Class: Authentication

Authentication(options)

new Authentication(options)

Creates a new Auth0 Authentication API client

Parameters:
Name Type Description
options Object
Properties
Name Type Attributes Description
domain String

your Auth0 domain

clientID String

the Client ID found on your Application settings page

redirectUri String <optional>

url that the Auth0 will redirect after Auth with the Authorization Response

responseType String <optional>

type of the response used by OAuth 2.0 flow. It can be any space separated list of the values code, token, id_token. https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html

responseMode String <optional>

how the Auth response is encoded and redirected back to the client. Supported values are query, fragment and form_post. https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes

scope String <optional>

scopes to be requested during Auth. e.g. openid email

audience String <optional>

identifier of the resource server who will consume the access token issued after Auth

cookieDomain String <optional>

The domain the cookie is accessible from. If not set, the cookie is scoped to the current domain, including the subdomain. To keep a user logged in across multiple subdomains set this to your top-level domain and prefixed with a . (eg: .example.com).

Source:
See:

Methods

buildAuthorizeUrl(options)

Builds and returns the /authorize url in order to initialize a new authN/authZ transaction

Parameters:
Name Type Description
options Object
Properties
Name Type Attributes Description
clientID String <optional>

the Client ID found on your Application settings page

redirectUri String

url that the Auth0 will redirect after Auth with the Authorization Response

responseType String

type of the response used by OAuth 2.0 flow. It can be any space separated list of the values code, token, id_token. https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html

responseMode String <optional>

how the Auth response is encoded and redirected back to the client. Supported values are query, fragment and form_post. https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes

state String <optional>

value used to mitigate XSRF attacks. https://auth0.com/docs/protocols/oauth2/oauth-state

nonce String <optional>

value used to mitigate replay attacks when using Implicit Grant. https://auth0.com/docs/api-auth/tutorials/nonce

scope String <optional>

scopes to be requested during Auth. e.g. openid email

audience String <optional>

identifier of the resource server who will consume the access token issued after Auth

Source:
See:

buildLogoutUrl(options)

Builds and returns the Logout url in order to initialize a new authN/authZ transaction

If you want to navigate the user to a specific URL after the logout, set that URL at the returnTo parameter. The URL should be included in any the appropriate Allowed Logout URLs list:

  • If the client_id parameter is included, the returnTo URL must be listed in the Allowed Logout URLs set at the Auth0 Application level (see Setting Allowed Logout URLs at the App Level).
  • If the client_id parameter is NOT included, the returnTo URL must be listed in the Allowed Logout URLs set at the account level (see Setting Allowed Logout URLs at the Account Level).
Parameters:
Name Type Description
options Object
Properties
Name Type Attributes Description
clientID String <optional>

the Client ID found on your Application settings page

returnTo String <optional>

URL to be redirected after the logout

federated Boolean <optional>

tells Auth0 if it should logout the user also from the IdP.

Source:
See:

delegation(options, cb)

Makes a call to the /delegation endpoint with either an id_token or refresh_token

Parameters:
Name Type Description
options Object
Properties
Name Type Attributes Description
clientID String <optional>

the Client ID found on your Application settings page

grantType String

grant type used for delegation. The only valid value is urn:ietf:params:oauth:grant-type:jwt-bearer

idToken String <optional>

valid token of the user issued after Auth. If no refresh_token is provided this parameter is required

refreshToken String <optional>

valid refresh token of the user issued after Auth. If no id_token is provided this parameter is required

target String <optional>

the target ClientID of the delegation

scope String <optional>

either openid or openid profile email

apiType String <optional>

the api to be called

cb delegationCallback
Source:
See:

getChallenge(cb)

Makes a call to the /usernamepassword/challenge endpoint and returns the challenge (captcha) if necessary.

Parameters:
Name Type Description
cb callback
Source:

getSSOData(withActiveDirectories, cb)

Uses checkSession and localStorage to return data from the last successful authentication request.

Parameters:
Name Type Description
withActiveDirectories Boolean

this parameter is not used anymore. It's here to be backward compatible

cb function
Source:

login(options, cb)

Makes a call to the oauth/token endpoint with password-realm grant type

Parameters:
Name Type Description
options Object
Properties
Name Type Attributes Description
username String

email or username of the user that will perform Auth

password String

the password of the user that will perform Auth

scope String <optional>

scopes to be requested during Auth. e.g. openid email

audience String <optional>

identifier of the resource server who will consume the access token issued after Auth

realm String

the HRD domain or the connection name where the user belongs to. e.g. Username-Password-Authentication

cb tokenCallback

function called with the result of the request

Source:
See:

loginWithDefaultDirectory(options, cb)

Makes a call to the oauth/token endpoint with password grant type to login to the default directory.

Parameters:
Name Type Description
options Object
Properties
Name Type Attributes Description
username String

email or username of the user that will perform Auth

password String

the password of the user that will perform Auth

scope String <optional>

scopes to be requested during Auth. e.g. openid email

audience String <optional>

identifier of the resource server who will consume the access token issued after Auth

cb tokenCallback

function called with the result of the request

Source:
See:

loginWithResourceOwner(options, cb)

Performs authentication calling /oauth/ro endpoint with username and password for a given connection name.

This method is not compatible with API Auth so if you need to fetch API tokens with audience you should use login or loginWithDefaultDirectory.

Parameters:
Name Type Description
options Object
Properties
Name Type Attributes Description
username String

email or username of the user that will perform Auth

password String

the password of the user that will perform Auth

connection Object

the connection name where the user belongs to. e.g. Username-Password-Authentication

scope String <optional>

scopes to be requested during Auth. e.g. openid email

device String <optional>

name of the device/browser where the Auth was requested

cb tokenCallback

function called with the result of the request

Source:

userInfo(accessToken, cb)

Makes a call to the /userinfo endpoint and returns the user profile

Parameters:
Name Type Description
accessToken String

token issued to a user after Auth

cb userInfoCallback
Source:
See:

Type Definitions

authorizeCallback(erropt, resultopt)

Parameters:
Name Type Attributes Description
err Error <optional>

error returned by Auth0 with the reason of the Auth failure

result Object <optional>

result of the Auth request. If there is no token available, this value will be null.

Properties
Name Type Attributes Description
accessToken String <optional>

token that allows access to the specified resource server (identified by the audience parameter or by default Auth0's /userinfo endpoint)

expiresIn Number <optional>

number of seconds until the access token expires

idToken String <optional>

token that identifies the user

refreshToken String <optional>

token that can be used to get new access tokens from Auth0. Note that not all Auth0 Applications can request them or the resource server might not allow them.

appState Object <optional>

values that you receive back on the authentication response

Source:

delegationCallback(erropt, resultopt)

Parameters:
Name Type Attributes Description
err Error <optional>

error returned by Auth0 with the reason why the delegation failed

result Object <optional>

result of the delegation request. The payload depends on what ai type was used

Source:

tokenCallback(erropt, resultopt)

Parameters:
Name Type Attributes Description
err Error <optional>

error returned by Auth0 with the reason of the Auth failure

result Object <optional>

result of the Auth request

Properties
Name Type Attributes Description
accessToken String

token that allows access to the specified resource server (identified by the audience parameter or by default Auth0's /userinfo endpoint)

expiresIn Number

number of seconds until the access token expires

idToken String <optional>

token that identifies the user

refreshToken String <optional>

token that can be used to get new access tokens from Auth0. Note that not all Auth0 Applications can request them or the resource server might not allow them.

Source:

userInfoCallback(erropt, userInfoopt)

Parameters:
Name Type Attributes Description
err Error <optional>

error returned by Auth0

userInfo Object <optional>

user information

Source: