The audience that was used in the authentication request
There's no actual redirect when getting a token silently,
but, according to the spec, a
redirect_uri param is required.
Auth0 uses this parameter to validate that the current
origin when sending the response.
It must be whitelisted in the "Allowed Web Origins" in your
Auth0 Application's settings.
The scope that was used in the authentication request
off, ignores the cache and always sends a
request to Auth0.
cache-only, only reads from the cache and never sends a request to Auth0.
on, where it both reads from the cache and sends a request to Auth0 as needed.
If true, the full response from the /oauth/token endpoint (or the cache, if the cache was used) is returned
refresh_token if one was issued). Otherwise, just the access token is returned.
The default is
A maximum number of seconds to wait before declaring the background /authorize call as failed for timeout Defaults to 60s.
Parameters that will be sent back to Auth0 as part of a request.