UNPKG

37.9 kBTypeScriptView Raw
1/// <reference lib="dom" />
2
3export as namespace auth0;
4
5export class Authentication {
6 constructor(options: AuthOptions);
7
8 passwordless: PasswordlessAuthentication;
9 dbConnection: DBConnection;
10
11 /**
12 * Builds and returns the `/authorize` url in order to initialize a new authN/authZ transaction
13 *
14 * @param options: https://auth0.github.io/auth0.js/global.html#buildAuthorizeUrl
15 * @see {@link https://auth0.com/docs/api/authentication#authorize-client}
16 * @see {@link https://auth0.com/docs/api/authentication#social}
17 */
18 buildAuthorizeUrl(options: AuthorizeUrlOptions): string;
19
20 /**
21 * Builds and returns the Logout url in order to initialize a new authN/authZ transaction
22 *
23 * @param options: https://auth0.com/docs/api/authentication#!#get--v2-logout
24 */
25 buildLogoutUrl(options?: LogoutOptions): string;
26
27 /**
28 * Makes a call to the `oauth/token` endpoint with `password` grant type
29 *
30 * @param options: https://auth0.com/docs/api-auth/grant/password
31 */
32 loginWithDefaultDirectory(options: DefaultDirectoryLoginOptions, callback: Auth0Callback<any>): void;
33
34 /**
35 * Makes a call to the `/ro` endpoint
36 * @deprecated `loginWithResourceOwner` will be soon deprecated, user `login` instead.
37 */
38 loginWithResourceOwner(options: ResourceOwnerLoginOptions, callback: Auth0Callback<any>): void;
39
40 /**
41 * Makes a call to the `oauth/token` endpoint with `password-realm` grant type
42 */
43 login(options: DefaultLoginOptions, callback: Auth0Callback<any>): void;
44
45 /**
46 * Makes a call to the `oauth/token` endpoint
47 */
48 oauthToken(options: any, callback: Auth0Callback<any>): void;
49
50 /**
51 * Makes a call to the `/ssodata` endpoint
52 */
53 getSSOData(callback?: Auth0Callback<SsoDataResult | undefined>): void;
54
55 /**
56 * Makes a call to the `/ssodata` endpoint
57 */
58 getSSOData(withActiveDirectories: boolean, callback?: Auth0Callback<SsoDataResult | undefined>): void;
59
60 /**
61 * Makes a call to the `/userinfo` endpoint and returns the user profile
62 */
63 userInfo(accessToken: string, callback: Auth0Callback<Auth0UserProfile>): void;
64
65 /**
66 * Makes a call to the `/delegation` endpoint
67 *
68 * @param options: https://auth0.com/docs/api/authentication#!#post--delegation
69 */
70 delegation(options: DelegationOptions, callback: Auth0Callback<Auth0DelegationToken>): any;
71
72 /**
73 * Fetches the user country based on the ip.
74 */
75 getUserCountry(callback: Auth0Callback<{ countryCode: string }>): void;
76}
77
78export class PasswordlessAuthentication {
79 constructor(request: any, option: any);
80
81 /**
82 * Builds and returns the passwordless TOTP verify url in order to initialize a new authN/authZ transaction
83 */
84 buildVerifyUrl(options: PasswordlessVerifyOptions): string;
85
86 /**
87 * Initializes a new passwordless authN/authZ transaction
88 *
89 * @param options: https://auth0.com/docs/api/authentication#passwordless
90 */
91 start(options: PasswordlessStartOptions, callback: Auth0Callback<any>): void;
92
93 /**
94 * Verifies the passwordless TOTP and returns an error if any.
95 */
96 verify(options: PasswordlessVerifyOptions, callback: Auth0Callback<any>): void;
97}
98
99export class DBConnection {
100 constructor(request: any, option: any);
101
102 /**
103 * Creates a new user in a Auth0 Database connection
104 * @param options https://auth0.com/docs/api/authentication#signup
105 */
106 signup(options: DbSignUpOptions, callback: Auth0Callback<DbSignUpResults>): void;
107
108 /**
109 * Initializes the change password flow
110 *
111 * @param options: https://auth0.com/docs/api/authentication#!#post--dbconnections-change_password
112 */
113 changePassword(options: ChangePasswordOptions, callback: Auth0Callback<any>): void;
114}
115
116export class Management {
117 /**
118 * Initialize your client class, by using a Non Interactive Client to fetch an access_token via the Client Credentials Grant.
119 */
120 constructor(options: ManagementOptions);
121
122 /**
123 * Returns the user profile. https://auth0.com/docs/api/management/v2#!/Users/get_users_by_id
124 */
125 getUser(userId: string, callback: Auth0Callback<Auth0UserProfile>): void;
126
127 /**
128 * Updates the user metadata. It will patch the user metadata with the attributes sent.
129 * https://auth0.com/docs/api/management/v2#!/Users/patch_users_by_id
130 */
131 patchUserMetadata(userId: string, userMetadata: any, callback: Auth0Callback<Auth0UserProfile>): void;
132 /**
133 * Updates the user attributes.
134 * It will patch the root attributes that the server allows it.
135 * {@link https://auth0.com/docs/api/management/v2#!/Users/patch_users_by_id}
136 */
137 patchUserAttributes(userId: string, user: Auth0UserProfile, callback: Auth0Callback<Auth0UserProfile>): void;
138 /**
139 * Link two users. https://auth0.com/docs/api/management/v2#!/Users/post_identities
140 */
141 linkUser(userId: string, secondaryUserToken: string, callback: Auth0Callback<any>): void;
142}
143
144export class WebAuth {
145 constructor(options: AuthOptions);
146 client: Authentication;
147 popup: Popup;
148 redirect: Redirect;
149 crossOriginAuthentication: CrossOriginAuthentication;
150
151 /**
152 * Redirects to the hosted login page (`/authorize`) in order to initialize a new authN/authZ transaction
153 *
154 * @param options: https://auth0.com/docs/api/authentication#!#get--authorize_db
155 */
156 authorize(options?: AuthorizeOptions): void;
157
158 /**
159 * Parse the url hash and extract the returned tokens depending on the transaction.
160 *
161 * Only validates id_tokens signed by Auth0 using the RS256 algorithm using the public key exposed
162 * by the `/.well-known/jwks.json` endpoint. Id tokens signed with other algorithms will not be
163 * accepted.
164 *
165 * @param callback: any(err, token_payload)
166 */
167 parseHash(callback: Auth0Callback<Auth0DecodedHash | null, Auth0ParseHashError>): void;
168
169 /**
170 * Parse the url hash and extract the returned tokens depending on the transaction.
171 *
172 * Only validates id_tokens signed by Auth0 using the RS256 algorithm using the public key exposed
173 * by the `/.well-known/jwks.json` endpoint. Id tokens signed with other algorithms will not be
174 * accepted.
175 *
176 * @param callback: any(err, token_payload)
177 */
178 parseHash(options: ParseHashOptions, callback: Auth0Callback<Auth0DecodedHash | null, Auth0ParseHashError>): void;
179
180 /**
181 * Decodes the id_token and verifies the nonce.
182 *
183 * @param callback: function(err, {payload, transaction})
184 */
185 validateToken(token: string, nonce: string, callback: Auth0Callback<any>): void;
186
187 /**
188 * Executes a silent authentication transaction under the hood in order to fetch a new tokens for the current session.
189 * This method requires that all Auth is performed with {@link authorize}
190 * Watch out! If you're not using the hosted login page to do social logins, you have to use your own [social connection keys](https://manage.auth0.com/#/connections/social).
191 * If you use Auth0's dev keys, you'll always get `login_required` as an error when calling this method.
192 *
193 * @param options: any valid oauth2 parameter to be sent to the `/authorize` endpoint
194 */
195 renewAuth(options: RenewAuthOptions, callback: Auth0Callback<any>): void;
196
197 /**
198 * Initialices a change password transaction
199 *
200 * @param options: https://auth0.com/docs/api/authentication#!#post--dbconnections-change_password
201 */
202 changePassword(options: ChangePasswordOptions, callback: Auth0Callback<any>): void;
203
204 /**
205 * Signs up a new user
206 *
207 * @param options: https://auth0.com/docs/api/authentication#!#post--dbconnections-signup
208 */
209 signup(options: DbSignUpOptions, callback: Auth0Callback<any>): void;
210
211 /**
212 * Signs up a new user, automatically logs the user in after the signup and returns the user token.
213 * The login will be done using /oauth/token with password-realm grant type.
214 *
215 * @param options: https://auth0.com/docs/api/authentication#!#post--dbconnections-signup
216 */
217 signupAndAuthorize(options: DbSignUpOptions, callback: Auth0Callback<any>): void;
218
219 /**
220 * Logs in the user with username and password using the cross origin authentication (/co/authenticate) flow.
221 * You can use either `username` or `email` to identify the user, but `username` will take precedence over `email`.
222 *
223 * This only works when 3rd party cookies are enabled in the browser.
224 * After the /co/authenticate call, you'll have to use the {@link parseHash} function at the `redirectUri` specified in the constructor.
225 *
226 * @param options options used in the {@link authorize} call after the login_ticket is acquired
227 * @param cb Callback function called only when an authentication error, like invalid username or password, occurs.
228 * For other types of errors, there will be a redirect to the `redirectUri`.
229 */
230 login(options: CrossOriginLoginOptions, callback: Auth0Callback<any>): void;
231
232 /**
233 * Runs the callback code for the cross origin authentication call.
234 * This method is meant to be called by the cross origin authentication callback url.
235 * @deprecated Use {@link crossOriginVerification} instead.
236 */
237 crossOriginAuthenticationCallback(): void;
238
239 /**
240 * Runs the callback code for the cross origin authentication call.
241 * This method is meant to be called by the cross origin authentication callback url.
242 */
243 crossOriginVerification(): void;
244
245 /**
246 * Redirects to the auth0 logout endpoint
247 *
248 * If you want to navigate the user to a specific URL after the logout, set that URL at the returnTo parameter. The URL should be included in any the appropriate Allowed Logout URLs list:
249 *
250 * - If the client_id parameter is included, the returnTo URL must be listed in the Allowed Logout URLs set at the client level (see Setting Allowed Logout URLs at the App Level).
251 * - If the client_id parameter is NOT included, the returnTo URL must be listed in the Allowed Logout URLs set at the account level (see Setting Allowed Logout URLs at the Account Level).
252 *
253 * @see {@link https://auth0.com/docs/api/authentication#logout}
254 */
255 logout(options: LogoutOptions): void;
256
257 /**
258 * Initialices a passwordless authentication transaction
259 *
260 * @param options: https://auth0.com/docs/api/authentication#passwordless
261 */
262 passwordlessStart(options: PasswordlessStartOptions, callback: Auth0Callback<any>): void;
263
264 /**
265 * Verifies the passwordless TOTP and redirects to finish the passwordless transaction
266 *
267 * @param options:
268 */
269 passwordlessVerify(options: PasswordlessVerifyOptions, callback: Auth0Callback<any>): void;
270
271 /**
272 * Logs in a user with the verification code sent to the user
273 * @param options
274 * @param callback
275 */
276 passwordlessLogin(options: PasswordlessLoginOptions, callback: Auth0Callback<any>): void;
277
278 /**
279 * Renews an existing session on Auth0's servers using `response_mode=web_message` (i.e. Auth0's hosted login page)
280 *
281 * @param options options used in {@link authorize} call
282 * @param cb
283 * @see {@link https://auth0.com/docs/libraries/auth0js/v9#using-checksession-to-acquire-new-tokens}
284 */
285 checkSession(options: CheckSessionOptions, cb: Auth0Callback<any>): void;
286
287 /**
288 * Renders the captcha challenge in the provided element.
289 * This function can only be used in the context of a Classic Universal Login Page.
290 * @param element The element where the captcha needs to be rendered
291 * @param [options] The configuration options for the captcha
292 * @param [callback] An optional completion callback
293 *
294 * @see {@link https://auth0.github.io/auth0.js/WebAuth.html#renderCaptcha}
295 */
296 renderCaptcha(element: HTMLElement, options?: CatpchaConfiguration, callback?: Auth0Callback<any>): Captcha;
297}
298
299export class Redirect {
300 constructor(client: any, options: any);
301
302 /**
303 * Performs authentication with username/email and password with a database connection
304 *
305 * This method is not compatible with API Auth so if you need to fetch API tokens with audience
306 * you should use {@link authorize} or {@link login}.
307 */
308 loginWithCredentials(
309 options: {
310 /** url that the Auth0 will redirect after Auth with the Authorization Response */
311 redirectUri?: string | undefined;
312 /** type of the response used. It can be any of the values `code` and `token` */
313 responseType?: string | undefined;
314 /** how the AuthN response is encoded and redirected back to the client. */
315 responseMode?: "query" | "fragment" | undefined;
316 /** scopes to be requested during AuthN. e.g. `openid email` */
317 scope: string;
318 },
319 callback: Auth0Callback<any>,
320 ): void;
321
322 /**
323 * Signs up a new user and automatically logs the user in after the signup.
324 */
325 signupAndLogin(
326 options: {
327 /** user email address */
328 email: string;
329 /** user password */
330 password: string;
331 /** name of the connection where the user will be created */
332 connection: string;
333 /** allow userMetadata to be passed to signUp */
334 userMetadata?: unknown | undefined;
335 } & CrossOriginLoginOptions,
336 callback: Auth0Callback<any>,
337 ): void;
338}
339
340export class Popup {
341 constructor(client: any, options: any);
342
343 /**
344 * Returns a new instance of the popup handler
345 */
346 private buildPopupHandler(): any;
347
348 /**
349 * Initializes the popup window and returns the instance to be used later in order to avoid being blocked by the browser.
350 *
351 * @param options: receives the window height and width and any other window feature to be sent to window.open
352 */
353 preload(options: any): any;
354
355 /**
356 * Handles the popup logic for the callback page.
357 * @see {@link parseHash}
358 */
359 callback(options: {
360 /**
361 * the url hash.
362 * @default window.location.hash
363 */
364 hash: string;
365 /** value originally sent in `state` parameter to {@link authorize} to mitigate XSRF */
366 state?: string | undefined;
367 /** value originally sent in `nonce` parameter to {@link authorize} to prevent replay attacks */
368 nonce?: string | undefined;
369 /**
370 * makes parseHash perform or skip `id_token` verification.
371 * We **strongly** recommend validating the `id_token` yourself if you disable the verification.
372 */
373 _idTokenVerification?: string | undefined;
374 }): void;
375
376 /**
377 * Shows inside a new window the hosted login page (`/authorize`) in order to start a new authN/authZ transaction and post its result using `postMessage`.
378 * @see {@link https://auth0.com/docs/api/authentication#authorize-client}
379 */
380 authorize(
381 options: {
382 /** your Auth0 domain */
383 domain: string;
384 /** your Auth0 client identifier obtained when creating the client in the Auth0 Dashboard */
385 clientId?: string | undefined;
386 /**
387 * identity provider whose login page will be displayed in the popup.
388 * If omitted the hosted login page is used.
389 * {@link https://auth0.com/docs/identityproviders}
390 */
391 connection?: string | undefined;
392 /** url that the Auth0 will redirect after Auth with the Authorization Response */
393 redirectUri: string;
394 /**
395 * type of the response used by OAuth 2.0 flow.
396 * It can be any space separated list of the values `code`, `token`, `id_token`.
397 * {@link https://openid.net/specs/oauth-v2-multiple-response-types-1_0}
398 */
399 responseType: string;
400 /**
401 * how the Auth response is encoded and redirected back to the client.
402 * {@link https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes}
403 */
404 responseMode?: "query" | "fragment" | "form_post" | undefined;
405 /**
406 * value used to mitigate XSRF attacks.
407 * {@link https://auth0.com/docs/protocols/oauth2/oauth-state}
408 */
409 state?: string | undefined;
410 /**
411 * value used to mitigate replay attacks when using Implicit Grant.
412 * {@link https://auth0.com/docs/api-auth/tutorials/nonce}
413 */
414 nonce?: string | undefined;
415 /** scopes to be requested during Auth. e.g. `openid email` */
416 scope?: string | undefined;
417 /** identifier of the resource server who will consume the access token issued after Auth */
418 audience?: string | undefined;
419 /** determines if Auth0 should render the relay page or not and the caller is responsible of handling the response. */
420 owp?: boolean | undefined;
421 },
422 callback: Auth0Callback<Auth0Result>,
423 ): void;
424
425 /**
426 * Performs authentication with username/email and password with a database connection inside a new window
427 *
428 * This method is not compatible with API Auth so if you need to fetch API tokens with audience
429 * you should use {@link authorize} or {@link login}.
430 */
431 loginWithCredentials(
432 options: {
433 /** url that the Auth0 will redirect after Auth with the Authorization Response */
434 redirectUri?: string | undefined;
435 /** type of the response used. */
436 responseType?: "code" | "token" | undefined;
437 /** how the AuthN response is encoded and redirected back to the client. */
438 responseMode?: "query" | "fragment" | undefined;
439 /** scopes to be requested during AuthN. e.g. `openid email` */
440 scope?: string | undefined;
441 },
442 callback: Auth0Callback<any>,
443 ): void;
444
445 /**
446 * Verifies the passwordless TOTP and returns the requested token
447 */
448 passwordlessVerify(
449 options: {
450 type: "sms" | "email";
451 /** only if type = sms */
452 phoneNumber?: string | undefined;
453 /** only if type = email */
454 email?: string | undefined;
455 /** the connection name */
456 connection: string;
457 /** the TOTP code */
458 verificationCode: string;
459 },
460 callback: Auth0Callback<any>,
461 ): void;
462
463 /**
464 * Signs up a new user and automatically logs the user in after the signup.
465 *
466 * This method is not compatible with API Auth so if you need to fetch API tokens with audience
467 * you should use {@link authorize} or {@link signupAndAuthorize}.
468 */
469 signupAndLogin(
470 options: {
471 /** user email address */
472 email: string;
473 /** user password */
474 password: string;
475 /** name of the connection where the user will be created */
476 connection: string;
477 /** allow userMetadata to be passed to signUp */
478 userMetadata?: unknown | undefined;
479 },
480 callback: Auth0Callback<any>,
481 ): void;
482}
483
484export class CrossOriginAuthentication {
485 constructor(webAuth: any, options: any);
486
487 /**
488 * Logs in the user with username and password using the cross origin authentication (/co/authenticate) flow.
489 * You can use either `username` or `email` to identify the user, but `username` will take precedence over `email`.
490 * This only works when 3rd party cookies are enabled in the browser.
491 * After the /co/authenticate call, you'll have to use the {@link parseHash} function at the `redirectUri` specified in the constructor.
492 *
493 * @param options options used in the {@link authorize} call after the login_ticket is acquired
494 * @param cb Callback function called only when an authentication error, like invalid username or password, occurs.
495 * For other types of errors, there will be a redirect to the `redirectUri`.
496 */
497 login(options: CrossOriginLoginOptions, callback: Auth0Callback<any>): void;
498
499 /**
500 * Runs the callback code for the cross origin authentication call. This method is meant to be called by the cross origin authentication callback url.
501 */
502 callback(): void;
503}
504
505export type Auth0Callback<T, E = Auth0Error> = (error: null | E, result: T) => void;
506
507export interface TokenProvider {
508 enableCache?: boolean | undefined;
509 cacheTTLInSeconds?: number | undefined;
510}
511
512export interface ManagementOptions {
513 domain: string;
514 token?: string | undefined;
515 clientId?: string | undefined;
516 clientSecret?: string | undefined;
517 audience?: string | undefined;
518 scope?: string | undefined;
519 tokenProvider?: TokenProvider | undefined;
520 telemetry?: boolean | undefined;
521}
522
523export interface AuthOptions {
524 domain: string;
525 clientID: string;
526 responseType?: string | undefined;
527 responseMode?: string | undefined;
528 redirectUri?: string | undefined;
529 scope?: string | undefined;
530 audience?: string | undefined;
531 /**
532 * The domain the cookie is accessible from.
533 * If not set, the cookie is scoped to the current domain, including the subdomain.
534 * To keep a user logged in across multiple subdomains set this to your top-level domain
535 * and prefixed with a `.` (eg: `.example.com`)
536 */
537 cookieDomain?: string | undefined;
538 /**
539 * maximum elapsed time in seconds since the last time the user
540 * was actively authenticated by the authorization server.
541 */
542 maxAge?: number | undefined;
543 leeway?: number | undefined;
544 jwksURI?: string | undefined;
545 overrides?: {
546 __tenant?: string | undefined;
547 __token_issuer?: string | undefined;
548 __jwks_uri?: string | undefined;
549 } | undefined;
550 plugins?: any;
551 popupOrigin?: string | undefined;
552 protocol?: string | undefined;
553 response_type?: string | undefined;
554 state?: string | undefined;
555 tenant?: string | undefined;
556 universalLoginPage?: boolean | undefined;
557 _csrf?: string | undefined;
558 _intstate?: string | undefined;
559 _timesToRetryFailedRequests?: number | undefined;
560 _disableDeprecationWarnings?: boolean | undefined;
561 _sendTelemetry?: boolean | undefined;
562 _telemetryInfo?: any;
563 __tryLocalStorageFirst?: boolean | undefined;
564}
565
566export type DoneCallback = (err?: Auth0Error) => void;
567
568export interface Captcha {
569 reload: (done: DoneCallback) => void;
570 getValue: () => string;
571}
572
573export interface CatpchaConfiguration {
574 /**
575 * An object containaing templates for each captcha provider
576 */
577 templates?: CaptchaTemplates | undefined;
578
579 /**
580 * The ISO code of the language for recaptcha
581 * @default 'en'
582 */
583 lang?: string | undefined;
584}
585
586/**
587 * An object containing templates for a captcha provider
588 */
589export interface CaptchaTemplates {
590 /**
591 * Template function receiving the challenge and returning an string
592 */
593 auth0?: ((challenge: Auth0Challenge) => string) | undefined;
594
595 /**
596 * Template function receiving the challenge and returning an string
597 */
598 recaptcha_v2?: ((challenge: Auth0Challenge) => string) | undefined;
599
600 error: (error: Error) => string;
601}
602
603export interface Auth0Challenge {
604 type: "code";
605 image: string;
606 required: boolean;
607 provider: "auth0" | "recaptcha_v2";
608 [other: string]: unknown;
609}
610
611export interface PasswordlessAuthOptions {
612 connection: string;
613 verificationCode: string;
614 phoneNumber: string;
615 email: string;
616}
617
618/**
619 * These are error codes defined by the auth0-js lib.
620 */
621export type LibErrorCodes = "timeout" | "request_error" | "invalid_token";
622
623/**
624 * The user was not logged in at Auth0, so silent authentication is not possible.
625 */
626export type LoginRequiredErrorCode = "login_required";
627
628/**
629 * The user was logged in at Auth0 and has authorized the application, but needs to
630 * be redirected elsewhere before authentication can be completed; for example, when
631 * using a redirect rule.
632 */
633export type InteractionRequiredErrorCode = "interaction_required";
634
635/**
636 * The user was logged in at Auth0, but needs to give consent to authorize the application.
637 */
638export type ConsentRequiredErrorCode = "consent_required";
639
640/**
641 * These are error codes defined by the OpenID Connect specification.
642 */
643export type SpecErrorCodes =
644 | LoginRequiredErrorCode
645 | InteractionRequiredErrorCode
646 | ConsentRequiredErrorCode
647 | "account_selection_required"
648 | "invalid_request_uri"
649 | "invalid_request_object"
650 | "request_not_supported"
651 | "request_uri_not_supported"
652 | "registration_not_supported";
653
654export interface Auth0Error {
655 error: LibErrorCodes | SpecErrorCodes | string;
656 errorDescription?: string | undefined;
657 // Auth0 is not consistent in the naming of the error description field
658 error_description?: string | undefined;
659 // Need to include non-intuitive error fields that Auth0 uses
660 code?: string | undefined;
661 description?: string | undefined;
662 name?: string | undefined;
663 policy?: string | undefined;
664 original?: any;
665 statusCode?: number | undefined;
666 statusText?: string | undefined;
667}
668
669/**
670 * result of the Auth request.
671 * If there is no token available, this value will be null.
672 */
673export interface Auth0Result {
674 /**
675 * token that allows access to the specified resource server (identified by the audience parameter
676 * or by default Auth0's /userinfo endpoint)
677 */
678 accessToken?: string | undefined;
679 /** number of seconds until the access token expires */
680 expiresIn?: number | undefined;
681 /** token that identifies the user */
682 idToken?: string | undefined;
683 /**
684 * token that can be used to get new access tokens from Auth0.
685 * Note that not all Auth0 Applications can request them
686 * or the resource server might not allow them.
687 */
688 refreshToken?: string | undefined;
689 /** values that you receive back on the authentication response */
690 appState?: any;
691}
692
693export type Auth0ParseHashError = Auth0Error & {
694 state?: string | undefined;
695};
696
697/**
698 * The contents of the authResult object returned by {@link WebAuth#parseHash }
699 */
700export interface Auth0DecodedHash {
701 accessToken?: string | undefined;
702 idToken?: string | undefined;
703 idTokenPayload?: any;
704 appState?: any;
705 refreshToken?: string | undefined;
706 state?: string | undefined;
707 expiresIn?: number | undefined;
708 tokenType?: string | undefined;
709 scope?: string | undefined;
710}
711
712/** Represents the response from an API Token Delegation request. */
713export interface Auth0DelegationToken {
714 /** The length of time in seconds the token is valid for. */
715 expiresIn: number;
716 /** The JWT for delegated access. */
717 idToken: string;
718 /** The type of token being returned. Possible values: "Bearer" */
719 tokenType: string;
720}
721
722export interface ChangePasswordOptions {
723 connection: string;
724 email: string;
725}
726
727export interface BaseAuthOptions {
728 clientID?: string | undefined;
729 responseType?: string | undefined;
730 redirectUri?: string | undefined;
731 scope?: string | undefined;
732 audience?: string | undefined;
733 state?: string | undefined;
734 nonce?: string | undefined;
735 _csrf?: string | undefined;
736 __instate?: string | undefined;
737}
738
739export interface PasswordlessStartAuthParams extends BaseAuthOptions {
740 responseMode?: string | undefined;
741}
742
743export interface PasswordlessStartOptions {
744 connection: string;
745 send: "link" | "code";
746 phoneNumber?: string | undefined;
747 email?: string | undefined;
748 authParams?: PasswordlessStartAuthParams | undefined;
749}
750
751export interface PasswordlessVerifyOptions extends BaseAuthOptions {
752 connection: string;
753 verificationCode: string;
754 phoneNumber?: string | undefined;
755 email?: string | undefined;
756 send?: "link" | "code" | undefined;
757 responseMode?: string | undefined;
758}
759
760export interface PasswordlessLoginOptions extends BaseAuthOptions {
761 connection: string;
762 verificationCode: string;
763 phoneNumber?: string | undefined;
764 email?: string | undefined;
765}
766
767export interface Auth0UserProfile {
768 name: string;
769 nickname: string;
770 picture: string;
771 user_id: string;
772 username?: string | undefined;
773 given_name?: string | undefined;
774 family_name?: string | undefined;
775 email?: string | undefined;
776 email_verified?: boolean | undefined;
777 clientID: string;
778 gender?: string | undefined;
779 locale?: string | undefined;
780 identities: Auth0Identity[];
781 created_at: string;
782 updated_at: string;
783 sub: string;
784 user_metadata?: any;
785 app_metadata?: any;
786}
787
788export interface MicrosoftUserProfile extends Auth0UserProfile {
789 emails?: string[] | undefined; // optional depending on whether email addresses permission is granted
790}
791
792export interface Office365UserProfile extends Auth0UserProfile {
793 tenantid: string;
794 upn: string;
795}
796
797export interface AdfsUserProfile extends Auth0UserProfile {
798 issuer?: string | undefined;
799}
800
801export interface AuthorizeUrlOptions {
802 /**
803 * your Auth0 client identifier obtained when creating the client in the Auth0 Dashboard
804 */
805 clientID?: string | undefined;
806 /**
807 * url that the Auth0 will redirect after Auth with the Authorization Response
808 */
809 redirectUri: string;
810 /**
811 * type of the response used by OAuth 2.0 flow. It can be any space separated
812 * list of the values `code`, `token`, `id_token`.
813 * {@link https://openid.net/specs/oauth-v2-multiple-response-types-1_0}
814 */
815 responseType: string;
816 /**
817 * how the Auth response is encoded and redirected back to the client.
818 * Supported values are `query`, `fragment` and `form_post`
819 * {@link https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes}
820 */
821 responseMode?: "query" | "fragment" | "form_post" | undefined;
822 /**
823 * value used to mitigate XSRF attacks.
824 * {@link https://auth0.com/docs/protocols/oauth2/oauth-state}
825 */
826 state?: string | undefined;
827 /**
828 * value used to mitigate replay attacks when using Implicit Grant.
829 * {@link https://auth0.com/docs/api-auth/tutorials/nonce}
830 */
831 nonce?: string | undefined;
832 /**
833 * scopes to be requested during Auth. e.g. `openid email`
834 */
835 scope?: string | undefined;
836 /**
837 * identifier of the resource server who will consume the access token issued after Auth
838 */
839 audience?: string | undefined;
840}
841
842export interface Auth0Identity {
843 connection: string;
844 isSocial: boolean;
845 provider: string;
846 user_id: string;
847}
848
849export interface LoginOptions {
850 username: string;
851 password: string;
852 scope?: string | undefined;
853}
854
855export interface DefaultLoginOptions extends LoginOptions {
856 audience?: string | undefined;
857 realm: string;
858}
859
860export interface DefaultDirectoryLoginOptions extends LoginOptions {
861 audience?: string | undefined;
862}
863
864export interface ResourceOwnerLoginOptions extends LoginOptions {
865 connection: string;
866 device?: string | undefined;
867}
868
869export interface CrossOriginLoginOptions {
870 username?: string | undefined;
871 email?: string | undefined;
872 password: string;
873 realm?: string | undefined;
874 domain?: string | undefined;
875 clientID?: string | undefined;
876 redirectUri?: string | undefined;
877 responseType?: string | undefined;
878 responseMode?: string | undefined;
879 state?: string | undefined;
880 nonce?: string | undefined;
881 scope?: string | undefined;
882 audience?: string | undefined;
883 captcha?: Captcha | undefined;
884 // eslint-disable-next-line @typescript-eslint/no-invalid-void-type
885 onRedirecting?: (done: () => void) => void | undefined;
886}
887
888export interface LogoutOptions {
889 clientID?: string | undefined;
890 returnTo?: string | undefined;
891 federated?: boolean | undefined;
892}
893
894export interface DelegationOptions {
895 client_id?: string | undefined;
896 grant_type: string;
897 id_token?: string | undefined;
898 refresh_token?: string | undefined;
899 target?: string | undefined;
900 scope?: string | undefined;
901 api_type?: string | undefined;
902}
903
904export interface DbSignUpOptions {
905 /** user email address */
906 email: string;
907 /** user password */
908 password: string;
909 /** name of the connection where the user will be created */
910 connection: string;
911 /** User desired username. Required if you use a database connection and you have enabled `Requires Username` */
912 username?: string | undefined;
913 scope?: string | undefined;
914 /** additional signup attributes used for creating the user. Will be stored in `user_metadata` */
915 userMetadata?: unknown | undefined;
916}
917
918/** result of the signup request */
919export interface DbSignUpResults {
920 /** user's email */
921 email: string;
922 /** if the user's email was verified */
923 emailVerified: boolean;
924}
925
926export interface ParseHashOptions {
927 hash?: string | undefined;
928 state?: string | undefined;
929 nonce?: string | undefined;
930 _idTokenVerification?: boolean | undefined;
931 /** indicates that you want to allow IdP-Initiated flows. See {@link https://auth0.com/docs/protocols/saml/idp-initiated-sso#lock-auth0-js} */
932 __enableIdPInitiatedLogin?: boolean | undefined;
933}
934
935export interface RenewAuthOptions {
936 /**
937 * your Auth0 domain
938 */
939 domain?: string | undefined;
940 /**
941 * your Auth0 client identifier obtained when creating the client in the Auth0 Dashboard
942 */
943 clientID?: string | undefined;
944 /**
945 * url that the Auth0 will redirect after Auth with the Authorization Response
946 */
947 redirectUri?: string | undefined;
948 /**
949 * type of the response used by OAuth 2.0 flow. It can be any space separated
950 * list of the values `code`, `token`, `id_token`.
951 * {@link https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html}
952 */
953 responseType?: string | undefined;
954 /**
955 * how the Auth response is encoded and redirected back to the client.
956 * Supported values are `query`, `fragment` and `form_post`.
957 * The `query` value is only supported when `responseType` is `code`.
958 * {@link https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes}
959 */
960 responseMode?: string | undefined;
961 /**
962 * value used to mitigate XSRF attacks.
963 * {@link https://auth0.com/docs/protocols/oauth2/oauth-state}
964 */
965 state?: string | undefined;
966 /**
967 * value used to mitigate replay attacks when using Implicit Grant.
968 * {@link https://auth0.com/docs/api-auth/tutorials/nonce}
969 */
970 nonce?: string | undefined;
971 /**
972 * scopes to be requested during Auth. e.g. `openid email`
973 */
974 scope?: string | undefined;
975 /**
976 * identifier of the resource server who will consume the access token issued after Auth
977 */
978 audience?: string | undefined;
979 /**
980 * identifier data type to look for in postMessage event data, where events are initiated
981 * from silent callback urls, before accepting a message event is the event expected.
982 * A value of false means any postMessage event will trigger a callback.
983 */
984 postMessageDataType?: string | undefined;
985 /**
986 * origin of redirectUri to expect postMessage response from.
987 * Defaults to the origin of the receiving window. Only used if usePostMessage is truthy.
988 */
989 postMessageOrigin?: string | undefined;
990 /**
991 * value in milliseconds used to timeout when the `/authorize` call is failing
992 * as part of the silent authentication with postmessage enabled due to a configuration.
993 */
994 timeout?: number | undefined;
995 /**
996 * use postMessage to communicate between the silent callback and the SPA.
997 * When false the SDK will attempt to parse the url hash should ignore the url hash
998 * and no extra behaviour is needed
999 * @default false
1000 */
1001 usePostMessage?: boolean | undefined;
1002}
1003
1004export interface AuthorizeOptions {
1005 domain?: string | undefined;
1006 clientID?: string | undefined;
1007 connection?: string | undefined;
1008 redirectUri?: string | undefined;
1009 responseType?: string | undefined;
1010 responseMode?: string | undefined;
1011 state?: string | undefined;
1012 nonce?: string | undefined;
1013 scope?: string | undefined;
1014 audience?: string | undefined;
1015 language?: string | undefined;
1016 login_hint?: string | undefined;
1017 prompt?: string | undefined;
1018 mode?: "login" | "signUp" | undefined;
1019 screen_hint?: "signup" | undefined;
1020 accessType?: string | undefined;
1021 approvalPrompt?: string | undefined;
1022 appState?: any;
1023 connection_scope?: string | string[] | undefined;
1024 organization?: string | undefined;
1025 invitation?: string | undefined;
1026}
1027
1028export type SsoDataResult = SsoSessionFoundResult | SsoSessionNotFoundResult;
1029
1030export interface SsoSessionFoundResult {
1031 lastUsedClientID: string;
1032 lastUsedConnection: {
1033 name: string;
1034 strategy?: string | undefined;
1035 };
1036 lastUsedUserID: string;
1037 lastUsedUsername: string;
1038 sessionClients: string[];
1039 sso: true;
1040}
1041
1042export interface SsoSessionNotFoundResult {
1043 sso: false;
1044}
1045
1046export interface CheckSessionOptions extends AuthorizeOptions {
1047 /**
1048 * optional parameter for auth0 to use postMessage to communicate between the silent callback and the SPA.
1049 */
1050 usePostMessage?: boolean | undefined;
1051}
1052
1053export const version: {
1054 raw: string;
1055};