Global

Methods

authorize(optionsopt)

Redirects to the hosted login page (/authorize) in order to start a new authN/authZ transaction. After that, you'll have to use the parseHash function at the specified redirectUri.

Source:
See:
Parameters:
Name Type Attributes Description
options Object <optional>
Name Type Attributes Description
clientID String <optional>

the Client ID found on your Application settings page

redirectUri String

url that the Auth0 will redirect after Auth with the Authorization Response

responseType String

type of the response used by OAuth 2.0 flow. It can be any space separated list of the values code, token, id_token. https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html

responseMode String <optional>

how the Auth response is encoded and redirected back to the client. Supported values are query, fragment and form_post. The query value is only supported when responseType is code. https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes

state String <optional>

value used to mitigate XSRF attacks. https://auth0.com/docs/protocols/oauth2/oauth-state

nonce String <optional>

value used to mitigate replay attacks when using Implicit Grant. https://auth0.com/docs/api-auth/tutorials/nonce

scope String <optional>

scopes to be requested during Auth. e.g. openid email

audience String <optional>

identifier of the resource server who will consume the access token issued after Auth

authorize(options, cb)

Shows inside a new window the hosted login page (/authorize) in order to start a new authN/authZ transaction and post its result using postMessage.

Source:
See:
Parameters:
Name Type Description
options Object
Name Type Attributes Description
clientID String <optional>

the Client ID found on your Application settings page

redirectUri String

url that the Auth0 will redirect after Auth with the Authorization Response

responseType String

type of the response used by OAuth 2.0 flow. It can be any space separated list of the values code, token, id_token. https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html

responseMode String <optional>

how the Auth response is encoded and redirected back to the client. Supported values are query, fragment and form_post. The query value is only supported when responseType is code. https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes

state String <optional>

value used to mitigate XSRF attacks. https://auth0.com/docs/protocols/oauth2/oauth-state

nonce String <optional>

value used to mitigate replay attacks when using Implicit Grant. https://auth0.com/docs/api-auth/tutorials/nonce

scope String <optional>

scopes to be requested during Auth. e.g. openid email

audience String <optional>

identifier of the resource server who will consume the access token issued after Auth

owp Boolean <optional>

determines if Auth0 should render the relay page or not and the caller is responsible of handling the response.

cb authorizeCallback

buildAuthorizeUrl(options)

Builds and returns the /authorize url in order to initialize a new authN/authZ transaction

Source:
See:
Parameters:
Name Type Description
options Object
Name Type Attributes Description
clientID String <optional>

the Client ID found on your Application settings page

redirectUri String

url that the Auth0 will redirect after Auth with the Authorization Response

responseType String

type of the response used by OAuth 2.0 flow. It can be any space separated list of the values code, token, id_token. https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html

responseMode String <optional>

how the Auth response is encoded and redirected back to the client. Supported values are query, fragment and form_post. https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes

state String <optional>

value used to mitigate XSRF attacks. https://auth0.com/docs/protocols/oauth2/oauth-state

nonce String <optional>

value used to mitigate replay attacks when using Implicit Grant. https://auth0.com/docs/api-auth/tutorials/nonce

scope String <optional>

scopes to be requested during Auth. e.g. openid email

audience String <optional>

identifier of the resource server who will consume the access token issued after Auth

buildLogoutUrl(options)

Builds and returns the Logout url in order to initialize a new authN/authZ transaction

If you want to navigate the user to a specific URL after the logout, set that URL at the returnTo parameter. The URL should be included in any the appropriate Allowed Logout URLs list:

  • If the client_id parameter is included, the returnTo URL must be listed in the Allowed Logout URLs set at the Auth0 Application level (see Setting Allowed Logout URLs at the App Level).
  • If the client_id parameter is NOT included, the returnTo URL must be listed in the Allowed Logout URLs set at the account level (see Setting Allowed Logout URLs at the Account Level).
Source:
See:
Parameters:
Name Type Description
options Object
Name Type Attributes Description
clientID String <optional>

the Client ID found on your Application settings page

returnTo String <optional>

URL to be redirected after the logout

federated Boolean <optional>

tells Auth0 if it should logout the user also from the IdP.

callback()

Runs the callback code for the cross origin authentication call. This method is meant to be called by the cross origin authentication callback url.

Source:

callback(options)

Handles the popup logic for the callback page.

Source:
See:
Parameters:
Name Type Description
options Object
Name Type Attributes Description
hash String

the url hash. If not provided it will extract from window.location.hash

state String <optional>

value originally sent in state parameter to authorize to mitigate XSRF

nonce String <optional>

value originally sent in nonce parameter to authorize to prevent replay attacks

changePassword(options, cb)

Request an email with instruction to change a user's password

Source:
See:
Parameters:
Name Type Description
options Object
Name Type Description
email String

address where the user will receive the change password email. It should match the user's email in Auth0

connection String

name of the connection where the user was created

cb changePasswordCallback

changePassword(options, cb)

Request an email with instruction to change a user's password

Source:
See:
Parameters:
Name Type Description
options Object
Name Type Description
email String

address where the user will receive the change password email. It should match the user's email in Auth0

connection String

name of the connection where the user was created

cb changePasswordCallback

checkSession(optionsopt)

Renews an existing session on Auth0's servers using response_mode=web_message

Source:
Parameters:
Name Type Attributes Description
options Object <optional>
Name Type Attributes Description
clientID String <optional>

the Client ID found on your Application settings page

responseType String <optional>

type of the response used by OAuth 2.0 flow. It can be any space separated list of the values code, token, id_token. https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html

state String <optional>

value used to mitigate XSRF attacks. https://auth0.com/docs/protocols/oauth2/oauth-state

nonce String <optional>

value used to mitigate replay attacks when using Implicit Grant. https://auth0.com/docs/api-auth/tutorials/nonce

scope String <optional>

scopes to be requested during Auth. e.g. openid email

audience String <optional>

identifier of the resource server who will consume the access token issued after Auth

timeout String <optional>

value in milliseconds used to timeout when the /authorize call is failing as part of the silent authentication with postmessage enabled due to a configuration.

crossOriginAuthenticationCallback()

Runs the callback code for the cross origin authentication call. This method is meant to be called by the cross origin authentication callback url.

Deprecated:
Source:

crossOriginVerification()

Runs the callback code for the cross origin authentication call. This method is meant to be called by the cross origin authentication callback url.

Source:

delegation(options, cb)

Makes a call to the /delegation endpoint with either an id_token or refresh_token

Source:
See:
Parameters:
Name Type Description
options Object
Name Type Attributes Description
clientID String <optional>

the Client ID found on your Application settings page

grantType String

grant type used for delegation. The only valid value is urn:ietf:params:oauth:grant-type:jwt-bearer

idToken String <optional>

valid token of the user issued after Auth. If no refresh_token is provided this parameter is required

refreshToken String <optional>

valid refresh token of the user issued after Auth. If no id_token is provided this parameter is required

target String <optional>

the target ClientID of the delegation

scope String <optional>

either openid or openid profile email

apiType String <optional>

the api to be called

cb delegationCallback

getSSOData(withActiveDirectories, cb)

Uses checkSession and localStorage to return data from the last successful authentication request.

Source:
Parameters:
Name Type Description
withActiveDirectories Boolean

this parameter is not used anymore. It's here to be backward compatible

cb function

getUser(userId, cb)

Returns the user profile

Source:
See:
Parameters:
Name Type Description
userId String

identifier of the user to retrieve

cb userCallback

linkUser(userId, secondaryUserToken, cb)

Link two users

Source:
See:
Parameters:
Name Type Description
userId String
secondaryUserToken String
cb userCallback

login(options, cb)

Makes a call to the oauth/token endpoint with password-realm grant type

Source:
See:
Parameters:
Name Type Description
options Object
Name Type Attributes Description
username String

email or username of the user that will perform Auth

password String

the password of the user that will perform Auth

scope String <optional>

scopes to be requested during Auth. e.g. openid email

audience String <optional>

identifier of the resource server who will consume the access token issued after Auth

realm Object

the HRD domain or the connection name where the user belongs to. e.g. Username-Password-Authentication

cb tokenCallback

function called with the result of the request

login(options, cb)

Logs in the user with username and password using the cross origin authentication (/co/authenticate) flow. You can use either username or email to identify the user, but username will take precedence over email. Some browsers might not be able to successfully authenticate if 3rd party cookies are disabled in your browser. See here for more information.. After the /co/authenticate call, you'll have to use the parseHash function at the redirectUri specified in the constructor.

Source:
Parameters:
Name Type Description
options Object

options used in the authorize call after the login_ticket is acquired

Name Type Attributes Description
username String <optional>

Username (mutually exclusive with email)

email String <optional>

Email (mutually exclusive with username)

password String

Password

realm String <optional>

Realm used to authenticate the user, it can be a realm name or a database connection name

cb crossOriginLoginCallback

Callback function called only when an authentication error, like invalid username or password, occurs. For other types of errors, there will be a redirect to the redirectUri.

login(options, cb)

Logs the user in with username and password using the correct flow based on where it's called from:

  • If you're calling this method from the Universal Login Page, it will use the usernamepassword/login endpoint
  • If you're calling this method outside the Universal Login Page, it will use the cross origin authentication (/co/authenticate) flow You can use either username or email to identify the user, but username will take precedence over email. After the redirect to redirectUri, use parseHash to retrieve the authentication data. Notice that when using the cross origin authentication flow, some browsers might not be able to successfully authenticate if 3rd party cookies are disabled. See here for more information..
Source:
See:
Parameters:
Name Type Description
options Object

options used in the authorize call after the login_ticket is acquired

Name Type Attributes Description
username String <optional>

Username (mutually exclusive with email)

email String <optional>

Email (mutually exclusive with username)

password String

Password

realm String <optional>

Realm used to authenticate the user, it can be a realm name or a database connection name

cb crossOriginLoginCallback

Callback function called only when an authentication error, like invalid username or password, occurs. For other types of errors, there will be a redirect to the redirectUri.

login(options, cb)

Performs authentication with username/email and password with a database connection

This method is not compatible with API Auth so if you need to fetch API tokens with audience you should use authorize or login.

Source:
Parameters:
Name Type Description
options Object
Name Type Attributes Description
redirectUri String <optional>

url that the Auth0 will redirect after Auth with the Authorization Response

responseType String <optional>

type of the response used. It can be any of the values code and token

responseMode String <optional>

how the AuthN response is encoded and redirected back to the client. Supported values are query and fragment

scope String <optional>

scopes to be requested during AuthN. e.g. openid email

cb credentialsCallback

loginWithCredentials(options, cb)

Performs authentication with username/email and password with a database connection inside a new window

This method is not compatible with API Auth so if you need to fetch API tokens with audience you should use authorize or login.

Source:
Parameters:
Name Type Description
options Object
Name Type Attributes Description
redirectUri String <optional>

url that the Auth0 will redirect after Auth with the Authorization Response

responseType String <optional>

type of the response used. It can be any of the values code and token

responseMode String <optional>

how the AuthN response is encoded and redirected back to the client. Supported values are query and fragment. The query value is only supported when responseType is code.

scope String <optional>

scopes to be requested during AuthN. e.g. openid email

cb credentialsCallback

loginWithCredentials(options, cb)

Logs in the user with username and password using the cross origin authentication (/co/authenticate) flow. You can use either username or email to identify the user, but username will take precedence over email. Some browsers might not be able to successfully authenticate if 3rd party cookies are disabled in your browser. See here for more information.. After the /co/authenticate call, you'll have to use the parseHash function at the redirectUri specified in the constructor.

Deprecated:
  • This method will be released in the next major version. Use `webAuth.login` instead.
Source:
Parameters:
Name Type Description
options Object

options used in the authorize call after the login_ticket is acquired

Name Type Attributes Description
username String <optional>

Username (mutually exclusive with email)

email String <optional>

Email (mutually exclusive with username)

password String

Password

connection String <optional>

Connection used to authenticate the user, it can be a realm name or a database connection name

cb crossOriginLoginCallback

Callback function called only when an authentication error, like invalid username or password, occurs. For other types of errors, there will be a redirect to the redirectUri.

loginWithDefaultDirectory(options, cb)

Makes a call to the oauth/token endpoint with password grant type to login to the default directory.

Source:
See:
Parameters:
Name Type Description
options Object
Name Type Attributes Description
username String

email or username of the user that will perform Auth

password String

the password of the user that will perform Auth

scope String <optional>

scopes to be requested during Auth. e.g. openid email

audience String <optional>

identifier of the resource server who will consume the access token issued after Auth

cb tokenCallback

function called with the result of the request

loginWithResourceOwner(options, cb)

Performs authentication calling /oauth/ro endpoint with username and password for a given connection name.

This method is not compatible with API Auth so if you need to fetch API tokens with audience you should use login or loginWithDefaultDirectory.

Source:
Parameters:
Name Type Description
options Object
Name Type Attributes Description
username String

email or username of the user that will perform Auth

password String

the password of the user that will perform Auth

connection Object

the connection name where the user belongs to. e.g. Username-Password-Authentication

scope String <optional>

scopes to be requested during Auth. e.g. openid email

device String <optional>

name of the device/browser where the Auth was requested

cb tokenCallback

function called with the result of the request

logout(optionsopt)

Redirects to the auth0 logout endpoint

If you want to navigate the user to a specific URL after the logout, set that URL at the returnTo parameter. The URL should be included in any the appropriate Allowed Logout URLs list:

  • If the client_id parameter is included, the returnTo URL must be listed in the Allowed Logout URLs set at the Auth0 Application level (see Setting Allowed Logout URLs at the App Level).
  • If the client_id parameter is NOT included, the returnTo URL must be listed in the Allowed Logout URLs set at the account level (see Setting Allowed Logout URLs at the Account Level).
Source:
See:
Parameters:
Name Type Attributes Description
options Object <optional>
Name Type Attributes Description
clientID String <optional>

the Client ID found on your Application settings page

returnTo String <optional>

URL to be redirected after the logout

federated Boolean <optional>

tells Auth0 if it should logout the user also from the IdP.

parseHash(options, cb)

Parse the url hash and extract the Auth response from a Auth flow started with authorize

Only validates id_tokens signed by Auth0 using the RS256 algorithm using the public key exposed by the /.well-known/jwks.json endpoint of your account. Tokens signed with the HS256 algorithm cannot be properly validated. Instead, a call to userInfo will be made with the parsed access_token. If the userInfo call fails, the userInfo error will be passed to the callback. Tokens signed with other algorithms will not be accepted.

Source:
Parameters:
Name Type Description
options Object
Name Type Attributes Description
hash String

the url hash. If not provided it will extract from window.location.hash

state String <optional>

value originally sent in state parameter to authorize to mitigate XSRF

nonce String <optional>

value originally sent in nonce parameter to authorize to prevent replay attacks

responseType String <optional>

type of the response used by OAuth 2.0 flow. It can be any space separated list of the values token, id_token. For this specific method, we'll only use this value to check if the hash contains the tokens requested in the responseType.

cb authorizeCallback

passwordlessLogin(options, cb)

Logs in the user by verifying the verification code (OTP) using the cross origin authentication (/co/authenticate) flow. You can use either phoneNumber or email to identify the user. This only works when 3rd party cookies are enabled in the browser. After the /co/authenticate call, you'll have to use the parseHash function at the redirectUri specified in the constructor.

Source:
Parameters:
Name Type Description
options Object

options used in the authorize call after the login_ticket is acquired

Name Type Attributes Description
phoneNumber String <optional>

Phone Number (mutually exclusive with email)

email String <optional>

Email (mutually exclusive with username)

verificationCode String

Verification Code (OTP)

connection String

Passwordless connection to use. It can either be 'sms' or 'email'.

cb crossOriginLoginCallback

Callback function called only when an authentication error, like invalid username or password, occurs. For other types of errors, there will be a redirect to the redirectUri.

passwordlessStart(options, cb)

Starts a passwordless authentication transaction.

Source:
See:
Parameters:
Name Type Description
options Object
Name Type Attributes Description
send String

what will be sent via email which could be link or code. For SMS code is the only one valud

phoneNumber String <optional>

phone number where to send the code. This parameter is mutually exclusive with email

email String <optional>

email where to send the code or link. This parameter is mutually exclusive with phoneNumber

connection String

name of the passwordless connection

authParams Object <optional>

additional Auth parameters when using link

cb function

passwordlessVerify(options, cb)

Verifies the passwordless TOTP and redirects to finish the passwordless transaction

Source:
Parameters:
Name Type Description
options Object
Name Type Description
type String

sms or email

phoneNumber String

only if type = sms

email String

only if type = email

connection String

the connection name

verificationCode String

the TOTP code

cb function

passwordlessVerify(options, cb)

Verifies the passwordless TOTP and redirects to finish the passwordless transaction

Source:
Parameters:
Name Type Description
options Object
Name Type Description
type String

sms or email

phoneNumber String

only if type = sms

email String

only if type = email

connection String

the connection name

verificationCode String

the TOTP code

cb function

patchUserAttributes(userId, user, cb)

Updates the user attributes. It will patch the user attributes that the server allows it.

Source:
See:
Parameters:
Name Type Description
userId String
user Object
cb userCallback

patchUserMetadata(userId, userMetadata, cb)

Updates the user metdata. It will patch the user metdata with the attributes sent.

Source:
See:
Parameters:
Name Type Description
userId String
userMetadata Object
cb userCallback

preload(options)

Initializes the popup window and returns the instance to be used later in order to avoid being blocked by the browser.

Source:
Parameters:
Name Type Description
options Object

receives the window height and width and any other window feature to be sent to window.open

renewAuth(optionsopt, cb)

Executes a silent authentication transaction under the hood in order to fetch a new tokens for the current session. This method requires that all Auth is performed with authorize Watch out! If you're not using the hosted login page to do social logins, you have to use your own social connection keys. If you use Auth0's dev keys, you'll always get login_required as an error when calling this method.

Source:
See:
Parameters:
Name Type Attributes Description
options Object <optional>
Name Type Attributes Description
clientID String <optional>

the Client ID found on your Application settings page

redirectUri String <optional>

url that the Auth0 will redirect after Auth with the Authorization Response

responseType String <optional>

type of the response used by OAuth 2.0 flow. It can be any space separated list of the values code, token, id_token. https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html

responseMode String <optional>

how the Auth response is encoded and redirected back to the client. Supported values are query, fragment and form_post. The query value is only supported when responseType is code. https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes

state String <optional>

value used to mitigate XSRF attacks. https://auth0.com/docs/protocols/oauth2/oauth-state

nonce String <optional>

value used to mitigate replay attacks when using Implicit Grant. https://auth0.com/docs/api-auth/tutorials/nonce

scope String <optional>

scopes to be requested during Auth. e.g. openid email

audience String <optional>

identifier of the resource server who will consume the access token issued after Auth

postMessageDataType String <optional>

identifier data type to look for in postMessage event data, where events are initiated from silent callback urls, before accepting a message event is the event expected. A value of false means any postMessage event will trigger a callback.

postMessageOrigin String <optional>

origin of redirectUri to expect postMessage response from. Defaults to the origin of the receiving window. Only used if usePostMessage is truthy.

timeout String <optional>

value in milliseconds used to timeout when the /authorize call is failing as part of the silent authentication with postmessage enabled due to a configuration.

usePostMessage Boolean <optional>

use postMessage to comunicate between the silent callback and the SPA. When false the SDK will attempt to parse the url hash should ignore the url hash and no extra behaviour is needed

cb authorizeCallback

signup(options, cb)

Creates a new user in a Auth0 Database connection

Source:
See:
Parameters:
Name Type Description
options Object
Name Type Attributes Description
email String

user email address

password String

user password

connection String

name of the connection where the user will be created

userMetadata Object <optional>

additional signup attributes used for creating the user. Will be stored in user_metadata

cb signUpCallback

signup(options, cb)

Creates a new user in a Auth0 Database connection

Source:
See:
Parameters:
Name Type Description
options Object
Name Type Description
email String

user email address

password String

user password

connection String

name of the connection where the user will be created

cb signUpCallback

signupAndAuthorize(options, cb)

Signs up a new user, automatically logs the user in after the signup and returns the user token. The login will be done using /oauth/token with password-realm grant type.

Source:
See:
Parameters:
Name Type Description
options Object
Name Type Description
email String

user email address

password String

user password

connection String

name of the connection where the user will be created

cb tokenCallback

signupAndLogin(options, cb)

Signs up a new user and automatically logs the user in after the signup.

This method is not compatible with API Auth so if you need to fetch API tokens with audience you should use authorize or signupAndAuthorize.

Source:
Parameters:
Name Type Description
options Object
Name Type Description
email String

user email address

password String

user password

connection String

name of the connection where the user will be created

cb credentialsCallback

signupAndLogin(options, cb)

Signs up a new user and automatically logs the user in after the signup.

Source:
Parameters:
Name Type Description
options Object
Name Type Description
email String

user email address

password String

user password

connection String

name of the connection where the user will be created

cb crossOriginLoginCallback

signupAndLogin(options, cb)

Signs up a new user and automatically logs the user in after the signup.

Source:
Parameters:
Name Type Description
options Object
Name Type Description
email String

user email address

password String

user password

connection String

name of the connection where the user will be created

cb credentialsCallback

userInfo(accessToken, cb)

Makes a call to the /userinfo endpoint and returns the user profile

Source:
See:
Parameters:
Name Type Description
accessToken String

token issued to a user after Auth

cb userInfoCallback

validateAuthenticationResponse(options, parsedHash, cb)

Validates an Auth response from a Auth flow started with authorize

Only validates id_tokens signed by Auth0 using the RS256 algorithm using the public key exposed by the /.well-known/jwks.json endpoint of your account. Tokens signed with the HS256 algorithm cannot be properly validated. Instead, a call to userInfo will be made with the parsed access_token. If the userInfo call fails, the userInfo error will be passed to the callback. Tokens signed with other algorithms will not be accepted.

Source:
Parameters:
Name Type Description
options Object
Name Type Attributes Description
hash String

the url hash. If not provided it will extract from window.location.hash

state String <optional>

value originally sent in state parameter to authorize to mitigate XSRF

nonce String <optional>

value originally sent in nonce parameter to authorize to prevent replay attacks

parsedHash Object

an object that represents the parsed hash

cb authorizeCallback

Type Definitions

authorizeCallback(erropt, resultopt)

Source:
Parameters:
Name Type Attributes Description
err Error <optional>

error returned by Auth0 with the reason of the Auth failure

result Object <optional>

result of the Auth request. If there is no token available, this value will be null.

Name Type Attributes Description
accessToken String <optional>

token that allows access to the specified resource server (identified by the audience parameter or by default Auth0's /userinfo endpoint)

expiresIn Number <optional>

number of seconds until the access token expires

idToken String <optional>

token that identifies the user

refreshToken String <optional>

token that can be used to get new access tokens from Auth0. Note that not all Auth0 Applications can request them or the resource server might not allow them.

changePasswordCallback(erropt)

Source:
Parameters:
Name Type Attributes Description
err Error <optional>

error returned by Auth0 with the reason why the request failed

credentialsCallback(erropt, resultopt)

Source:
Parameters:
Name Type Attributes Description
err Error <optional>

error returned by Auth0 with the reason of the Auth failure

result Object <optional>

result of the AuthN request

Name Type Attributes Description
accessToken String

token that can be used with userinfo

idToken String <optional>

token that identifies the user

refreshToken String <optional>

token that can be used to get new access tokens from Auth0. Note that not all Auth0 Applications can request them or the resource server might not allow them.

crossOriginLoginCallback(erropt)

Source:
Parameters:
Name Type Attributes Description
err Error <optional>

Authentication error returned by Auth0 with the reason why the request failed

delegationCallback(erropt, resultopt)

Source:
Parameters:
Name Type Attributes Description
err Error <optional>

error returned by Auth0 with the reason why the delegation failed

result Object <optional>

result of the delegation request. The payload depends on what ai type was used

signUpCallback(erropt, resultopt)

Source:
Parameters:
Name Type Attributes Description
err Error <optional>

error returned by Auth0 with the reason why the signup failed

result Object <optional>

result of the signup request

Name Type Description
email Object

user's email

emailVerified Object

if the user's email was verified

tokenCallback(erropt, resultopt)

Source:
Parameters:
Name Type Attributes Description
err Error <optional>

error returned by Auth0 with the reason of the Auth failure

result Object <optional>

result of the Auth request

Name Type Attributes Description
accessToken String

token that allows access to the specified resource server (identified by the audience parameter or by default Auth0's /userinfo endpoint)

expiresIn Number

number of seconds until the access token expires

idToken String <optional>

token that identifies the user

refreshToken String <optional>

token that can be used to get new access tokens from Auth0. Note that not all Auth0 Applications can request them or the resource server might not allow them.

userCallback(erropt, resultopt)

Source:
Parameters:
Name Type Attributes Description
err Error <optional>

failure reason for the failed request to Management API

result Object <optional>

user profile

userInfoCallback(erropt, userInfoopt)

Source:
Parameters:
Name Type Attributes Description
err Error <optional>

error returned by Auth0

userInfo Object <optional>

user information

validateTokenCallback(erropt, payloadopt)

Source:
Parameters:
Name Type Attributes Description
err Error <optional>

error returned by while validating the token

payload Object <optional>

claims stored in the token