Class: Authentication

Authentication(options)

new Authentication(options)

Creates a new Auth0 Authentication API client

Parameters:
Name Type Description
options Object
Properties
Name Type Attributes Description
domain String

your Auth0 domain
clientID String

the Client ID found on your Application settings page
redirectUri String <optional>

url that the Auth0 will redirect after Auth with the Authorization Response
responseType String <optional>

type of the response used by OAuth 2.0 flow. It can be any space separated list of the values code, token, id_token. https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html
responseMode String <optional>

how the Auth response is encoded and redirected back to the client. Supported values are query, fragment and form_post. https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes
scope String <optional>

scopes to be requested during Auth. e.g. openid email
audience String <optional>

identifier of the resource server who will consume the access token issued after Auth
cookieDomain String <optional>

The domain the cookie is accessible from. If not set, the cookie is scoped to the current domain, including the subdomain. To keep a user logged in across multiple subdomains set this to your top-level domain and prefixed with a . (eg: .example.com).
Source:
See:

Methods

buildAuthorizeUrl(options)

Builds and returns the /authorize url in order to initialize a new authN/authZ transaction

Parameters:
Name Type Description
options Object
Properties
Name Type Attributes Description
clientID String <optional>

the Client ID found on your Application settings page
redirectUri String

url that the Auth0 will redirect after Auth with the Authorization Response
responseType String

type of the response used by OAuth 2.0 flow. It can be any space separated list of the values code, token, id_token. https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html
responseMode String <optional>

how the Auth response is encoded and redirected back to the client. Supported values are query, fragment and form_post. https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes
state String <optional>

value used to mitigate XSRF attacks. https://auth0.com/docs/protocols/oauth2/oauth-state
nonce String <optional>

value used to mitigate replay attacks when using Implicit Grant. https://auth0.com/docs/api-auth/tutorials/nonce
scope String <optional>

scopes to be requested during Auth. e.g. openid email
audience String <optional>

identifier of the resource server who will consume the access token issued after Auth
Source:
See:

buildLogoutUrl(options)

Builds and returns the Logout url in order to initialize a new authN/authZ transaction

If you want to navigate the user to a specific URL after the logout, set that URL at the returnTo parameter. The URL should be included in any the appropriate Allowed Logout URLs list:

  • If the client_id parameter is included, the returnTo URL must be listed in the Allowed Logout URLs set at the Auth0 Application level (see Setting Allowed Logout URLs at the App Level).
  • If the client_id parameter is NOT included, the returnTo URL must be listed in the Allowed Logout URLs set at the account level (see Setting Allowed Logout URLs at the Account Level).
Parameters:
Name Type Description
options Object
Properties
Name Type Attributes Description
clientID String <optional>

the Client ID found on your Application settings page
returnTo String <optional>

URL to be redirected after the logout
federated Boolean <optional>

tells Auth0 if it should logout the user also from the IdP.
Source:
See:

delegation(options, cb)

Makes a call to the /delegation endpoint with either an id_token or refresh_token

Parameters:
Name Type Description
options Object
Properties
Name Type Attributes Description
clientID String <optional>

the Client ID found on your Application settings page
grantType String

grant type used for delegation. The only valid value is urn:ietf:params:oauth:grant-type:jwt-bearer
idToken String <optional>

valid token of the user issued after Auth. If no refresh_token is provided this parameter is required
refreshToken String <optional>

valid refresh token of the user issued after Auth. If no id_token is provided this parameter is required
target String <optional>

the target ClientID of the delegation
scope String <optional>

either openid or openid profile email
apiType String <optional>

the api to be called
cb delegationCallback
Source:
See:

getChallenge(cb)

Makes a call to the /usernamepassword/challenge endpoint and returns the challenge (captcha) if necessary.

Parameters:
Name Type Description
cb callback
Source:

getSSOData(withActiveDirectories, cb)

Uses checkSession and localStorage to return data from the last successful authentication request.

Parameters:
Name Type Description
withActiveDirectories Boolean

this parameter is not used anymore. It's here to be backward compatible
cb function
Source:

login(options, cb)

Makes a call to the oauth/token endpoint with password-realm grant type

Parameters:
Name Type Description
options Object
Properties
Name Type Attributes Description
username String

email or username of the user that will perform Auth
password String

the password of the user that will perform Auth
scope String <optional>

scopes to be requested during Auth. e.g. openid email
audience String <optional>

identifier of the resource server who will consume the access token issued after Auth
realm String

the HRD domain or the connection name where the user belongs to. e.g. Username-Password-Authentication
cb tokenCallback

function called with the result of the request
Source:
See:

loginWithDefaultDirectory(options, cb)

Makes a call to the oauth/token endpoint with password grant type to login to the default directory.

Parameters:
Name Type Description
options Object
Properties
Name Type Attributes Description
username String

email or username of the user that will perform Auth
password String

the password of the user that will perform Auth
scope String <optional>

scopes to be requested during Auth. e.g. openid email
audience String <optional>

identifier of the resource server who will consume the access token issued after Auth
cb tokenCallback

function called with the result of the request
Source:
See:

loginWithResourceOwner(options, cb)

Performs authentication calling /oauth/ro endpoint with username and password for a given connection name.

This method is not compatible with API Auth so if you need to fetch API tokens with audience you should use login or loginWithDefaultDirectory.

Parameters:
Name Type Description
options Object
Properties
Name Type Attributes Description
username String

email or username of the user that will perform Auth
password String

the password of the user that will perform Auth
connection Object

the connection name where the user belongs to. e.g. Username-Password-Authentication
scope String <optional>

scopes to be requested during Auth. e.g. openid email
device String <optional>

name of the device/browser where the Auth was requested
cb tokenCallback

function called with the result of the request
Source:

userInfo(accessToken, cb)

Makes a call to the /userinfo endpoint and returns the user profile

Parameters:
Name Type Description
accessToken String

token issued to a user after Auth
cb userInfoCallback
Source:
See:

Type Definitions

authorizeCallback(erropt, resultopt)

Parameters:
Name Type Attributes Description
err Error <optional>

error returned by Auth0 with the reason of the Auth failure
result Object <optional>

result of the Auth request. If there is no token available, this value will be null.

Properties
Name Type Attributes Description
accessToken String <optional>

token that allows access to the specified resource server (identified by the audience parameter or by default Auth0's /userinfo endpoint)
expiresIn Number <optional>

number of seconds until the access token expires
idToken String <optional>

token that identifies the user
refreshToken String <optional>

token that can be used to get new access tokens from Auth0. Note that not all Auth0 Applications can request them or the resource server might not allow them.
appState Object <optional>

values that you receive back on the authentication response
Source:

delegationCallback(erropt, resultopt)

Parameters:
Name Type Attributes Description
err Error <optional>

error returned by Auth0 with the reason why the delegation failed
result Object <optional>

result of the delegation request. The payload depends on what ai type was used
Source:

tokenCallback(erropt, resultopt)

Parameters:
Name Type Attributes Description
err Error <optional>

error returned by Auth0 with the reason of the Auth failure
result Object <optional>

result of the Auth request

Properties
Name Type Attributes Description
accessToken String

token that allows access to the specified resource server (identified by the audience parameter or by default Auth0's /userinfo endpoint)
expiresIn Number

number of seconds until the access token expires
idToken String <optional>

token that identifies the user
refreshToken String <optional>

token that can be used to get new access tokens from Auth0. Note that not all Auth0 Applications can request them or the resource server might not allow them.
Source:

userInfoCallback(erropt, userInfoopt)

Parameters:
Name Type Attributes Description
err Error <optional>

error returned by Auth0
userInfo Object <optional>

user information
Source: