Class: Popup

Popup

This class cannot be instantiated directly. Instead, use WebAuth.popup

Methods

authorize(options, cb)

Shows inside a new window the hosted login page (/authorize) in order to start a new authN/authZ transaction and post its result using postMessage.

Parameters:
Name Type Description
options Object
Properties
Name Type Attributes Description
clientID String <optional>

the Client ID found on your Application settings page

redirectUri String

url that the Auth0 will redirect after Auth with the Authorization Response

responseType String

type of the response used by OAuth 2.0 flow. It can be any space separated list of the values code, token, id_token. https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html

responseMode String <optional>

how the Auth response is encoded and redirected back to the client. Supported values are query, fragment and form_post. The query value is only supported when responseType is code. https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes

state String <optional>

value used to mitigate XSRF attacks. https://auth0.com/docs/protocols/oauth2/oauth-state

nonce String <optional>

value used to mitigate replay attacks when using Implicit Grant. https://auth0.com/docs/api-auth/tutorials/nonce

scope String <optional>

scopes to be requested during Auth. e.g. openid email

audience String <optional>

identifier of the resource server who will consume the access token issued after Auth

organization String <optional>

the Id of an organization to log in to

invitation String <optional>

the ID of an invitation to accept. This is available from the user invitation URL that is given when participating in a user invitation flow

owp Boolean <optional>

determines if Auth0 should render the relay page or not and the caller is responsible of handling the response.

cb authorizeCallback
Source:
See:

callback(options)

Handles the popup logic for the callback page.

Parameters:
Name Type Description
options Object
Properties
Name Type Attributes Description
hash String

the url hash. If not provided it will extract from window.location.hash

state String <optional>

value originally sent in state parameter to authorize to mitigate XSRF

nonce String <optional>

value originally sent in nonce parameter to authorize to prevent replay attacks

Source:
See:
  • parseHash

loginWithCredentials(options, cb)

Performs authentication with username/email and password with a database connection inside a new window

This method is not compatible with API Auth so if you need to fetch API tokens with audience you should use authorize or login.

Parameters:
Name Type Description
options Object
Properties
Name Type Attributes Description
redirectUri String <optional>

url that the Auth0 will redirect after Auth with the Authorization Response

responseType String <optional>

type of the response used. It can be any of the values code and token

responseMode String <optional>

how the AuthN response is encoded and redirected back to the client. Supported values are query and fragment. The query value is only supported when responseType is code.

scope String <optional>

scopes to be requested during AuthN. e.g. openid email

cb credentialsCallback
Source:

passwordlessVerify(options, cb)

Verifies the passwordless TOTP and redirects to finish the passwordless transaction

Parameters:
Name Type Description
options Object
Properties
Name Type Description
type String

sms or email

phoneNumber String

only if type = sms

email String

only if type = email

connection String

the connection name

verificationCode String

the TOTP code

cb function
Source:

preload(options)

Initializes the popup window and returns the instance to be used later in order to avoid being blocked by the browser.

Parameters:
Name Type Description
options Object

receives the window height and width and any other window feature to be sent to window.open

Source:

signupAndLogin(options, cb)

Signs up a new user and automatically logs the user in after the signup.

This method is not compatible with API Auth so if you need to fetch API tokens with audience you should use authorize or signupAndAuthorize.

Parameters:
Name Type Description
options Object
Properties
Name Type Description
email String

user email address

password String

user password

connection String

name of the connection where the user will be created

cb credentialsCallback
Source: