1 | import { ICache } from './cache';
|
2 | /**
|
3 | * @ignore
|
4 | */
|
5 | export interface BaseLoginOptions {
|
6 | /**
|
7 | * - `'page'`: displays the UI with a full page view
|
8 | * - `'popup'`: displays the UI with a popup window
|
9 | * - `'touch'`: displays the UI in a way that leverages a touch interface
|
10 | * - `'wap'`: displays the UI with a "feature phone" type interface
|
11 | */
|
12 | display?: 'page' | 'popup' | 'touch' | 'wap';
|
13 | /**
|
14 | * - `'none'`: do not prompt user for login or consent on reauthentication
|
15 | * - `'login'`: prompt user for reauthentication
|
16 | * - `'consent'`: prompt user for consent before processing request
|
17 | * - `'select_account'`: prompt user to select an account
|
18 | */
|
19 | prompt?: 'none' | 'login' | 'consent' | 'select_account';
|
20 | /**
|
21 | * Maximum allowable elasped time (in seconds) since authentication.
|
22 | * If the last time the user authenticated is greater than this value,
|
23 | * the user must be reauthenticated.
|
24 | */
|
25 | max_age?: string | number;
|
26 | /**
|
27 | * The space-separated list of language tags, ordered by preference.
|
28 | * For example: `'fr-CA fr en'`.
|
29 | */
|
30 | ui_locales?: string;
|
31 | /**
|
32 | * Previously issued ID Token.
|
33 | */
|
34 | id_token_hint?: string;
|
35 | /**
|
36 | * Provides a hint to Auth0 as to what flow should be displayed.
|
37 | * The default behavior is to show a login page but you can override
|
38 | * this by passing 'signup' to show the signup page instead.
|
39 | *
|
40 | * This only affects the New Universal Login Experience.
|
41 | */
|
42 | screen_hint?: string;
|
43 | /**
|
44 | * The user's email address or other identifier. When your app knows
|
45 | * which user is trying to authenticate, you can provide this parameter
|
46 | * to pre-fill the email box or select the right session for sign-in.
|
47 | *
|
48 | * This currently only affects the classic Lock experience.
|
49 | */
|
50 | login_hint?: string;
|
51 | acr_values?: string;
|
52 | /**
|
53 | * The default scope to be used on authentication requests.
|
54 | * The defaultScope defined in the Auth0Client is included
|
55 | * along with this scope
|
56 | */
|
57 | scope?: string;
|
58 | /**
|
59 | * The default audience to be used for requesting API access.
|
60 | */
|
61 | audience?: string;
|
62 | /**
|
63 | * The name of the connection configured for your application.
|
64 | * If null, it will redirect to the Auth0 Login Page and show
|
65 | * the Login Widget.
|
66 | */
|
67 | connection?: string;
|
68 | /**
|
69 | * The Id of an organization to log in to.
|
70 | *
|
71 | * This will specify an `organization` parameter in your user's login request and will add a step to validate
|
72 | * the `org_id` claim in your user's ID Token.
|
73 | */
|
74 | organization?: string;
|
75 | /**
|
76 | * The Id of an invitation to accept. This is available from the user invitation URL that is given when participating in a user invitation flow.
|
77 | */
|
78 | invitation?: string;
|
79 | /**
|
80 | * If you need to send custom parameters to the Authorization Server,
|
81 | * make sure to use the original parameter name.
|
82 | */
|
83 | [key: string]: any;
|
84 | }
|
85 | interface AdvancedOptions {
|
86 | /**
|
87 | * The default scope to be included with all requests.
|
88 | * If not provided, 'openid profile email' is used. This can be set to `null` in order to effectively remove the default scopes.
|
89 | *
|
90 | * Note: The `openid` scope is **always applied** regardless of this setting.
|
91 | */
|
92 | defaultScope?: string;
|
93 | }
|
94 | export interface Auth0ClientOptions extends BaseLoginOptions {
|
95 | /**
|
96 | * Your Auth0 account domain such as `'example.auth0.com'`,
|
97 | * `'example.eu.auth0.com'` or , `'example.mycompany.com'`
|
98 | * (when using [custom domains](https://auth0.com/docs/custom-domains))
|
99 | */
|
100 | domain: string;
|
101 | /**
|
102 | * The issuer to be used for validation of JWTs, optionally defaults to the domain above
|
103 | */
|
104 | issuer?: string;
|
105 | /**
|
106 | * The Client ID found on your Application settings page
|
107 | */
|
108 | client_id: string;
|
109 | /**
|
110 | * The default URL where Auth0 will redirect your browser to with
|
111 | * the authentication result. It must be whitelisted in
|
112 | * the "Allowed Callback URLs" field in your Auth0 Application's
|
113 | * settings. If not provided here, it should be provided in the other
|
114 | * methods that provide authentication.
|
115 | */
|
116 | redirect_uri?: string;
|
117 | /**
|
118 | * The value in seconds used to account for clock skew in JWT expirations.
|
119 | * Typically, this value is no more than a minute or two at maximum.
|
120 | * Defaults to 60s.
|
121 | */
|
122 | leeway?: number;
|
123 | /**
|
124 | * The location to use when storing cache data. Valid values are `memory` or `localstorage`.
|
125 | * The default setting is `memory`.
|
126 | *
|
127 | * Read more about [changing storage options in the Auth0 docs](https://auth0.com/docs/libraries/auth0-single-page-app-sdk#change-storage-options)
|
128 | */
|
129 | cacheLocation?: CacheLocation;
|
130 | /**
|
131 | * Specify a custom cache implementation to use for token storage and retrieval. This setting takes precedence over `cacheLocation` if they are both specified.
|
132 | */
|
133 | cache?: ICache;
|
134 | /**
|
135 | * If true, refresh tokens are used to fetch new access tokens from the Auth0 server. If false, the legacy technique of using a hidden iframe and the `authorization_code` grant with `prompt=none` is used.
|
136 | * The default setting is `false`.
|
137 | *
|
138 | * **Note**: Use of refresh tokens must be enabled by an administrator on your Auth0 client application.
|
139 | */
|
140 | useRefreshTokens?: boolean;
|
141 | /**
|
142 | * A maximum number of seconds to wait before declaring background calls to /authorize as failed for timeout
|
143 | * Defaults to 60s.
|
144 | */
|
145 | authorizeTimeoutInSeconds?: number;
|
146 | /**
|
147 | * Specify the timeout for HTTP calls using `fetch`. The default is 10 seconds.
|
148 | */
|
149 | httpTimeoutInSeconds?: number;
|
150 | /**
|
151 | * Internal property to send information about the client to the authorization server.
|
152 | * @internal
|
153 | */
|
154 | auth0Client?: {
|
155 | name: string;
|
156 | version: string;
|
157 | };
|
158 | /**
|
159 | * Sets an additional cookie with no SameSite attribute to support legacy browsers
|
160 | * that are not compatible with the latest SameSite changes.
|
161 | * This will log a warning on modern browsers, you can disable the warning by setting
|
162 | * this to false but be aware that some older useragents will not work,
|
163 | * See https://www.chromium.org/updates/same-site/incompatible-clients
|
164 | * Defaults to true
|
165 | */
|
166 | legacySameSiteCookie?: boolean;
|
167 | /**
|
168 | * If `true`, the SDK will use a cookie when storing information about the auth transaction while
|
169 | * the user is going through the authentication flow on the authorization server.
|
170 | *
|
171 | * The default is `false`, in which case the SDK will use session storage.
|
172 | *
|
173 | * @notes
|
174 | *
|
175 | * You might want to enable this if you rely on your users being able to authenticate using flows that
|
176 | * may end up spanning across multiple tabs (e.g. magic links) or you cannot otherwise rely on session storage being available.
|
177 | */
|
178 | useCookiesForTransactions?: boolean;
|
179 | /**
|
180 | * Changes to recommended defaults, like defaultScope
|
181 | */
|
182 | advancedOptions?: AdvancedOptions;
|
183 | /**
|
184 | * Number of days until the cookie `auth0.is.authenticated` will expire
|
185 | * Defaults to 1.
|
186 | */
|
187 | sessionCheckExpiryDays?: number;
|
188 | /**
|
189 | * The domain the cookie is accessible from. If not set, the cookie is scoped to
|
190 | * the current domain, including the subdomain.
|
191 | *
|
192 | * Note: setting this incorrectly may cause silent authentication to stop working
|
193 | * on page load.
|
194 | *
|
195 | *
|
196 | * To keep a user logged in across multiple subdomains set this to your
|
197 | * top-level domain and prefixed with a `.` (eg: `.example.com`).
|
198 | */
|
199 | cookieDomain?: string;
|
200 | /**
|
201 | * When true, data to the token endpoint is transmitted as x-www-form-urlencoded data instead of JSON. The default is false, but will default to true in a
|
202 | * future major version.
|
203 | *
|
204 | * **Note:** Setting this to `true` may affect you if you use Auth0 Rules and are sending custom, non-primative data. If you enable this, please verify that your Auth0 Rules
|
205 | * continue to work as intended.
|
206 | */
|
207 | useFormData?: boolean;
|
208 | /**
|
209 | * Modify the value used as the current time during the token validation.
|
210 | *
|
211 | * **Note**: Using this improperly can potentially compromise the token validation.
|
212 | */
|
213 | nowProvider?: () => Promise<number> | number;
|
214 | }
|
215 | /**
|
216 | * The possible locations where tokens can be stored
|
217 | */
|
218 | export declare type CacheLocation = 'memory' | 'localstorage';
|
219 | /**
|
220 | * @ignore
|
221 | */
|
222 | export interface AuthorizeOptions extends BaseLoginOptions {
|
223 | response_type: string;
|
224 | response_mode: string;
|
225 | redirect_uri: string;
|
226 | nonce: string;
|
227 | state: string;
|
228 | scope: string;
|
229 | code_challenge: string;
|
230 | code_challenge_method: string;
|
231 | }
|
232 | export interface RedirectLoginOptions<TAppState = any> extends BaseLoginOptions {
|
233 | /**
|
234 | * The URL where Auth0 will redirect your browser to with
|
235 | * the authentication result. It must be whitelisted in
|
236 | * the "Allowed Callback URLs" field in your Auth0 Application's
|
237 | * settings.
|
238 | */
|
239 | redirect_uri?: string;
|
240 | /**
|
241 | * Used to store state before doing the redirect
|
242 | */
|
243 | appState?: TAppState;
|
244 | /**
|
245 | * Used to add to the URL fragment before redirecting
|
246 | */
|
247 | fragment?: string;
|
248 | /**
|
249 | * Used to select the window.location method used to redirect
|
250 | */
|
251 | redirectMethod?: 'replace' | 'assign';
|
252 | }
|
253 | export interface RedirectLoginResult<TAppState = any> {
|
254 | /**
|
255 | * State stored when the redirect request was made
|
256 | */
|
257 | appState?: TAppState;
|
258 | }
|
259 | export interface PopupLoginOptions extends BaseLoginOptions {
|
260 | }
|
261 | export interface PopupConfigOptions {
|
262 | /**
|
263 | * The number of seconds to wait for a popup response before
|
264 | * throwing a timeout error. Defaults to 60s
|
265 | */
|
266 | timeoutInSeconds?: number;
|
267 | /**
|
268 | * Accepts an already-created popup window to use. If not specified, the SDK
|
269 | * will create its own. This may be useful for platforms like iOS that have
|
270 | * security restrictions around when popups can be invoked (e.g. from a user click event)
|
271 | */
|
272 | popup?: any;
|
273 | }
|
274 | export interface GetUserOptions {
|
275 | /**
|
276 | * The scope that was used in the authentication request
|
277 | */
|
278 | scope?: string;
|
279 | /**
|
280 | * The audience that was used in the authentication request
|
281 | */
|
282 | audience?: string;
|
283 | }
|
284 | export interface GetIdTokenClaimsOptions {
|
285 | /**
|
286 | * The scope that was used in the authentication request
|
287 | */
|
288 | scope?: string;
|
289 | /**
|
290 | * The audience that was used in the authentication request
|
291 | */
|
292 | audience?: string;
|
293 | }
|
294 | export declare type getIdTokenClaimsOptions = GetIdTokenClaimsOptions;
|
295 | export interface GetTokenSilentlyOptions {
|
296 | /**
|
297 | * When `true`, ignores the cache and always sends a
|
298 | * request to Auth0.
|
299 | */
|
300 | ignoreCache?: boolean;
|
301 | /**
|
302 | * There's no actual redirect when getting a token silently,
|
303 | * but, according to the spec, a `redirect_uri` param is required.
|
304 | * Auth0 uses this parameter to validate that the current `origin`
|
305 | * matches the `redirect_uri` `origin` when sending the response.
|
306 | * It must be whitelisted in the "Allowed Web Origins" in your
|
307 | * Auth0 Application's settings.
|
308 | */
|
309 | redirect_uri?: string;
|
310 | /**
|
311 | * The scope that was used in the authentication request
|
312 | */
|
313 | scope?: string;
|
314 | /**
|
315 | * The audience that was used in the authentication request
|
316 | */
|
317 | audience?: string;
|
318 | /** A maximum number of seconds to wait before declaring the background /authorize call as failed for timeout
|
319 | * Defaults to 60s.
|
320 | */
|
321 | timeoutInSeconds?: number;
|
322 | /**
|
323 | * If true, the full response from the /oauth/token endpoint (or the cache, if the cache was used) is returned
|
324 | * (minus `refresh_token` if one was issued). Otherwise, just the access token is returned.
|
325 | *
|
326 | * The default is `false`.
|
327 | */
|
328 | detailedResponse?: boolean;
|
329 | /**
|
330 | * If you need to send custom parameters to the Authorization Server,
|
331 | * make sure to use the original parameter name.
|
332 | */
|
333 | [key: string]: any;
|
334 | }
|
335 | export interface GetTokenWithPopupOptions extends PopupLoginOptions {
|
336 | /**
|
337 | * When `true`, ignores the cache and always sends a
|
338 | * request to Auth0.
|
339 | */
|
340 | ignoreCache?: boolean;
|
341 | }
|
342 | export interface LogoutUrlOptions {
|
343 | /**
|
344 | * The URL where Auth0 will redirect your browser to after the logout.
|
345 | *
|
346 | * **Note**: If the `client_id` parameter is included, the
|
347 | * `returnTo` URL that is provided must be listed in the
|
348 | * Application's "Allowed Logout URLs" in the Auth0 dashboard.
|
349 | * However, if the `client_id` parameter is not included, the
|
350 | * `returnTo` URL must be listed in the "Allowed Logout URLs" at
|
351 | * the account level in the Auth0 dashboard.
|
352 | *
|
353 | * [Read more about how redirecting after logout works](https://auth0.com/docs/logout/guides/redirect-users-after-logout)
|
354 | */
|
355 | returnTo?: string;
|
356 | /**
|
357 | * The `client_id` of your application.
|
358 | *
|
359 | * If this property is not set, then the `client_id` that was used during initialization of the SDK is sent to the logout endpoint.
|
360 | *
|
361 | * If this property is set to `null`, then no client ID value is sent to the logout endpoint.
|
362 | *
|
363 | * [Read more about how redirecting after logout works](https://auth0.com/docs/logout/guides/redirect-users-after-logout)
|
364 | */
|
365 | client_id?: string;
|
366 | /**
|
367 | * When supported by the upstream identity provider,
|
368 | * forces the user to logout of their identity provider
|
369 | * and from Auth0.
|
370 | * [Read more about how federated logout works at Auth0](https://auth0.com/docs/logout/guides/logout-idps)
|
371 | */
|
372 | federated?: boolean;
|
373 | }
|
374 | export interface LogoutOptions {
|
375 | /**
|
376 | * The URL where Auth0 will redirect your browser to after the logout.
|
377 | *
|
378 | * **Note**: If the `client_id` parameter is included, the
|
379 | * `returnTo` URL that is provided must be listed in the
|
380 | * Application's "Allowed Logout URLs" in the Auth0 dashboard.
|
381 | * However, if the `client_id` parameter is not included, the
|
382 | * `returnTo` URL must be listed in the "Allowed Logout URLs" at
|
383 | * the account level in the Auth0 dashboard.
|
384 | *
|
385 | * [Read more about how redirecting after logout works](https://auth0.com/docs/logout/guides/redirect-users-after-logout)
|
386 | */
|
387 | returnTo?: string;
|
388 | /**
|
389 | * The `client_id` of your application.
|
390 | *
|
391 | * If this property is not set, then the `client_id` that was used during initialization of the SDK is sent to the logout endpoint.
|
392 | *
|
393 | * If this property is set to `null`, then no client ID value is sent to the logout endpoint.
|
394 | *
|
395 | * [Read more about how redirecting after logout works](https://auth0.com/docs/logout/guides/redirect-users-after-logout)
|
396 | */
|
397 | client_id?: string;
|
398 | /**
|
399 | * When supported by the upstream identity provider,
|
400 | * forces the user to logout of their identity provider
|
401 | * and from Auth0.
|
402 | * This option cannot be specified along with the `localOnly` option.
|
403 | * [Read more about how federated logout works at Auth0](https://auth0.com/docs/logout/guides/logout-idps)
|
404 | */
|
405 | federated?: boolean;
|
406 | /**
|
407 | * When `true`, this skips the request to the logout endpoint on the authorization server,
|
408 | * effectively performing a "local" logout of the application. No redirect should take place,
|
409 | * you should update local logged in state.
|
410 | * This option cannot be specified along with the `federated` option.
|
411 | */
|
412 | localOnly?: boolean;
|
413 | }
|
414 | /**
|
415 | * @ignore
|
416 | */
|
417 | export interface AuthenticationResult {
|
418 | state: string;
|
419 | code?: string;
|
420 | error?: string;
|
421 | error_description?: string;
|
422 | }
|
423 | /**
|
424 | * @ignore
|
425 | */
|
426 | export interface TokenEndpointOptions {
|
427 | baseUrl: string;
|
428 | client_id: string;
|
429 | grant_type: string;
|
430 | timeout?: number;
|
431 | auth0Client: any;
|
432 | useFormData?: boolean;
|
433 | [key: string]: any;
|
434 | }
|
435 | /**
|
436 | * @ignore
|
437 | */
|
438 | export declare type TokenEndpointResponse = {
|
439 | id_token: string;
|
440 | access_token: string;
|
441 | refresh_token?: string;
|
442 | expires_in: number;
|
443 | scope?: string;
|
444 | };
|
445 | /**
|
446 | * @ignore
|
447 | */
|
448 | export interface OAuthTokenOptions extends TokenEndpointOptions {
|
449 | code_verifier: string;
|
450 | code: string;
|
451 | redirect_uri: string;
|
452 | audience: string;
|
453 | scope: string;
|
454 | }
|
455 | /**
|
456 | * @ignore
|
457 | */
|
458 | export interface RefreshTokenOptions extends TokenEndpointOptions {
|
459 | refresh_token: string;
|
460 | }
|
461 | /**
|
462 | * @ignore
|
463 | */
|
464 | export interface JWTVerifyOptions {
|
465 | iss: string;
|
466 | aud: string;
|
467 | id_token: string;
|
468 | nonce?: string;
|
469 | leeway?: number;
|
470 | max_age?: number;
|
471 | organizationId?: string;
|
472 | now?: number;
|
473 | }
|
474 | /**
|
475 | * @ignore
|
476 | */
|
477 | export interface IdToken {
|
478 | __raw: string;
|
479 | name?: string;
|
480 | given_name?: string;
|
481 | family_name?: string;
|
482 | middle_name?: string;
|
483 | nickname?: string;
|
484 | preferred_username?: string;
|
485 | profile?: string;
|
486 | picture?: string;
|
487 | website?: string;
|
488 | email?: string;
|
489 | email_verified?: boolean;
|
490 | gender?: string;
|
491 | birthdate?: string;
|
492 | zoneinfo?: string;
|
493 | locale?: string;
|
494 | phone_number?: string;
|
495 | phone_number_verified?: boolean;
|
496 | address?: string;
|
497 | updated_at?: string;
|
498 | iss?: string;
|
499 | aud?: string;
|
500 | exp?: number;
|
501 | nbf?: number;
|
502 | iat?: number;
|
503 | jti?: string;
|
504 | azp?: string;
|
505 | nonce?: string;
|
506 | auth_time?: string;
|
507 | at_hash?: string;
|
508 | c_hash?: string;
|
509 | acr?: string;
|
510 | amr?: string;
|
511 | sub_jwk?: string;
|
512 | cnf?: string;
|
513 | sid?: string;
|
514 | org_id?: string;
|
515 | [key: string]: any;
|
516 | }
|
517 | export declare class User {
|
518 | name?: string;
|
519 | given_name?: string;
|
520 | family_name?: string;
|
521 | middle_name?: string;
|
522 | nickname?: string;
|
523 | preferred_username?: string;
|
524 | profile?: string;
|
525 | picture?: string;
|
526 | website?: string;
|
527 | email?: string;
|
528 | email_verified?: boolean;
|
529 | gender?: string;
|
530 | birthdate?: string;
|
531 | zoneinfo?: string;
|
532 | locale?: string;
|
533 | phone_number?: string;
|
534 | phone_number_verified?: boolean;
|
535 | address?: string;
|
536 | updated_at?: string;
|
537 | sub?: string;
|
538 | [key: string]: any;
|
539 | }
|
540 | /**
|
541 | * @ignore
|
542 | */
|
543 | export declare type FetchOptions = {
|
544 | method?: string;
|
545 | headers?: Record<string, string>;
|
546 | credentials?: 'include' | 'omit';
|
547 | body?: string;
|
548 | signal?: AbortSignal;
|
549 | };
|
550 | export declare type GetTokenSilentlyVerboseResponse = Omit<TokenEndpointResponse, 'refresh_token'>;
|
551 | export {};
|