///
export as namespace auth0;
export class Authentication {
constructor(options: AuthOptions);
passwordless: PasswordlessAuthentication;
dbConnection: DBConnection;
/**
* Builds and returns the `/authorize` url in order to initialize a new authN/authZ transaction
*
* @param options: https://auth0.github.io/auth0.js/global.html#buildAuthorizeUrl
* @see {@link https://auth0.com/docs/api/authentication#authorize-client}
* @see {@link https://auth0.com/docs/api/authentication#social}
*/
buildAuthorizeUrl(options: AuthorizeUrlOptions): string;
/**
* Builds and returns the Logout url in order to initialize a new authN/authZ transaction
*
* @param options: https://auth0.com/docs/api/authentication#!#get--v2-logout
*/
buildLogoutUrl(options?: LogoutOptions): string;
/**
* Makes a call to the `oauth/token` endpoint with `password` grant type
*
* @param options: https://auth0.com/docs/api-auth/grant/password
*/
loginWithDefaultDirectory(options: DefaultDirectoryLoginOptions, callback: Auth0Callback): void;
/**
* Makes a call to the `/ro` endpoint
* @deprecated `loginWithResourceOwner` will be soon deprecated, user `login` instead.
*/
loginWithResourceOwner(options: ResourceOwnerLoginOptions, callback: Auth0Callback): void;
/**
* Makes a call to the `oauth/token` endpoint with `password-realm` grant type
*/
login(options: DefaultLoginOptions, callback: Auth0Callback): void;
/**
* Makes a call to the `oauth/token` endpoint
*/
oauthToken(options: any, callback: Auth0Callback): void;
/**
* Makes a call to the `/ssodata` endpoint
*/
getSSOData(callback?: Auth0Callback): void;
/**
* Makes a call to the `/ssodata` endpoint
*/
getSSOData(withActiveDirectories: boolean, callback?: Auth0Callback): void;
/**
* Makes a call to the `/userinfo` endpoint and returns the user profile
*/
userInfo(accessToken: string, callback: Auth0Callback): void;
/**
* Makes a call to the `/delegation` endpoint
*
* @param options: https://auth0.com/docs/api/authentication#!#post--delegation
*/
delegation(options: DelegationOptions, callback: Auth0Callback): any;
/**
* Fetches the user country based on the ip.
*/
getUserCountry(callback: Auth0Callback<{ countryCode: string }>): void;
}
export class PasswordlessAuthentication {
constructor(request: any, option: any);
/**
* Builds and returns the passwordless TOTP verify url in order to initialize a new authN/authZ transaction
*/
buildVerifyUrl(options: PasswordlessVerifyOptions): string;
/**
* Initializes a new passwordless authN/authZ transaction
*
* @param options: https://auth0.com/docs/api/authentication#passwordless
*/
start(options: PasswordlessStartOptions, callback: Auth0Callback): void;
/**
* Verifies the passwordless TOTP and returns an error if any.
*/
verify(options: PasswordlessVerifyOptions, callback: Auth0Callback): void;
}
export class DBConnection {
constructor(request: any, option: any);
/**
* Creates a new user in a Auth0 Database connection
* @param options https://auth0.com/docs/api/authentication#signup
*/
signup(options: DbSignUpOptions, callback: Auth0Callback): void;
/**
* Initializes the change password flow
*
* @param options: https://auth0.com/docs/api/authentication#!#post--dbconnections-change_password
*/
changePassword(options: ChangePasswordOptions, callback: Auth0Callback): void;
}
export class Management {
/**
* Initialize your client class, by using a Non Interactive Client to fetch an access_token via the Client Credentials Grant.
*/
constructor(options: ManagementOptions);
/**
* Returns the user profile. https://auth0.com/docs/api/management/v2#!/Users/get_users_by_id
*/
getUser(userId: string, callback: Auth0Callback): void;
/**
* Updates the user metadata. It will patch the user metadata with the attributes sent.
* https://auth0.com/docs/api/management/v2#!/Users/patch_users_by_id
*/
patchUserMetadata(userId: string, userMetadata: any, callback: Auth0Callback): void;
/**
* Updates the user attributes.
* It will patch the root attributes that the server allows it.
* {@link https://auth0.com/docs/api/management/v2#!/Users/patch_users_by_id}
*/
patchUserAttributes(userId: string, user: Auth0UserProfile, callback: Auth0Callback): void;
/**
* Link two users. https://auth0.com/docs/api/management/v2#!/Users/post_identities
*/
linkUser(userId: string, secondaryUserToken: string, callback: Auth0Callback): void;
}
export class WebAuth {
constructor(options: AuthOptions);
client: Authentication;
popup: Popup;
redirect: Redirect;
crossOriginAuthentication: CrossOriginAuthentication;
/**
* Redirects to the hosted login page (`/authorize`) in order to initialize a new authN/authZ transaction
*
* @param options: https://auth0.com/docs/api/authentication#!#get--authorize_db
*/
authorize(options?: AuthorizeOptions): void;
/**
* Parse the url hash and extract the returned tokens depending on the transaction.
*
* Only validates id_tokens signed by Auth0 using the RS256 algorithm using the public key exposed
* by the `/.well-known/jwks.json` endpoint. Id tokens signed with other algorithms will not be
* accepted.
*
* @param callback: any(err, token_payload)
*/
parseHash(callback: Auth0Callback): void;
/**
* Parse the url hash and extract the returned tokens depending on the transaction.
*
* Only validates id_tokens signed by Auth0 using the RS256 algorithm using the public key exposed
* by the `/.well-known/jwks.json` endpoint. Id tokens signed with other algorithms will not be
* accepted.
*
* @param callback: any(err, token_payload)
*/
parseHash(options: ParseHashOptions, callback: Auth0Callback): void;
/**
* Decodes the id_token and verifies the nonce.
*
* @param callback: function(err, {payload, transaction})
*/
validateToken(token: string, nonce: string, callback: Auth0Callback): void;
/**
* Executes a silent authentication transaction under the hood in order to fetch a new tokens for the current session.
* This method requires that all Auth is performed with {@link authorize}
* Watch out! If you're not using the hosted login page to do social logins, you have to use your own [social connection keys](https://manage.auth0.com/#/connections/social).
* If you use Auth0's dev keys, you'll always get `login_required` as an error when calling this method.
*
* @param options: any valid oauth2 parameter to be sent to the `/authorize` endpoint
*/
renewAuth(options: RenewAuthOptions, callback: Auth0Callback): void;
/**
* Initialices a change password transaction
*
* @param options: https://auth0.com/docs/api/authentication#!#post--dbconnections-change_password
*/
changePassword(options: ChangePasswordOptions, callback: Auth0Callback): void;
/**
* Signs up a new user
*
* @param options: https://auth0.com/docs/api/authentication#!#post--dbconnections-signup
*/
signup(options: DbSignUpOptions, callback: Auth0Callback): void;
/**
* Signs up a new user, automatically logs the user in after the signup and returns the user token.
* The login will be done using /oauth/token with password-realm grant type.
*
* @param options: https://auth0.com/docs/api/authentication#!#post--dbconnections-signup
*/
signupAndAuthorize(options: DbSignUpOptions, callback: Auth0Callback): void;
/**
* Logs in the user with username and password using the cross origin authentication (/co/authenticate) flow.
* You can use either `username` or `email` to identify the user, but `username` will take precedence over `email`.
*
* This only works when 3rd party cookies are enabled in the browser.
* After the /co/authenticate call, you'll have to use the {@link parseHash} function at the `redirectUri` specified in the constructor.
*
* @param options options used in the {@link authorize} call after the login_ticket is acquired
* @param cb Callback function called only when an authentication error, like invalid username or password, occurs.
* For other types of errors, there will be a redirect to the `redirectUri`.
*/
login(options: CrossOriginLoginOptions, callback: Auth0Callback): void;
/**
* Runs the callback code for the cross origin authentication call.
* This method is meant to be called by the cross origin authentication callback url.
* @deprecated Use {@link crossOriginVerification} instead.
*/
crossOriginAuthenticationCallback(): void;
/**
* Runs the callback code for the cross origin authentication call.
* This method is meant to be called by the cross origin authentication callback url.
*/
crossOriginVerification(): void;
/**
* Redirects to the auth0 logout endpoint
*
* If you want to navigate the user to a specific URL after the logout, set that URL at the returnTo parameter. The URL should be included in any the appropriate Allowed Logout URLs list:
*
* - If the client_id parameter is included, the returnTo URL must be listed in the Allowed Logout URLs set at the client level (see Setting Allowed Logout URLs at the App Level).
* - If the client_id parameter is NOT included, the returnTo URL must be listed in the Allowed Logout URLs set at the account level (see Setting Allowed Logout URLs at the Account Level).
*
* @see {@link https://auth0.com/docs/api/authentication#logout}
*/
logout(options: LogoutOptions): void;
/**
* Initialices a passwordless authentication transaction
*
* @param options: https://auth0.com/docs/api/authentication#passwordless
*/
passwordlessStart(options: PasswordlessStartOptions, callback: Auth0Callback): void;
/**
* Verifies the passwordless TOTP and redirects to finish the passwordless transaction
*
* @param options:
*/
passwordlessVerify(options: PasswordlessVerifyOptions, callback: Auth0Callback): void;
/**
* Logs in a user with the verification code sent to the user
* @param options
* @param callback
*/
passwordlessLogin(options: PasswordlessLoginOptions, callback: Auth0Callback): void;
/**
* Renews an existing session on Auth0's servers using `response_mode=web_message` (i.e. Auth0's hosted login page)
*
* @param options options used in {@link authorize} call
* @param cb
* @see {@link https://auth0.com/docs/libraries/auth0js/v9#using-checksession-to-acquire-new-tokens}
*/
checkSession(options: CheckSessionOptions, cb: Auth0Callback): void;
/**
* Renders the captcha challenge in the provided element.
* This function can only be used in the context of a Classic Universal Login Page.
* @param element The element where the captcha needs to be rendered
* @param [options] The configuration options for the captcha
* @param [callback] An optional completion callback
*
* @see {@link https://auth0.github.io/auth0.js/WebAuth.html#renderCaptcha}
*/
renderCaptcha(element: HTMLElement, options?: CatpchaConfiguration, callback?: Auth0Callback): Captcha;
}
export class Redirect {
constructor(client: any, options: any);
/**
* Performs authentication with username/email and password with a database connection
*
* This method is not compatible with API Auth so if you need to fetch API tokens with audience
* you should use {@link authorize} or {@link login}.
*/
loginWithCredentials(
options: {
/** url that the Auth0 will redirect after Auth with the Authorization Response */
redirectUri?: string | undefined;
/** type of the response used. It can be any of the values `code` and `token` */
responseType?: string | undefined;
/** how the AuthN response is encoded and redirected back to the client. */
responseMode?: "query" | "fragment" | undefined;
/** scopes to be requested during AuthN. e.g. `openid email` */
scope: string;
},
callback: Auth0Callback,
): void;
/**
* Signs up a new user and automatically logs the user in after the signup.
*/
signupAndLogin(
options: {
/** user email address */
email: string;
/** user password */
password: string;
/** name of the connection where the user will be created */
connection: string;
/** allow userMetadata to be passed to signUp */
userMetadata?: unknown | undefined;
} & CrossOriginLoginOptions,
callback: Auth0Callback,
): void;
}
export class Popup {
constructor(client: any, options: any);
/**
* Returns a new instance of the popup handler
*/
private buildPopupHandler(): any;
/**
* Initializes the popup window and returns the instance to be used later in order to avoid being blocked by the browser.
*
* @param options: receives the window height and width and any other window feature to be sent to window.open
*/
preload(options: any): any;
/**
* Handles the popup logic for the callback page.
* @see {@link parseHash}
*/
callback(options: {
/**
* the url hash.
* @default window.location.hash
*/
hash: string;
/** value originally sent in `state` parameter to {@link authorize} to mitigate XSRF */
state?: string | undefined;
/** value originally sent in `nonce` parameter to {@link authorize} to prevent replay attacks */
nonce?: string | undefined;
/**
* makes parseHash perform or skip `id_token` verification.
* We **strongly** recommend validating the `id_token` yourself if you disable the verification.
*/
_idTokenVerification?: string | undefined;
}): void;
/**
* Shows inside a new window the hosted login page (`/authorize`) in order to start a new authN/authZ transaction and post its result using `postMessage`.
* @see {@link https://auth0.com/docs/api/authentication#authorize-client}
*/
authorize(
options: {
/** your Auth0 domain */
domain: string;
/** your Auth0 client identifier obtained when creating the client in the Auth0 Dashboard */
clientId?: string | undefined;
/**
* identity provider whose login page will be displayed in the popup.
* If omitted the hosted login page is used.
* {@link https://auth0.com/docs/identityproviders}
*/
connection?: string | undefined;
/** url that the Auth0 will redirect after Auth with the Authorization Response */
redirectUri: string;
/**
* type of the response used by OAuth 2.0 flow.
* It can be any space separated list of the values `code`, `token`, `id_token`.
* {@link https://openid.net/specs/oauth-v2-multiple-response-types-1_0}
*/
responseType: string;
/**
* how the Auth response is encoded and redirected back to the client.
* {@link https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes}
*/
responseMode?: "query" | "fragment" | "form_post" | undefined;
/**
* value used to mitigate XSRF attacks.
* {@link https://auth0.com/docs/protocols/oauth2/oauth-state}
*/
state?: string | undefined;
/**
* value used to mitigate replay attacks when using Implicit Grant.
* {@link https://auth0.com/docs/api-auth/tutorials/nonce}
*/
nonce?: string | undefined;
/** scopes to be requested during Auth. e.g. `openid email` */
scope?: string | undefined;
/** identifier of the resource server who will consume the access token issued after Auth */
audience?: string | undefined;
/** determines if Auth0 should render the relay page or not and the caller is responsible of handling the response. */
owp?: boolean | undefined;
},
callback: Auth0Callback,
): void;
/**
* Performs authentication with username/email and password with a database connection inside a new window
*
* This method is not compatible with API Auth so if you need to fetch API tokens with audience
* you should use {@link authorize} or {@link login}.
*/
loginWithCredentials(
options: {
/** url that the Auth0 will redirect after Auth with the Authorization Response */
redirectUri?: string | undefined;
/** type of the response used. */
responseType?: "code" | "token" | undefined;
/** how the AuthN response is encoded and redirected back to the client. */
responseMode?: "query" | "fragment" | undefined;
/** scopes to be requested during AuthN. e.g. `openid email` */
scope?: string | undefined;
},
callback: Auth0Callback,
): void;
/**
* Verifies the passwordless TOTP and returns the requested token
*/
passwordlessVerify(
options: {
type: "sms" | "email";
/** only if type = sms */
phoneNumber?: string | undefined;
/** only if type = email */
email?: string | undefined;
/** the connection name */
connection: string;
/** the TOTP code */
verificationCode: string;
},
callback: Auth0Callback,
): void;
/**
* Signs up a new user and automatically logs the user in after the signup.
*
* This method is not compatible with API Auth so if you need to fetch API tokens with audience
* you should use {@link authorize} or {@link signupAndAuthorize}.
*/
signupAndLogin(
options: {
/** user email address */
email: string;
/** user password */
password: string;
/** name of the connection where the user will be created */
connection: string;
/** allow userMetadata to be passed to signUp */
userMetadata?: unknown | undefined;
},
callback: Auth0Callback,
): void;
}
export class CrossOriginAuthentication {
constructor(webAuth: any, options: any);
/**
* Logs in the user with username and password using the cross origin authentication (/co/authenticate) flow.
* You can use either `username` or `email` to identify the user, but `username` will take precedence over `email`.
* This only works when 3rd party cookies are enabled in the browser.
* After the /co/authenticate call, you'll have to use the {@link parseHash} function at the `redirectUri` specified in the constructor.
*
* @param options options used in the {@link authorize} call after the login_ticket is acquired
* @param cb Callback function called only when an authentication error, like invalid username or password, occurs.
* For other types of errors, there will be a redirect to the `redirectUri`.
*/
login(options: CrossOriginLoginOptions, callback: Auth0Callback): void;
/**
* Runs the callback code for the cross origin authentication call. This method is meant to be called by the cross origin authentication callback url.
*/
callback(): void;
}
export type Auth0Callback = (error: null | E, result: T) => void;
export interface TokenProvider {
enableCache?: boolean | undefined;
cacheTTLInSeconds?: number | undefined;
}
export interface ManagementOptions {
domain: string;
token?: string | undefined;
clientId?: string | undefined;
clientSecret?: string | undefined;
audience?: string | undefined;
scope?: string | undefined;
tokenProvider?: TokenProvider | undefined;
telemetry?: boolean | undefined;
}
export interface AuthOptions {
domain: string;
clientID: string;
responseType?: string | undefined;
responseMode?: string | undefined;
redirectUri?: string | undefined;
scope?: string | undefined;
audience?: string | undefined;
/**
* The domain the cookie is accessible from.
* If not set, the cookie is scoped to the current domain, including the subdomain.
* To keep a user logged in across multiple subdomains set this to your top-level domain
* and prefixed with a `.` (eg: `.example.com`)
*/
cookieDomain?: string | undefined;
/**
* maximum elapsed time in seconds since the last time the user
* was actively authenticated by the authorization server.
*/
maxAge?: number | undefined;
leeway?: number | undefined;
jwksURI?: string | undefined;
overrides?: {
__tenant?: string | undefined;
__token_issuer?: string | undefined;
__jwks_uri?: string | undefined;
} | undefined;
plugins?: any;
popupOrigin?: string | undefined;
protocol?: string | undefined;
response_type?: string | undefined;
state?: string | undefined;
tenant?: string | undefined;
universalLoginPage?: boolean | undefined;
_csrf?: string | undefined;
_intstate?: string | undefined;
_timesToRetryFailedRequests?: number | undefined;
_disableDeprecationWarnings?: boolean | undefined;
_sendTelemetry?: boolean | undefined;
_telemetryInfo?: any;
__tryLocalStorageFirst?: boolean | undefined;
}
export type DoneCallback = (err?: Auth0Error) => void;
export interface Captcha {
reload: (done: DoneCallback) => void;
getValue: () => string;
}
export interface CatpchaConfiguration {
/**
* An object containaing templates for each captcha provider
*/
templates?: CaptchaTemplates | undefined;
/**
* The ISO code of the language for recaptcha
* @default 'en'
*/
lang?: string | undefined;
}
/**
* An object containing templates for a captcha provider
*/
export interface CaptchaTemplates {
/**
* Template function receiving the challenge and returning an string
*/
auth0?: ((challenge: Auth0Challenge) => string) | undefined;
/**
* Template function receiving the challenge and returning an string
*/
recaptcha_v2?: ((challenge: Auth0Challenge) => string) | undefined;
error: (error: Error) => string;
}
export interface Auth0Challenge {
type: "code";
image: string;
required: boolean;
provider: "auth0" | "recaptcha_v2";
[other: string]: unknown;
}
export interface PasswordlessAuthOptions {
connection: string;
verificationCode: string;
phoneNumber: string;
email: string;
}
/**
* These are error codes defined by the auth0-js lib.
*/
export type LibErrorCodes = "timeout" | "request_error" | "invalid_token";
/**
* The user was not logged in at Auth0, so silent authentication is not possible.
*/
export type LoginRequiredErrorCode = "login_required";
/**
* The user was logged in at Auth0 and has authorized the application, but needs to
* be redirected elsewhere before authentication can be completed; for example, when
* using a redirect rule.
*/
export type InteractionRequiredErrorCode = "interaction_required";
/**
* The user was logged in at Auth0, but needs to give consent to authorize the application.
*/
export type ConsentRequiredErrorCode = "consent_required";
/**
* These are error codes defined by the OpenID Connect specification.
*/
export type SpecErrorCodes =
| LoginRequiredErrorCode
| InteractionRequiredErrorCode
| ConsentRequiredErrorCode
| "account_selection_required"
| "invalid_request_uri"
| "invalid_request_object"
| "request_not_supported"
| "request_uri_not_supported"
| "registration_not_supported";
export interface Auth0Error {
error: LibErrorCodes | SpecErrorCodes | string;
errorDescription?: string | undefined;
// Auth0 is not consistent in the naming of the error description field
error_description?: string | undefined;
// Need to include non-intuitive error fields that Auth0 uses
code?: string | undefined;
description?: string | undefined;
name?: string | undefined;
policy?: string | undefined;
original?: any;
statusCode?: number | undefined;
statusText?: string | undefined;
}
/**
* result of the Auth request.
* If there is no token available, this value will be null.
*/
export interface Auth0Result {
/**
* token that allows access to the specified resource server (identified by the audience parameter
* or by default Auth0's /userinfo endpoint)
*/
accessToken?: string | undefined;
/** number of seconds until the access token expires */
expiresIn?: number | undefined;
/** token that identifies the user */
idToken?: string | undefined;
/**
* token that can be used to get new access tokens from Auth0.
* Note that not all Auth0 Applications can request them
* or the resource server might not allow them.
*/
refreshToken?: string | undefined;
/** values that you receive back on the authentication response */
appState?: any;
}
export type Auth0ParseHashError = Auth0Error & {
state?: string | undefined;
};
/**
* The contents of the authResult object returned by {@link WebAuth#parseHash }
*/
export interface Auth0DecodedHash {
accessToken?: string | undefined;
idToken?: string | undefined;
idTokenPayload?: any;
appState?: any;
refreshToken?: string | undefined;
state?: string | undefined;
expiresIn?: number | undefined;
tokenType?: string | undefined;
scope?: string | undefined;
}
/** Represents the response from an API Token Delegation request. */
export interface Auth0DelegationToken {
/** The length of time in seconds the token is valid for. */
expiresIn: number;
/** The JWT for delegated access. */
idToken: string;
/** The type of token being returned. Possible values: "Bearer" */
tokenType: string;
}
export interface ChangePasswordOptions {
connection: string;
email: string;
}
export interface BaseAuthOptions {
clientID?: string | undefined;
responseType?: string | undefined;
redirectUri?: string | undefined;
scope?: string | undefined;
audience?: string | undefined;
state?: string | undefined;
nonce?: string | undefined;
_csrf?: string | undefined;
__instate?: string | undefined;
}
export interface PasswordlessStartAuthParams extends BaseAuthOptions {
responseMode?: string | undefined;
}
export interface PasswordlessStartOptions {
connection: string;
send: "link" | "code";
phoneNumber?: string | undefined;
email?: string | undefined;
authParams?: PasswordlessStartAuthParams | undefined;
}
export interface PasswordlessVerifyOptions extends BaseAuthOptions {
connection: string;
verificationCode: string;
phoneNumber?: string | undefined;
email?: string | undefined;
send?: "link" | "code" | undefined;
responseMode?: string | undefined;
}
export interface PasswordlessLoginOptions extends BaseAuthOptions {
connection: string;
verificationCode: string;
phoneNumber?: string | undefined;
email?: string | undefined;
}
export interface Auth0UserProfile {
name: string;
nickname: string;
picture: string;
user_id: string;
username?: string | undefined;
given_name?: string | undefined;
family_name?: string | undefined;
email?: string | undefined;
email_verified?: boolean | undefined;
clientID: string;
gender?: string | undefined;
locale?: string | undefined;
identities: Auth0Identity[];
created_at: string;
updated_at: string;
sub: string;
user_metadata?: any;
app_metadata?: any;
}
export interface MicrosoftUserProfile extends Auth0UserProfile {
emails?: string[] | undefined; // optional depending on whether email addresses permission is granted
}
export interface Office365UserProfile extends Auth0UserProfile {
tenantid: string;
upn: string;
}
export interface AdfsUserProfile extends Auth0UserProfile {
issuer?: string | undefined;
}
export interface AuthorizeUrlOptions {
/**
* your Auth0 client identifier obtained when creating the client in the Auth0 Dashboard
*/
clientID?: string | undefined;
/**
* url that the Auth0 will redirect after Auth with the Authorization Response
*/
redirectUri: string;
/**
* type of the response used by OAuth 2.0 flow. It can be any space separated
* list of the values `code`, `token`, `id_token`.
* {@link https://openid.net/specs/oauth-v2-multiple-response-types-1_0}
*/
responseType: string;
/**
* how the Auth response is encoded and redirected back to the client.
* Supported values are `query`, `fragment` and `form_post`
* {@link https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes}
*/
responseMode?: "query" | "fragment" | "form_post" | undefined;
/**
* value used to mitigate XSRF attacks.
* {@link https://auth0.com/docs/protocols/oauth2/oauth-state}
*/
state?: string | undefined;
/**
* value used to mitigate replay attacks when using Implicit Grant.
* {@link https://auth0.com/docs/api-auth/tutorials/nonce}
*/
nonce?: string | undefined;
/**
* scopes to be requested during Auth. e.g. `openid email`
*/
scope?: string | undefined;
/**
* identifier of the resource server who will consume the access token issued after Auth
*/
audience?: string | undefined;
}
export interface Auth0Identity {
connection: string;
isSocial: boolean;
provider: string;
user_id: string;
}
export interface LoginOptions {
username: string;
password: string;
scope?: string | undefined;
}
export interface DefaultLoginOptions extends LoginOptions {
audience?: string | undefined;
realm: string;
}
export interface DefaultDirectoryLoginOptions extends LoginOptions {
audience?: string | undefined;
}
export interface ResourceOwnerLoginOptions extends LoginOptions {
connection: string;
device?: string | undefined;
}
export interface CrossOriginLoginOptions {
username?: string | undefined;
email?: string | undefined;
password: string;
realm?: string | undefined;
domain?: string | undefined;
clientID?: string | undefined;
redirectUri?: string | undefined;
responseType?: string | undefined;
responseMode?: string | undefined;
state?: string | undefined;
nonce?: string | undefined;
scope?: string | undefined;
audience?: string | undefined;
captcha?: Captcha | undefined;
// eslint-disable-next-line @typescript-eslint/no-invalid-void-type
onRedirecting?: (done: () => void) => void | undefined;
}
export interface LogoutOptions {
clientID?: string | undefined;
returnTo?: string | undefined;
federated?: boolean | undefined;
}
export interface DelegationOptions {
client_id?: string | undefined;
grant_type: string;
id_token?: string | undefined;
refresh_token?: string | undefined;
target?: string | undefined;
scope?: string | undefined;
api_type?: string | undefined;
}
export interface DbSignUpOptions {
/** user email address */
email: string;
/** user password */
password: string;
/** name of the connection where the user will be created */
connection: string;
/** User desired username. Required if you use a database connection and you have enabled `Requires Username` */
username?: string | undefined;
scope?: string | undefined;
/** additional signup attributes used for creating the user. Will be stored in `user_metadata` */
userMetadata?: unknown | undefined;
}
/** result of the signup request */
export interface DbSignUpResults {
/** user's email */
email: string;
/** if the user's email was verified */
emailVerified: boolean;
}
export interface ParseHashOptions {
hash?: string | undefined;
state?: string | undefined;
nonce?: string | undefined;
_idTokenVerification?: boolean | undefined;
/** indicates that you want to allow IdP-Initiated flows. See {@link https://auth0.com/docs/protocols/saml/idp-initiated-sso#lock-auth0-js} */
__enableIdPInitiatedLogin?: boolean | undefined;
}
export interface RenewAuthOptions {
/**
* your Auth0 domain
*/
domain?: string | undefined;
/**
* your Auth0 client identifier obtained when creating the client in the Auth0 Dashboard
*/
clientID?: string | undefined;
/**
* url that the Auth0 will redirect after Auth with the Authorization Response
*/
redirectUri?: string | undefined;
/**
* type of the response used by OAuth 2.0 flow. It can be any space separated
* list of the values `code`, `token`, `id_token`.
* {@link https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html}
*/
responseType?: string | undefined;
/**
* how the Auth response is encoded and redirected back to the client.
* Supported values are `query`, `fragment` and `form_post`.
* The `query` value is only supported when `responseType` is `code`.
* {@link https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes}
*/
responseMode?: string | undefined;
/**
* value used to mitigate XSRF attacks.
* {@link https://auth0.com/docs/protocols/oauth2/oauth-state}
*/
state?: string | undefined;
/**
* value used to mitigate replay attacks when using Implicit Grant.
* {@link https://auth0.com/docs/api-auth/tutorials/nonce}
*/
nonce?: string | undefined;
/**
* scopes to be requested during Auth. e.g. `openid email`
*/
scope?: string | undefined;
/**
* identifier of the resource server who will consume the access token issued after Auth
*/
audience?: string | undefined;
/**
* identifier data type to look for in postMessage event data, where events are initiated
* from silent callback urls, before accepting a message event is the event expected.
* A value of false means any postMessage event will trigger a callback.
*/
postMessageDataType?: string | undefined;
/**
* origin of redirectUri to expect postMessage response from.
* Defaults to the origin of the receiving window. Only used if usePostMessage is truthy.
*/
postMessageOrigin?: string | undefined;
/**
* value in milliseconds used to timeout when the `/authorize` call is failing
* as part of the silent authentication with postmessage enabled due to a configuration.
*/
timeout?: number | undefined;
/**
* use postMessage to communicate between the silent callback and the SPA.
* When false the SDK will attempt to parse the url hash should ignore the url hash
* and no extra behaviour is needed
* @default false
*/
usePostMessage?: boolean | undefined;
}
export interface AuthorizeOptions {
domain?: string | undefined;
clientID?: string | undefined;
connection?: string | undefined;
redirectUri?: string | undefined;
responseType?: string | undefined;
responseMode?: string | undefined;
state?: string | undefined;
nonce?: string | undefined;
scope?: string | undefined;
audience?: string | undefined;
language?: string | undefined;
login_hint?: string | undefined;
prompt?: string | undefined;
mode?: "login" | "signUp" | undefined;
screen_hint?: "signup" | undefined;
accessType?: string | undefined;
approvalPrompt?: string | undefined;
appState?: any;
connection_scope?: string | string[] | undefined;
organization?: string | undefined;
invitation?: string | undefined;
}
export type SsoDataResult = SsoSessionFoundResult | SsoSessionNotFoundResult;
export interface SsoSessionFoundResult {
lastUsedClientID: string;
lastUsedConnection: {
name: string;
strategy?: string | undefined;
};
lastUsedUserID: string;
lastUsedUsername: string;
sessionClients: string[];
sso: true;
}
export interface SsoSessionNotFoundResult {
sso: false;
}
export interface CheckSessionOptions extends AuthorizeOptions {
/**
* optional parameter for auth0 to use postMessage to communicate between the silent callback and the SPA.
*/
usePostMessage?: boolean | undefined;
}
export const version: {
raw: string;
};