Interface BaseConfig


  • BaseConfig


auth0Logout?: boolean

Boolean value to enable Auth0's proprietary logout feature. Since this SDK is for Auth0, it's set to true by default. Set it to false if you don't want to use You can also use the AUTH0_LOGOUT environment variable.

authorizationParams: AuthorizationParameters

URL parameters used when redirecting users to the authorization server to log in.

If this property is not provided by your application, its default values will be:

response_type: 'code',
scope: 'openid profile email'

New values can be passed in to change what is returned from the authorization server depending on your specific scenario. Additional custom parameters can be added as well.

Note: You must provide the required parameters if this object is set.

response_type: 'code',
scope: 'openid profile email',

// Additional parameters
acr_value: 'tenant:test-tenant',
custom_param: 'custom-value'
baseURL: string

The root URL for the application router, for example https://localhost. You can also use the AUTH0_BASE_URL environment variable. If you provide a domain, we will prefix it with https://. This can be useful when assigning it to VERCEL_URL for Vercel deploys.

NEXT_PUBLIC_AUTH0_BASE_URL will also be checked if AUTH0_BASE_URL is not defined.

clientAssertionSigningAlg?: string

The algorithm to sign the client assertion JWT. Uses one of token_endpoint_auth_signing_alg_values_supported if not specified. If the Authorization Server discovery document does not list token_endpoint_auth_signing_alg_values_supported this property will be required. You can also use the AUTH0_CLIENT_ASSERTION_SIGNING_ALG environment variable.

clientAssertionSigningKey?: string

Private key for use with private_key_jwt clients. This should be a string that is the contents of a PEM file. You can also use the AUTH0_CLIENT_ASSERTION_SIGNING_KEY environment variable.

clientID: string

The Client ID for your application. You can also use the AUTH0_CLIENT_ID environment variable.

clientSecret?: string

The Client Secret for your application. Required when requesting access tokens. You can also use the AUTH0_CLIENT_SECRET environment variable.

clockTolerance: number

Integer value for the system clock's tolerance (leeway) in seconds for ID token verification.Defaults to60seconds. You can also use theAUTH0_CLOCK_TOLERANCE` environment variable.

enableTelemetry: boolean

Boolean value to opt-out of sending the library and node version to your authorization server via the Auth0-Client header. Defaults to true. You can also use the AUTH0_ENABLE_TELEMETRY environment variable.

getLoginState: ((req, options) => Record<string, any>)

Type declaration

    • (req, options): Record<string, any>
    • Function that returns an object with URL-safe state values for login. Used for passing custom state parameters to your authorization server. Can also be passed in to HandleLogin.

      getLoginState(req, options) {
      return {
      returnTo: options.returnTo || req.originalUrl,
      customState: 'foo'


      • req: IncomingMessage
      • options: LoginOptions

      Returns Record<string, any>

httpTimeout: number

Integer value for the HTTP timeout in milliseconds for authentication requests. Defaults to 5000 ms. You can also use the AUTH0_HTTP_TIMEOUT environment variable.

idTokenSigningAlg: string

String value for the expected ID token algorithm. Defaults to 'RS256'. You can also use the AUTH0_ID_TOKEN_SIGNING_ALG environment variable.

identityClaimFilter: string[]

Array value of claims to remove from the ID token before storing the cookie session. Defaults to ['aud', 'iss', 'iat', 'exp', 'nbf', 'nonce', 'azp', 'auth_time', 's_hash', 'at_hash', 'c_hash']. You can also use the AUTH0_IDENTITY_CLAIM_FILTER environment variable.

idpLogout: boolean

Boolean value to log the user out from the identity provider on application logout. Defaults to true. You can also use the AUTH0_IDP_LOGOUT environment variable.

issuerBaseURL: string

REQUIRED The root URL for the token issuer with no trailing slash. This is https:// plus your Auth0 domain. You can also use the AUTH0_ISSUER_BASE_URL environment variable.

legacySameSiteCookie: boolean

Set a fallback cookie with no SameSite attribute when response_mode is form_post. The default response_mode for this SDK is query so this defaults to false You can also use the AUTH0_LEGACY_SAME_SITE_COOKIE environment variable.

routes: {
    callback: string;
    postLogoutRedirect: string;

Boolean value to automatically install the login and logout routes.

Type declaration

  • callback: string

    Relative path to the application callback to process the response from the authorization server. Defaults to /api/auth/callback. You can also use the AUTH0_CALLBACK environment variable.

  • postLogoutRedirect: string

    Either a relative path to the application or a valid URI to an external domain. This value must be registered on the authorization server. The user will be redirected to this after a logout has been performed. You can also use the AUTH0_POST_LOGOUT_REDIRECT environment variable.

secret: string | string[]

The secret(s) used to derive an encryption key for the user identity in a session cookie and to sign the transient cookies used by the login callback. Provide a single string secret, but if you want to rotate the secret you can provide an array putting the new secret first. You can also use the AUTH0_SECRET environment variable.

session: SessionConfig

Object defining application session cookie attributes.