Contains all claims from the id_token if available.
The authentication state, true if the user is authenticated, false if not.
The loading state of the SDK, true if the SDK is still processing the PKCE flow, false if the SDK has finished processing the PKCE flow.
Contains the information of the user if available.
await checkSession();
Check if the user is logged in using getTokenSilently. The difference
with getTokenSilently is that this doesn't return a token, but it will
pre-fill the token cache.
This method also heeds the auth0.{clientId}.is.authenticated cookie, as an optimization
to prevent calling Auth0 unnecessarily. If the cookie is not present because
there was no previous login (or it has expired) then tokens will not be refreshed.
Optionaloptions: GetTokenSilentlyOptionsconst fetcher = createFetcher({
dpopNonceId: 'my-api',
baseUrl: 'https://api.example.com'
});
const response = await fetcher.fetchWithAuth('/data', {
method: 'GET'
});
const data = await response.json();
Creates a fetcher instance that automatically handles authentication for API requests.
The fetcher automatically:
getAccessTokenSilently()Authorization headersThis is the recommended way to make authenticated API calls, especially when using DPoP.
Optionalconfig: FetcherConfig<TOutput>Configuration options for the fetcher
const proof = await generateDpopProof({
url: 'https://api.example.com/data',
method: 'GET',
accessToken: token
});
Generates a DPoP proof JWT that cryptographically binds an access token to the current client.
The proof is a signed JWT that demonstrates possession of the private key associated with the public key in the access token. This prevents token theft and replay attacks.
Note: Requires useDpop: true in the Auth0 client configuration.
Most developers should use createFetcher() instead, which handles proof generation automatically.
Configuration for generating the proof
The access token to bind to the proof
The HTTP method (GET, POST, etc.)
Optionalnonce?: stringOptional nonce value from a previous server response
The target URL for the API request
Fetches a new access token and returns the response from the /oauth/token endpoint, omitting the refresh token.
Fetches a new access token and returns it.
Optionaloptions: GetTokenSilentlyOptionsconst token = await getTokenWithPopup(options);
Opens a popup with the /authorize URL using the parameters
provided as arguments. Random and secure state and nonce
parameters will be auto-generated. If the response is successful,
results will be valid according to their expiration times.
Optionaloptions: GetTokenWithPopupOptionsOptionalconfig: PopupConfigOptionsconst nonce = await getDpopNonce();
Retrieves the current DPoP nonce value for a specific identifier.
The nonce is used to prevent replay attacks when using DPoP (Demonstrating Proof-of-Possession).
It may return undefined initially before the first server response.
Note: Requires useDpop: true in the Auth0 client configuration.
Optionalid: stringOptional identifier for the nonce. If omitted, returns the nonce for Auth0 requests. Use a custom identifier for tracking nonces for different API endpoints.
After the browser redirects back to the callback page,
call handleRedirectCallback to handle success and error
responses from Auth0. If the response is successful, results
will be valid according to their expiration times.
Note: The Auth0-Vue SDK handles this for you, unless you set skipRedirectCallback to true.
In that case, be sure to explicitly call handleRedirectCallback yourself.
Optionalurl: stringtry {
await loginWithPopup(options);
} catch(e) {
if (e instanceof PopupCancelledError) {
// Popup was closed before login completed
}
}
Opens a popup with the /authorize URL using the parameters
provided as arguments. Random and secure state and nonce
parameters will be auto-generated. If the response is successful,
results will be valid according to their expiration times.
IMPORTANT: This method has to be called from an event handler that was started by the user like a button click, for example, otherwise the popup will be blocked in most browsers.
Optionaloptions: PopupLoginOptionsOptionalconfig: PopupConfigOptionsawait loginWithRedirect(options);
Performs a redirect to /authorize using the parameters
provided as arguments. Random and secure state and nonce
parameters will be auto-generated.
Optionaloptions: RedirectLoginOptions<AppState>logout();
Clears the application session and performs a redirect to /v2/logout, using
the parameters provided as arguments, to clear the Auth0 session.
Note: If you are using a custom cache, and specifying localOnly: true, and you want to perform actions or read state from the SDK immediately after logout, you should await the result of calling logout.
If the federated option is specified it also clears the Identity Provider session.
If the localOnly option is specified, it only clears the application session.
It is invalid to set both the federated and localOnly options to true,
and an error will be thrown if you do.
Read more about how Logout works at Auth0.
Optionaloptions: LogoutOptionsawait setDpopNonce('new-nonce-value', 'my-api');
Stores a DPoP nonce value for future use with a specific identifier.
This is typically called automatically when the server provides a new nonce
in the DPoP-Nonce response header. Manual usage is only needed for advanced scenarios.
Note: Requires useDpop: true in the Auth0 client configuration.
The nonce value to store
Optionalid: stringOptional identifier for the nonce. If omitted, sets the nonce for Auth0 requests. Use a custom identifier for managing nonces for different API endpoints.
Contains an error that occured in the SDK