Creates a new Fetcher instance with DPoP support and authentication capabilities.
This method creates fetcher-scoped DPoP handles via oauth.DPoP(this.clientMetadata, this.dpopKeyPair!)
.
Each fetcher instance maintains its own DPoP nonce state for isolation and security.
It is recommended to create fetchers at module level and reuse them across requests
Configuration options for the fetcher
Promise resolving to a configured Fetcher instance
const managementApi = await auth0.fetcherFactory({
baseUrl: `https://${process.env.AUTH0_DOMAIN}/api/v2/`,
session: await getSession(req, res)
});
// Use the same fetcher for multiple requests
const users = await managementApi.get('users');
const roles = await managementApi.get('roles');
DPoP Nonce Management:
Filters and processes ID token claims for a session.
If a beforeSessionSaved
callback is configured, it will be invoked to allow
custom processing of the session and ID token. Otherwise, default filtering
will be applied to remove standard ID token claims from the user object.
Optional
idToken: stringExchanges a refresh token for an access token for a connection.
This method performs a token exchange using the provided refresh token and connection details.
It first checks if the refresh token is present in the tokenSet
. If not, it returns an error.
Then, it constructs the necessary parameters for the token exchange request and performs
the request to the authorization server's token endpoint.
A promise that resolves to a tuple.
The first element is either an AccessTokenForConnectionError
if an error occurred, or null
if the request was successful.
The second element is either null
if an error occurred, or a ConnectionTokenSet
object
containing the access token, expiration time, and scope if the request was successful.
Retrieves OAuth token sets, handling token refresh when necessary or if forced.
A tuple containing either:
[SdkError, null]
if an error occurred (missing refresh token, discovery failure, or refresh failure)[null, {tokenSet, idTokenClaims}]
if a new token was retrieved, containing the new token set ID token claims[null, {tokenSet, }]
if token refresh was not done and existing token was returned
Initiates the connect account flow for linking a third-party account to the user's profile. The user will be redirected to authorize the connection.