Thrown when handling the redirect callback for the connect flow fails, will be one of Auth0's Authentication API's Standard Error Responses: https://auth0.com/docs/api/authentication?javascript#standard-error-responses
-Thrown when network requests to the Auth server fail.
-try {
const challenge = await mfa.challenge({
mfaToken: mfaToken,
challengeType: 'otp',
authenticatorId: 'otp|dev_123'
});
} catch (error) {
if (error instanceof MfaChallengeError) {
console.log(error.error); // 'too_many_attempts'
console.log(error.error_description); // 'Rate limit exceeded'
}
}
Base class for MFA-related errors in auth0-spa-js. Extends GenericError for unified error hierarchy across the SDK.
-Error thrown when the token exchange results in a mfa_required error
try {
const tokens = await mfa.verify({
mfaToken: mfaToken,
grant_type: 'http://auth0.com/oauth/grant-type/mfa-otp',
otp: '123456'
});
} catch (error) {
if (error instanceof MfaVerifyError) {
console.log(error.error); // 'invalid_otp' or 'context_not_found'
console.log(error.error_description); // Error details
}
}
Error thrown when there is no refresh token to use
-An OAuth2 error will come from the authorization server and will have at least an error property which will
be the error code. And possibly an error_description property
See: https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.3.1.2.6
-Optionalerror_description: stringOptionalerror_description: stringOptionalerror_OptionalstackStaticstackThe Error.stackTraceLimit property specifies the number of stack frames
collected by a stack trace (whether generated by new Error().stack or
Error.captureStackTrace(obj)).
The default value is 10 but may be set to any valid JavaScript number. Changes
diff --git a/docs/classes/PasskeyChallengeError.html b/docs/classes/PasskeyChallengeError.html
new file mode 100644
index 00000000..263e743e
--- /dev/null
+++ b/docs/classes/PasskeyChallengeError.html
@@ -0,0 +1,35 @@
+
Error thrown when requesting a passkey login challenge fails.
+Optionalcause: PasskeyApiErrorResponseOptionalcauseOptionalstackStaticstackThe Error.stackTraceLimit property specifies the number of stack frames
+collected by a stack trace (whether generated by new Error().stack or
+Error.captureStackTrace(obj)).
The default value is 10 but may be set to any valid JavaScript number. Changes
+will affect any stack trace captured after the value has been changed.
If set to a non-number value, or set to a negative number, stack traces will +not capture any frames.
+StaticcaptureCreates a .stack property on targetObject, which when accessed returns
+a string representing the location in the code at which
+Error.captureStackTrace() was called.
const myObject = {};
Error.captureStackTrace(myObject);
myObject.stack; // Similar to `new Error().stack`
+The first line of the trace will be prefixed with
+${myObject.name}: ${myObject.message}.
The optional constructorOpt argument accepts a function. If given, all frames
+above constructorOpt, including constructorOpt, will be omitted from the
+generated stack trace.
The constructorOpt argument is useful for hiding implementation
+details of error generation from the user. For instance:
function a() {
b();
}
function b() {
c();
}
function c() {
// Create an error without stack trace to avoid calculating the stack trace twice.
const { stackTraceLimit } = Error;
Error.stackTraceLimit = 0;
const error = new Error();
Error.stackTraceLimit = stackTraceLimit;
// Capture the stack trace above function b
Error.captureStackTrace(error, b); // Neither function c, nor b is included in the stack trace
throw error;
}
a();
+OptionalconstructorOpt: FunctionStaticprepareOptionalcause: PasskeyErrorResponseOptional ReadonlycauseReadonlycodeOptionalstackStaticstackThe Error.stackTraceLimit property specifies the number of stack frames
+collected by a stack trace (whether generated by new Error().stack or
+Error.captureStackTrace(obj)).
The default value is 10 but may be set to any valid JavaScript number. Changes
+will affect any stack trace captured after the value has been changed.
If set to a non-number value, or set to a negative number, stack traces will +not capture any frames.
+StaticcaptureCreates a .stack property on targetObject, which when accessed returns
+a string representing the location in the code at which
+Error.captureStackTrace() was called.
const myObject = {};
Error.captureStackTrace(myObject);
myObject.stack; // Similar to `new Error().stack`
+The first line of the trace will be prefixed with
+${myObject.name}: ${myObject.message}.
The optional constructorOpt argument accepts a function. If given, all frames
+above constructorOpt, including constructorOpt, will be omitted from the
+generated stack trace.
The constructorOpt argument is useful for hiding implementation
+details of error generation from the user. For instance:
function a() {
b();
}
function b() {
c();
}
function c() {
// Create an error without stack trace to avoid calculating the stack trace twice.
const { stackTraceLimit } = Error;
Error.stackTraceLimit = 0;
const error = new Error();
Error.stackTraceLimit = stackTraceLimit;
// Capture the stack trace above function b
Error.captureStackTrace(error, b); // Neither function c, nor b is included in the stack trace
throw error;
}
a();
+OptionalconstructorOpt: FunctionStaticprepareError thrown when exchanging a passkey credential for tokens fails.
+Optionalcause: PasskeyApiErrorResponseOptionalcauseOptionalstackStaticstackThe Error.stackTraceLimit property specifies the number of stack frames
+collected by a stack trace (whether generated by new Error().stack or
+Error.captureStackTrace(obj)).
The default value is 10 but may be set to any valid JavaScript number. Changes
+will affect any stack trace captured after the value has been changed.
If set to a non-number value, or set to a negative number, stack traces will +not capture any frames.
+StaticcaptureCreates a .stack property on targetObject, which when accessed returns
+a string representing the location in the code at which
+Error.captureStackTrace() was called.
const myObject = {};
Error.captureStackTrace(myObject);
myObject.stack; // Similar to `new Error().stack`
+The first line of the trace will be prefixed with
+${myObject.name}: ${myObject.message}.
The optional constructorOpt argument accepts a function. If given, all frames
+above constructorOpt, including constructorOpt, will be omitted from the
+generated stack trace.
The constructorOpt argument is useful for hiding implementation
+details of error generation from the user. For instance:
function a() {
b();
}
function b() {
c();
}
function c() {
// Create an error without stack trace to avoid calculating the stack trace twice.
const { stackTraceLimit } = Error;
Error.stackTraceLimit = 0;
const error = new Error();
Error.stackTraceLimit = stackTraceLimit;
// Capture the stack trace above function b
Error.captureStackTrace(error, b); // Neither function c, nor b is included in the stack trace
throw error;
}
a();
+OptionalconstructorOpt: FunctionStaticprepareError thrown when requesting a passkey register challenge fails.
+Optionalcause: PasskeyApiErrorResponseOptionalcauseOptionalstackStaticstackThe Error.stackTraceLimit property specifies the number of stack frames
+collected by a stack trace (whether generated by new Error().stack or
+Error.captureStackTrace(obj)).
The default value is 10 but may be set to any valid JavaScript number. Changes
+will affect any stack trace captured after the value has been changed.
If set to a non-number value, or set to a negative number, stack traces will +not capture any frames.
+StaticcaptureCreates a .stack property on targetObject, which when accessed returns
+a string representing the location in the code at which
+Error.captureStackTrace() was called.
const myObject = {};
Error.captureStackTrace(myObject);
myObject.stack; // Similar to `new Error().stack`
+The first line of the trace will be prefixed with
+${myObject.name}: ${myObject.message}.
The optional constructorOpt argument accepts a function. If given, all frames
+above constructorOpt, including constructorOpt, will be omitted from the
+generated stack trace.
The constructorOpt argument is useful for hiding implementation
+details of error generation from the user. For instance:
function a() {
b();
}
function b() {
c();
}
function c() {
// Create an error without stack trace to avoid calculating the stack trace twice.
const { stackTraceLimit } = Error;
Error.stackTraceLimit = 0;
const error = new Error();
Error.stackTraceLimit = stackTraceLimit;
// Capture the stack trace above function b
Error.captureStackTrace(error, b); // Neither function c, nor b is included in the stack trace
throw error;
}
a();
+OptionalconstructorOpt: FunctionStaticprepareThrown when network requests to the Auth server fail.
-Thrown when network requests to the Auth server fail.
-Error thrown when the login popup times out (if the user does not complete auth)
-Thrown when silent auth times out (usually due to a configuration issue) or when network requests to the Auth server timeout.
-Error thrown when the wrong DPoP nonce is used and a potential subsequent retry wasn't able to fix it.
-Provides the Auth0Context to its child components.
-Use the useAuth0 hook in your components to access the auth state and methods.
TUser is an optional type param to provide a type to the user field.
Wrap your class components in this Higher Order Component to give them access to the Auth0Context.
Providing a context as the second argument allows you to configure the Auth0Provider the Auth0Context should come from f you have multiple within your application.
-When you wrap your components in this Higher Order Component and an anonymous user visits your component they will be redirected to the login page; after login they will be returned to the page they were redirected from.
-Contains the authenticated state and authentication methods provided by the useAuth0 hook.
await connectAccountWithRedirect({
connection: 'google-oauth2',
scopes: ['openid', 'profile', 'email', 'https://www.googleapis.com/auth/drive.readonly'],
authorization_params: {
// additional authorization params to forward to the authorization server
}
});
@@ -28,7 +29,7 @@
where the user can authenticate and authorize the account to be connected.
If connecting the account is successful onRedirectCallback will be called
with the details of the connected account.
-Returns a new Fetcher class that will contain a fetchWithAuth() method.
+
Returns a new Fetcher class that will contain a fetchWithAuth() method.
This is a drop-in replacement for the Fetch API's fetch() method, but will
handle certain authentication logic for you, like building the proper auth
headers or managing DPoP nonces and retries automatically.
Check the EXAMPLES.md file for a deeper look into this method.
Optionalconfig: FetcherConfig<TOutput>const tokenResponse = await customTokenExchange({
subject_token: 'ey...',
subject_token_type: 'urn:acme:legacy-system-token',
actor_token: 'ey...',
actor_token_type: 'https://idp.example.com/token-type/agent',
});
+Optionalconfig: FetcherConfig<TOutput>const tokenResponse = await customTokenExchange({
subject_token: 'ey...',
subject_token_type: 'urn:acme:legacy-system-token',
actor_token: 'ey...',
actor_token_type: 'https://idp.example.com/token-type/agent',
});
Exchanges an external subject token for Auth0 tokens without affecting the current session.
@@ -50,7 +51,7 @@refresh_token in the response is expected and will not cause an error.
The options required to perform the token exchange.
A promise that resolves to the token endpoint response.
-The options required to perform the token exchange
+The options required to perform the token exchange
A promise that resolves to the token endpoint response containing Auth0 tokens
Use loginWithCustomTokenExchange() instead. This method will be removed in the next major version.
const tokenResponse = await exchangeToken({
subject_token: 'external_token_value',
subject_token_type: 'urn:acme:legacy-system-token',
scope: 'openid profile email'
});
@@ -64,13 +65,13 @@
// Instead of:
const tokens = await exchangeToken(options);
// Use:
const tokens = await loginWithCustomTokenExchange(options);
-Returns a string to be used to demonstrate possession of the private +
Returns a string to be used to demonstrate possession of the private key used to cryptographically bind access tokens with DPoP.
It requires enabling the Auth0ClientOptions.useDpop option.
Returns a string to be used to demonstrate possession of the private key used to cryptographically bind access tokens with DPoP.
It requires enabling the Auth0ClientOptions.useDpop option.
-const token = await getAccessTokenSilently(options);
+const token = await getAccessTokenSilently(options);
If there's a valid token stored, return it. Otherwise, opens an @@ -89,7 +90,7 @@ back to using an iframe to make the token exchange.
Note that in all cases, falling back to an iframe requires access to
the auth0 cookie.
const token = await getTokenWithPopup(options, config);
+const token = await getTokenWithPopup(options, config);
Get an access token interactively.
@@ -97,7 +98,7 @@ provided as arguments. Random and securestate and nonce
parameters will be auto-generated. If the response is successful,
results will be valid according to their expiration times.
-const config = getConfiguration();
// { domain: 'tenant.auth0.com', clientId: 'abc123' }
+const config = getConfiguration();
// { domain: 'tenant.auth0.com', clientId: 'abc123' }
Returns a readonly copy of the initialization configuration @@ -107,7 +108,7 @@
Returns the current DPoP nonce used for making requests to Auth0.
+Returns the current DPoP nonce used for making requests to Auth0.
It can return undefined because when starting fresh it will not
be populated until after the first response from the server.
It requires enabling the Auth0ClientOptions.useDpop option.
@@ -122,16 +123,16 @@const claims = await getIdTokenClaims();
+const claims = await getIdTokenClaims();
Returns all claims from the id_token if available.
-After the browser redirects back to the callback page, +
After the browser redirects back to the callback page,
call handleRedirectCallback to handle success and error
responses from Auth0. If the response is successful, results
will be valid according to their expiration times.
Optionalurl: stringThe URL to that should be used to retrieve the state and code values. Defaults to window.location.href if not given.
await loginWithCustomTokenExchange(options);
+await loginWithCustomTokenExchange(options);
Exchanges an external subject token for Auth0 tokens and logs the user in. @@ -155,7 +156,7 @@
const options = {
subject_token: 'eyJhbGciOiJIUzI1NiIsInR5cCI6Ikp...',
subject_token_type: 'urn:acme:legacy-system-token',
scope: 'openid profile email',
audience: 'https://api.example.com',
organization: 'org_12345'
};
try {
const tokenResponse = await loginWithCustomTokenExchange(options);
console.log('Access token:', tokenResponse.access_token);
// User is now logged in - access user info
const user = await getUser();
console.log('Logged in user:', user);
} catch (error) {
console.error('Token exchange failed:', error);
}
await loginWithPopup(options, config);
+await loginWithPopup(options, config);
Opens a popup with the /authorize URL using the parameters
@@ -165,20 +166,20 @@
IMPORTANT: This method has to be called from an event handler that was started by the user like a button click, for example, otherwise the popup will be blocked in most browsers.
-await loginWithRedirect(options);
+await loginWithRedirect(options);
Performs a redirect to /authorize using the parameters
provided as arguments. Random and secure state and nonce
parameters will be auto-generated.
auth0.logout({ logoutParams: { returnTo: window.location.origin } });
+auth0.logout({ logoutParams: { returnTo: window.location.origin } });
Clears the application session and performs a redirect to /v2/logout, using
the parameters provided as arguments, to clear the Auth0 session.
If the logoutParams.federated option is specified, it also clears the Identity Provider session.
Read more about how Logout works at Auth0.
const { mfa } = useAuth0();
const authenticators = await mfa.getAuthenticators(mfaToken);
+const { mfa } = useAuth0();
const authenticators = await mfa.getAuthenticators(mfaToken);
MFA API client for Multi-Factor Authentication operations.
@@ -193,7 +194,17 @@const { mfa, getAccessTokenSilently } = useAuth0();
try {
await getAccessTokenSilently();
} catch (error) {
if (error.error === 'mfa_required') {
// Check if enrollment is needed
const factors = await mfa.getEnrollmentFactors(error.mfa_token);
if (factors.length > 0) {
// Enroll in OTP
const enrollment = await mfa.enroll({
mfaToken: error.mfa_token,
factorType: 'otp'
});
console.log('QR Code:', enrollment.barcodeUri);
}
// Get authenticators and challenge
const authenticators = await mfa.getAuthenticators(error.mfa_token);
await mfa.challenge({
mfaToken: error.mfa_token,
challengeType: 'otp',
authenticatorId: authenticators[0].id
});
// Verify with user's code
const tokens = await mfa.verify({
mfaToken: error.mfa_token,
otp: userCode
});
}
}
Sets the current DPoP nonce used for making requests to Auth0.
+const { passkey } = useAuth0();
const tokens = await passkey.signup({ email: 'user@example.com' });
+Passkey API client for WebAuthn-based passwordless authentication.
+signup(options) — register a new user and create a passkey credentiallogin(options?) — authenticate an existing user via passkey assertionBoth methods exchange the WebAuthn credential for Auth0 tokens and update
+isAuthenticated / user in the same way as loginWithPopup.
Sets the current DPoP nonce used for making requests to Auth0.
It requires enabling the Auth0ClientOptions.useDpop option.
Sets the current DPoP nonce used for making requests to Auth0.
It requires enabling the Auth0ClientOptions.useDpop option.
@@ -205,4 +216,4 @@Email enrollment parameters
-OptionalemailEmail address (optional, uses user's email if not provided)
diff --git a/docs/interfaces/EnrollOtpParams.html b/docs/interfaces/EnrollOtpParams.html index 559ce36e..9a8674d3 100644 --- a/docs/interfaces/EnrollOtpParams.html +++ b/docs/interfaces/EnrollOtpParams.html @@ -1,5 +1,5 @@OTP (Time-based One-Time Password) enrollment parameters
-The factor type for enrollment
MFA token from mfa_required error
diff --git a/docs/interfaces/EnrollPushParams.html b/docs/interfaces/EnrollPushParams.html index 6a1b93f1..4a457f65 100644 --- a/docs/interfaces/EnrollPushParams.html +++ b/docs/interfaces/EnrollPushParams.html @@ -1,5 +1,5 @@Push notification enrollment parameters
-The factor type for enrollment
MFA token from mfa_required error
diff --git a/docs/interfaces/EnrollSmsParams.html b/docs/interfaces/EnrollSmsParams.html index 7836af72..a4c32ba9 100644 --- a/docs/interfaces/EnrollSmsParams.html +++ b/docs/interfaces/EnrollSmsParams.html @@ -1,5 +1,5 @@SMS enrollment parameters
-The factor type for enrollment
diff --git a/docs/interfaces/EnrollVoiceParams.html b/docs/interfaces/EnrollVoiceParams.html index 4b673f1f..53df7e43 100644 --- a/docs/interfaces/EnrollVoiceParams.html +++ b/docs/interfaces/EnrollVoiceParams.html @@ -1,5 +1,5 @@Voice enrollment parameters
-The factor type for enrollment
diff --git a/docs/interfaces/GetTokenWithPopupOptions.html b/docs/interfaces/GetTokenWithPopupOptions.html index 47b70cb2..e0bbb82b 100644 --- a/docs/interfaces/GetTokenWithPopupOptions.html +++ b/docs/interfaces/GetTokenWithPopupOptions.html @@ -1,4 +1,4 @@ -OptionalauthorizationURL parameters that will be sent back to the Authorization Server. This can be known parameters defined by Auth0 or custom parameters that you define.
diff --git a/docs/interfaces/LogoutOptions.html b/docs/interfaces/LogoutOptions.html index a6e7729f..154558fd 100644 --- a/docs/interfaces/LogoutOptions.html +++ b/docs/interfaces/LogoutOptions.html @@ -1,4 +1,4 @@ -OptionalclientThe clientId of your application.
Client for Auth0 Passkey operations.
+Provides 2 public methods:
+signup — Register a new user with a passkey (full flow: challenge → WebAuthn → token exchange)login — Sign in with a passkey (full flow: challenge → WebAuthn → token exchange)Sign in with an existing passkey.
+Handles the full flow: requests a login challenge, triggers the browser +WebAuthn assertion ceremony, serializes the result, and exchanges it +for tokens.
+Optionaloptions: PasskeyLoginOptionsOptional passkey login options (optional scope/audience/realm/organization)
+A promise that resolves to the token endpoint response containing access/ID tokens
+Register a new user with a passkey.
+Handles the full flow: requests a signup challenge, triggers the browser +WebAuthn credential creation ceremony, serializes the result, and exchanges +it for tokens.
+Passkey signup options (user identifier, optional scope/audience)
+A promise that resolves to the token endpoint response containing access/ID tokens
+Components wrapped in withAuth0 will have an additional auth0 prop
Options for the withAuthenticationRequired Higher Order Component
-OptionalcontextThe context to be used when calling useAuth0, this should only be provided if you are using multiple Auth0Providers within your application and you wish to tie a specific component to a Auth0Provider other than the Auth0Provider associated with the default Auth0Context.
-OptionalloginwithAuthenticationRequired(Profile, {
loginOptions: {
appState: {
customProp: 'foo'
}
}
})
+OptionalloginwithAuthenticationRequired(Profile, {
loginOptions: {
appState: {
customProp: 'foo'
}
}
})
Pass additional login options, like extra appState to the login page.
This will be merged with the returnTo option used by the onRedirectCallback handler.
OptionalonwithAuthenticationRequired(Profile, {
onBeforeAuthentication: () => { analyticsLibrary.track('login_triggered'); }
})
+OptionalonwithAuthenticationRequired(Profile, {
onBeforeAuthentication: () => { analyticsLibrary.track('login_triggered'); }
})
Allows executing logic before the user is redirected to the login page.
-OptionalonwithAuthenticationRequired(Profile, {
onRedirecting: () => <div>Redirecting you to the login...</div>
})
+OptionalonwithAuthenticationRequired(Profile, {
onRedirecting: () => <div>Redirecting you to the login...</div>
})
Render a message to show that the user is being redirected to the login.
-OptionalreturnwithAuthenticationRequired(Profile, {
returnTo: '/profile'
})
+OptionalreturnwithAuthenticationRequired(Profile, {
returnTo: '/profile'
})
or
@@ -28,4 +28,4 @@Add a path for the onRedirectCallback handler to return the user to after login.
The state of the application before the user was redirected to the login page and any account that the user may have connected to.
-The main configuration to instantiate the Auth0Provider.
Either provide domain and clientId (Auth0ProviderWithConfigOptions)
or a pre-configured client instance (Auth0ProviderWithClientOptions).
Options for Auth0Provider when configuring Auth0 via domain and clientId.
Use this type when building wrapper components around Auth0Provider.
The account that has been connected during the connect flow.
-Options for passkey login (authenticating with an existing passkey).
+Options for passkey signup (registering a new user with a passkey).
+ConstThe Auth0 Context
-
Thrown when handling the redirect callback fails, will be one of Auth0's Authentication API's Standard Error Responses: https://auth0.com/docs/api/authentication?javascript#standard-error-responses
-