique of using a hidden iframe and the authorization_code grant with prompt=none when unable to use refresh tokens. The default setting is true.

Note: There might be situations where doing silent auth with a Web Message response from an iframe is not possible, like when you're serving your application from the file system or a custom protocol (like in a Desktop or Native app). In situations like this you can disable the iframe fallback and handle the failed Refresh Grant and prompt the user to login interactively with loginWithRedirect or loginWithPopup."

E.g. Using the file: protocol in an Electron application does not support that legacy technique.

let token: string; try { token = await auth0.getTokenSilently(); } catch (e) { if (e.error === 'missing_refresh_token' || e.error === 'invalid_grant') { auth0.loginWithRedirect(); } }