Thrown when handling the redirect callback for the connect flow fails, will be one of Auth0's Authentication API's Standard Error Responses: https://auth0.com/docs/api/authentication?javascript#standard-error-responses
-Thrown when network requests to the Auth server fail.
-try {
const challenge = await mfa.challenge({
mfaToken: mfaToken,
challengeType: 'otp',
authenticatorId: 'otp|dev_123'
});
} catch (error) {
if (error instanceof MfaChallengeError) {
console.log(error.error); // 'too_many_attempts'
console.log(error.error_description); // 'Rate limit exceeded'
}
}
Base class for MFA-related errors in auth0-spa-js. Extends GenericError for unified error hierarchy across the SDK.
-Error thrown when the token exchange results in a mfa_required error
try {
const tokens = await mfa.verify({
mfaToken: mfaToken,
grant_type: 'http://auth0.com/oauth/grant-type/mfa-otp',
otp: '123456'
});
} catch (error) {
if (error instanceof MfaVerifyError) {
console.log(error.error); // 'invalid_otp' or 'context_not_found'
console.log(error.error_description); // Error details
}
}
Error thrown when there is no refresh token to use
-An OAuth2 error will come from the authorization server and will have at least an error property which will
be the error code. And possibly an error_description property
See: https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.3.1.2.6
-Optionalerror_description: stringOptionalerror_description: stringOptionalerror_OptionalstackStaticstackThe Error.stackTraceLimit property specifies the number of stack frames
collected by a stack trace (whether generated by new Error().stack or
Error.captureStackTrace(obj)).
The default value is 10 but may be set to any valid JavaScript number. Changes
diff --git a/docs/classes/PopupCancelledError.html b/docs/classes/PopupCancelledError.html
index b67cafea..62c043c1 100644
--- a/docs/classes/PopupCancelledError.html
+++ b/docs/classes/PopupCancelledError.html
@@ -1,5 +1,5 @@
Thrown when network requests to the Auth server fail.
-Thrown when network requests to the Auth server fail.
-Error thrown when the login popup times out (if the user does not complete auth)
-Thrown when silent auth times out (usually due to a configuration issue) or when network requests to the Auth server timeout.
-Error thrown when the wrong DPoP nonce is used and a potential subsequent retry wasn't able to fix it.
-OptionaladdressOptionalbirthdateOptionalemailOptionalemail_Optionalfamily_OptionalgenderOptionalgiven_OptionallocaleOptionalmiddle_OptionalnameOptionalnicknameOptionalphone_Optionalphone_OptionalpictureOptionalpreferred_OptionalprofileOptionalsubOptionalupdated_OptionalwebsiteOptionalzoneinfoOptionalactOptionaladdressOptionalbirthdateOptionalemailOptionalemail_Optionalfamily_OptionalgenderOptionalgiven_OptionallocaleOptionalmiddle_OptionalnameOptionalnicknameOptionalphone_Optionalphone_OptionalpictureOptionalpreferred_OptionalprofileOptionalsubOptionalupdated_OptionalwebsiteOptionalzoneinfoProvides the Auth0Context to its child components.
-Use the useAuth0 hook in your components to access the auth state and methods.
TUser is an optional type param to provide a type to the user field.
Wrap your class components in this Higher Order Component to give them access to the Auth0Context.
Providing a context as the second argument allows you to configure the Auth0Provider the Auth0Context should come from f you have multiple within your application.
-When you wrap your components in this Higher Order Component and an anonymous user visits your component they will be redirected to the login page; after login they will be returned to the page they were redirected from.
-Represents the actor claim (act) in an ID token returned via a token exchange response.
The act claim identifies the acting party — the entity that has been delegated authority
+to act on behalf of the subject. It is set via Auth0 Actions using the setActor command.
Contains the authenticated state and authentication methods provided by the useAuth0 hook.
If connecting the account is successful onRedirectCallback will be called
with the details of the connected account.
Returns a new Fetcher class that will contain a fetchWithAuth() method.
+
Returns a new Fetcher class that will contain a fetchWithAuth() method.
This is a drop-in replacement for the Fetch API's fetch() method, but will
handle certain authentication logic for you, like building the proper auth
headers or managing DPoP nonces and retries automatically.
Check the EXAMPLES.md file for a deeper look into this method.
Optionalconfig: FetcherConfig<TOutput>The options required to perform the token exchange
+Optionalconfig: FetcherConfig<TOutput>const tokenResponse = await customTokenExchange({
subject_token: 'ey...',
subject_token_type: 'urn:acme:legacy-system-token',
actor_token: 'ey...',
actor_token_type: 'https://idp.example.com/token-type/agent',
});
+Exchanges an external subject token for Auth0 tokens without affecting the current session.
+Unlike loginWithCustomTokenExchange, this method has no side effects — it does not cache
+tokens, does not update the authenticated session, and does not affect isAuthenticated
+or user. Use this for delegation or impersonation scenarios where you need a downstream
+API token without changing who the current user is.
When actor_token is present Auth0 suppresses refresh token issuance; a missing
+refresh_token in the response is expected and will not cause an error.
The options required to perform the token exchange.
+A promise that resolves to the token endpoint response.
+The options required to perform the token exchange
A promise that resolves to the token endpoint response containing Auth0 tokens
Use loginWithCustomTokenExchange() instead. This method will be removed in the next major version.
const tokenResponse = await exchangeToken({
subject_token: 'external_token_value',
subject_token_type: 'urn:acme:legacy-system-token',
scope: 'openid profile email'
});
@@ -51,13 +64,13 @@
// Instead of:
const tokens = await exchangeToken(options);
// Use:
const tokens = await loginWithCustomTokenExchange(options);
-Returns a string to be used to demonstrate possession of the private +
Returns a string to be used to demonstrate possession of the private key used to cryptographically bind access tokens with DPoP.
It requires enabling the Auth0ClientOptions.useDpop option.
Returns a string to be used to demonstrate possession of the private key used to cryptographically bind access tokens with DPoP.
It requires enabling the Auth0ClientOptions.useDpop option.
-const token = await getAccessTokenSilently(options);
+const token = await getAccessTokenSilently(options);
If there's a valid token stored, return it. Otherwise, opens an @@ -76,7 +89,7 @@ back to using an iframe to make the token exchange.
Note that in all cases, falling back to an iframe requires access to
the auth0 cookie.
const token = await getTokenWithPopup(options, config);
+const token = await getTokenWithPopup(options, config);
Get an access token interactively.
@@ -84,7 +97,7 @@ provided as arguments. Random and securestate and nonce
parameters will be auto-generated. If the response is successful,
results will be valid according to their expiration times.
-const config = getConfiguration();
// { domain: 'tenant.auth0.com', clientId: 'abc123' }
+const config = getConfiguration();
// { domain: 'tenant.auth0.com', clientId: 'abc123' }
Returns a readonly copy of the initialization configuration @@ -94,7 +107,7 @@
Returns the current DPoP nonce used for making requests to Auth0.
+Returns the current DPoP nonce used for making requests to Auth0.
It can return undefined because when starting fresh it will not
be populated until after the first response from the server.
It requires enabling the Auth0ClientOptions.useDpop option.
@@ -109,16 +122,16 @@const claims = await getIdTokenClaims();
+const claims = await getIdTokenClaims();
Returns all claims from the id_token if available.
-After the browser redirects back to the callback page, +
After the browser redirects back to the callback page,
call handleRedirectCallback to handle success and error
responses from Auth0. If the response is successful, results
will be valid according to their expiration times.
Optionalurl: stringThe URL to that should be used to retrieve the state and code values. Defaults to window.location.href if not given.
await loginWithCustomTokenExchange(options);
+await loginWithCustomTokenExchange(options);
Exchanges an external subject token for Auth0 tokens and logs the user in. @@ -142,7 +155,7 @@
const options = {
subject_token: 'eyJhbGciOiJIUzI1NiIsInR5cCI6Ikp...',
subject_token_type: 'urn:acme:legacy-system-token',
scope: 'openid profile email',
audience: 'https://api.example.com',
organization: 'org_12345'
};
try {
const tokenResponse = await loginWithCustomTokenExchange(options);
console.log('Access token:', tokenResponse.access_token);
// User is now logged in - access user info
const user = await getUser();
console.log('Logged in user:', user);
} catch (error) {
console.error('Token exchange failed:', error);
}
await loginWithPopup(options, config);
+await loginWithPopup(options, config);
Opens a popup with the /authorize URL using the parameters
@@ -152,20 +165,20 @@
IMPORTANT: This method has to be called from an event handler that was started by the user like a button click, for example, otherwise the popup will be blocked in most browsers.
-await loginWithRedirect(options);
+await loginWithRedirect(options);
Performs a redirect to /authorize using the parameters
provided as arguments. Random and secure state and nonce
parameters will be auto-generated.
auth0.logout({ logoutParams: { returnTo: window.location.origin } });
+auth0.logout({ logoutParams: { returnTo: window.location.origin } });
Clears the application session and performs a redirect to /v2/logout, using
the parameters provided as arguments, to clear the Auth0 session.
If the logoutParams.federated option is specified, it also clears the Identity Provider session.
Read more about how Logout works at Auth0.
const { mfa } = useAuth0();
const authenticators = await mfa.getAuthenticators(mfaToken);
+const { mfa } = useAuth0();
const authenticators = await mfa.getAuthenticators(mfaToken);
MFA API client for Multi-Factor Authentication operations.
@@ -180,7 +193,7 @@const { mfa, getAccessTokenSilently } = useAuth0();
try {
await getAccessTokenSilently();
} catch (error) {
if (error.error === 'mfa_required') {
// Check if enrollment is needed
const factors = await mfa.getEnrollmentFactors(error.mfa_token);
if (factors.length > 0) {
// Enroll in OTP
const enrollment = await mfa.enroll({
mfaToken: error.mfa_token,
factorType: 'otp'
});
console.log('QR Code:', enrollment.barcodeUri);
}
// Get authenticators and challenge
const authenticators = await mfa.getAuthenticators(error.mfa_token);
await mfa.challenge({
mfaToken: error.mfa_token,
challengeType: 'otp',
authenticatorId: authenticators[0].id
});
// Verify with user's code
const tokens = await mfa.verify({
mfaToken: error.mfa_token,
otp: userCode
});
}
}
Sets the current DPoP nonce used for making requests to Auth0.
+Sets the current DPoP nonce used for making requests to Auth0.
It requires enabling the Auth0ClientOptions.useDpop option.
Sets the current DPoP nonce used for making requests to Auth0.
It requires enabling the Auth0ClientOptions.useDpop option.
@@ -192,4 +205,4 @@Email enrollment parameters
-OptionalemailEmail address (optional, uses user's email if not provided)
diff --git a/docs/interfaces/EnrollOtpParams.html b/docs/interfaces/EnrollOtpParams.html index 0236a64c..559ce36e 100644 --- a/docs/interfaces/EnrollOtpParams.html +++ b/docs/interfaces/EnrollOtpParams.html @@ -1,5 +1,5 @@OTP (Time-based One-Time Password) enrollment parameters
-The factor type for enrollment
MFA token from mfa_required error
diff --git a/docs/interfaces/EnrollPushParams.html b/docs/interfaces/EnrollPushParams.html index cde6fa41..6a1b93f1 100644 --- a/docs/interfaces/EnrollPushParams.html +++ b/docs/interfaces/EnrollPushParams.html @@ -1,5 +1,5 @@Push notification enrollment parameters
-The factor type for enrollment
MFA token from mfa_required error
diff --git a/docs/interfaces/EnrollSmsParams.html b/docs/interfaces/EnrollSmsParams.html index 220269da..7836af72 100644 --- a/docs/interfaces/EnrollSmsParams.html +++ b/docs/interfaces/EnrollSmsParams.html @@ -1,5 +1,5 @@SMS enrollment parameters
-The factor type for enrollment
diff --git a/docs/interfaces/EnrollVoiceParams.html b/docs/interfaces/EnrollVoiceParams.html index 9f0fab02..4b673f1f 100644 --- a/docs/interfaces/EnrollVoiceParams.html +++ b/docs/interfaces/EnrollVoiceParams.html @@ -1,5 +1,5 @@Voice enrollment parameters
-The factor type for enrollment
diff --git a/docs/interfaces/GetTokenWithPopupOptions.html b/docs/interfaces/GetTokenWithPopupOptions.html index 36200771..47b70cb2 100644 --- a/docs/interfaces/GetTokenWithPopupOptions.html +++ b/docs/interfaces/GetTokenWithPopupOptions.html @@ -1,4 +1,4 @@ -OptionalauthorizationURL parameters that will be sent back to the Authorization Server. This can be known parameters defined by Auth0 or custom parameters that you define.
diff --git a/docs/interfaces/IdToken.html b/docs/interfaces/IdToken.html index deea3a65..84bc3c5b 100644 --- a/docs/interfaces/IdToken.html +++ b/docs/interfaces/IdToken.html @@ -1,5 +1,6 @@ -OptionalacrOptionaladdressOptionalamrOptionalat_OptionalaudOptionalauth_OptionalazpOptionalbirthdateOptionalc_OptionalcnfOptionalemailOptionalemail_OptionalexpOptionalfamily_OptionalgenderOptionalgiven_OptionaliatOptionalissOptionaljtiOptionallocaleOptionalmiddle_OptionalnameOptionalnbfOptionalnicknameOptionalnonceOptionalorg_Optionalorg_Optionalphone_Optionalphone_OptionalpictureOptionalpreferred_OptionalprofileOptionalsidOptionalsub_Optionalupdated_OptionalwebsiteOptionalzoneinfoOptionalacrOptionalactThe actor claim, present in ID tokens returned via token exchange responses.
+Identifies the acting party that has been delegated authority to act on behalf
+of the subject. Set via Auth0 Actions using the setActor command.
OptionaladdressOptionalamrOptionalat_OptionalaudOptionalauth_OptionalazpOptionalbirthdateOptionalc_OptionalcnfOptionalemailOptionalemail_OptionalexpOptionalfamily_OptionalgenderOptionalgiven_OptionaliatOptionalissOptionaljtiOptionallocaleOptionalmiddle_OptionalnameOptionalnbfOptionalnicknameOptionalnonceOptionalorg_Optionalorg_Optionalphone_Optionalphone_OptionalpictureOptionalpreferred_OptionalprofileOptionalsidOptionalsub_Optionalupdated_OptionalwebsiteOptionalzoneinfoOptionalclientThe clientId of your application.
Components wrapped in withAuth0 will have an additional auth0 prop
Options for the withAuthenticationRequired Higher Order Component
-OptionalcontextThe context to be used when calling useAuth0, this should only be provided if you are using multiple Auth0Providers within your application and you wish to tie a specific component to a Auth0Provider other than the Auth0Provider associated with the default Auth0Context.
-OptionalloginwithAuthenticationRequired(Profile, {
loginOptions: {
appState: {
customProp: 'foo'
}
}
})
+OptionalloginwithAuthenticationRequired(Profile, {
loginOptions: {
appState: {
customProp: 'foo'
}
}
})
Pass additional login options, like extra appState to the login page.
This will be merged with the returnTo option used by the onRedirectCallback handler.
OptionalonwithAuthenticationRequired(Profile, {
onBeforeAuthentication: () => { analyticsLibrary.track('login_triggered'); }
})
+OptionalonwithAuthenticationRequired(Profile, {
onBeforeAuthentication: () => { analyticsLibrary.track('login_triggered'); }
})
Allows executing logic before the user is redirected to the login page.
-OptionalonwithAuthenticationRequired(Profile, {
onRedirecting: () => <div>Redirecting you to the login...</div>
})
+OptionalonwithAuthenticationRequired(Profile, {
onRedirecting: () => <div>Redirecting you to the login...</div>
})
Render a message to show that the user is being redirected to the login.
-OptionalreturnwithAuthenticationRequired(Profile, {
returnTo: '/profile'
})
+OptionalreturnwithAuthenticationRequired(Profile, {
returnTo: '/profile'
})
or
@@ -28,4 +28,4 @@Add a path for the onRedirectCallback handler to return the user to after login.
The state of the application before the user was redirected to the login page and any account that the user may have connected to.
-The main configuration to instantiate the Auth0Provider.
Either provide domain and clientId (Auth0ProviderWithConfigOptions)
or a pre-configured client instance (Auth0ProviderWithClientOptions).
Options for Auth0Provider when configuring Auth0 via domain and clientId.
Use this type when building wrapper components around Auth0Provider.
The account that has been connected during the connect flow.
-Represents the configuration options required for initiating a Custom Token Exchange request following RFC 8693 specifications.
Additional custom parameters for Auth0 Action processing
+Additional custom parameters for Auth0 Action processing
Optionalactor_A token representing the acting party for delegation or impersonation scenarios.
+Optionalactor_The type identifier for the actor token.
+OptionalaudienceThe target audience for the requested Auth0 token
+OptionalorganizationID or name of the organization to use when authenticating a user. When provided, the user will be authenticated using the organization context. The organization ID will be present in the access token payload.
OptionalscopeSpace-separated list of OAuth 2.0 scopes being requested
-The opaque token value being exchanged for Auth0 tokens
@@ -31,7 +45,7 @@jose, jsonwebtokenThe type identifier for the subject token being exchanged
@@ -45,7 +59,7 @@ -ConstThe Auth0 Context
-
Thrown when handling the redirect callback fails, will be one of Auth0's Authentication API's Standard Error Responses: https://auth0.com/docs/api/authentication?javascript#standard-error-responses
-