If you need to send custom parameters to the Authorization Server, make sure to use the original parameter name.
Changes to recommended defaults, like defaultScope
The default audience to be used for requesting API access.
A maximum number of seconds to wait before declaring background calls to /authorize as failed for timeout Defaults to 60s.
The location to use when storing cache data. Valid values are
The default setting is
The Client ID found on your Application settings page
The name of the connection configured for your application. If null, it will redirect to the Auth0 Login Page and show the Login Widget.
'page': displays the UI with a full page view
'popup': displays the UI with a popup window
'touch': displays the UI in a way that leverages a touch interface
'wap': displays the UI with a "feature phone" type interface
Your Auth0 account domain such as
'example.eu.auth0.com' or ,
(when using custom domains)
Previously issued ID Token.
The issuer to be used for validation of JWTs, optionally defaults to the domain above
The value in seconds used to account for clock skew in JWT expirations. Typically, this value is no more than a minute or two at maximum. Defaults to 60s.
The user's email address or other identifier. When your app knows which user is trying to authenticate, you can provide this parameter to pre-fill the email box or select the right session for sign-in.
This currently only affects the classic Lock experience.
Maximum allowable elasped time (in seconds) since authentication. If the last time the user authenticated is greater than this value, the user must be reauthenticated.
'none': do not prompt user for login or consent on reauthentication
'login': prompt user for reauthentication
'consent': prompt user for consent before processing request
'select_account': prompt user to select an account
The default URL where Auth0 will redirect your browser to with the authentication result. It must be whitelisted in the "Allowed Callback URLs" field in your Auth0 Application's settings. If not provided here, it should be provided in the other methods that provide authentication.
The default scope to be used on authentication requests. The defaultScope defined in the Auth0Client is included along with this scope
The space-separated list of language tags, ordered by preference.
'fr-CA fr en'.
If true, refresh tokens are used to fetch new access tokens from the Auth0 server. If false, the legacy technique of using a hidden iframe and the
authorization_code grant with
prompt=none is used.
The default setting is
Note: Use of refresh tokens must be enabled by an administrator on your Auth0 client application.