Static createStatic
+ createOptional
+ config:
+ AuthConfig
+ + Gets the config that has been set by other consumers of the + service +
++ Sets configuration to be read by other consumers of the + service (see usage notes) +
+The configuration to set
+Static forInitialize the authentication module system. Configuration can either be specified here, -or by calling AuthClientConfig.set (perhaps from an APP_INITIALIZER factory function).
-Optional config: AuthConfigThe optional configuration for the SDK.
-Static
+ for+ Initialize the authentication module system. Configuration + can either be specified here, or by calling + AuthClientConfig.set (perhaps from an APP_INITIALIZER + factory function). +
+Optional
+ config:
+ AuthConfig
+ The optional configuration for the SDK.
+Readonly appEmits the value (if any) that was passed to the loginWithRedirect method call
-but only after handleRedirectCallback is first called
Readonly error$Emits errors that occur during login, or when checking for an active session on startup.
-Readonly idEmits ID token claims when authenticated, or null if not authenticated.
-Readonly isEmits boolean values indicating the authentication state of the user. If true, it means a user has authenticated.
-This depends on the value of isLoading$, so there is no need to manually check the loading state of the SDK.
Readonly isEmits boolean values indicating the loading state of the SDK.
-Readonly user$Emits details about the authenticated user, or null if not authenticated.
-Fetches a new access token and returns the response from the /oauth/token endpoint, omitting the refresh token.
-The options for configuring the token fetch.
-Fetches a new access token and returns it.
-Optional options: GetTokenSilentlyOptionsThe options for configuring the token fetch.
-getTokenWithPopup(options).subscribe(token => ...)
+
+
+
+
+
+ AuthService | @auth0/auth0-angular
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Class AuthService<TAppState>
+
+
+ Type Parameters
+
+
+
+ Hierarchy
+
+ - AuthService
+
+
+
+ Implements
+
+ - OnDestroy
+
+
+
+
+
+
+
+
+
+ Index
+
+
+
+
+
+
+
+ Constructors
+
+
+
+ constructor
+
+
+ -
+ new
+ -
+
+ Type Parameters
+
+
+
+ Parameters
+
+ -
+
+ auth0Client:
+ Auth0Client
+
+
+ -
+
+ configFactory:
+ AuthClientConfig
+
+
+ -
+
+ navigator:
+ AbstractNavigator
+
+
+ -
+
+ authState:
+ AuthState
+
+
+
+
+
+ Returns
+ AuthService<TAppState>
+
+
+
+
+
+
+
+ Properties
+
+
+
+ Readonly
+ app
+
+ app
+ Emits the value (if any) that was passed to the
+ loginWithRedirect method call but only
+ after handleRedirectCallback is
+ first called
+
+
+
+
+
+
+
+ Readonly
+ error$
+
+
+ error$:
+ Observable<Error> = ...
+
+
+
+ Emits errors that occur during login, or when checking for an
+ active session on startup.
+
+
+
+
+
+
+
+ Readonly
+ id
+
+
+
+ Emits ID token claims when authenticated, or null if not
+ authenticated.
+
+
+
+
+
+
+
+ Readonly
+ is
+
+ is
+ Emits boolean values indicating the authentication state of the
+ user. If true, it means a user has authenticated.
+ This depends on the value of isLoading$, so there
+ is no need to manually check the loading state of the SDK.
+
+
+
+
+
+
+
+ Readonly
+ is
+
+ is
+ Emits boolean values indicating the loading state of the SDK.
+
+
+
+
+
+
+
+ Readonly
+ user$
+
+
+
+
+ Emits details about the authenticated user, or null if not
+ authenticated.
+
+
+
+
+
+
+ Methods
+
+
+
+ get
+
+ -
+ get
    detailedResponse: true;
}): Observable<GetTokenSilentlyVerboseResponse>
+
+ -
+
+
+ Fetches a new access token and returns the response from the
+ /oauth/token endpoint, omitting the refresh token.
+
+
+
+ Parameters
+
+ -
+
+ options:
+ GetTokenSilentlyOptions & {
    detailedResponse: true;
}
+
+
+ The options for configuring the token fetch.
+
+
+
+
+
+ Returns Observable<GetTokenSilentlyVerboseResponse>
+
+
+
+ -
+ get
+ -
+
+
Fetches a new access token and returns it.
+
+
+ Parameters
+
+ -
+
+ Optional
+ options:
+ GetTokenSilentlyOptions
+
+
+ The options for configuring the token fetch.
+
+
+
+
+
+ Returns Observable<string>
+
+
+
+
+
+
+
+
+ get
+
+ -
+ get
+ -
+
+
getTokenWithPopup(options).subscribe(token => ...)
-Get an access token interactively.
-Opens a popup with the /authorize URL using the parameters
-provided as arguments. Random and secure state and nonce
-parameters will be auto-generated. If the response is successful,
-results will be valid according to their expiration times.
-
-
-Parameters
-
--
-
Optional options: GetTokenWithPopupOptions
-Returns Observable<undefined | string>
-
-handle
-
-- handle
--
-
handleRedirectCallback(url).subscribe(result => ...)
+ Get an access token interactively.
+
+ Opens a popup with the /authorize URL using the
+ parameters provided as arguments. Random and secure
+ state and nonce parameters will be
+ auto-generated. If the response is successful, results will
+ be valid according to their expiration times.
+
+
+
+ Parameters
+
+ -
+
+ Optional
+ options:
+ GetTokenWithPopupOptions
+
+
+
+
+
+ Returns Observable<undefined | string>
+
+
+
+
+
+
+
+
+ handle
+
+ -
+ handle
+ -
+
+
handleRedirectCallback(url).subscribe(result => ...)
-After the browser redirects back to the callback page,
-call handleRedirectCallback to handle success and error
-responses from Auth0. If the response is successful, results
-will be valid according to their expiration times.
-Calling this method also refreshes the authentication and user states.
-
-
-Parameters
-
--
-
Optional url: string
-The URL to that should be used to retrieve the state and code values. Defaults to window.location.href if not given.
-
-Returns Observable<RedirectLoginResult<TAppState>>
-
-login
-
-- login
--
-
await loginWithPopup(options);
+
+ After the browser redirects back to the callback page, call
+ handleRedirectCallback to handle success and
+ error responses from Auth0. If the response is successful,
+ results will be valid according to their expiration times.
+
+
+ Calling this method also refreshes the authentication and
+ user states.
+
+
+
+ Parameters
+
+ -
+
+ Optional
+ url: string
+
+
+
+ The URL to that should be used to retrieve the
+ state and code values.
+ Defaults to window.location.href if not
+ given.
+
+
+
+
+
+
+ Returns Observable<RedirectLoginResult<TAppState>>
+
+
+
+
+
+
+
+
+ login
+
+ -
+ login
+ -
+
+
await loginWithPopup(options);
-Opens a popup with the /authorize URL using the parameters
-provided as arguments. Random and secure state and nonce
-parameters will be auto-generated. If the response is successful,
-results will be valid according to their expiration times.
-IMPORTANT: This method has to be called from an event handler
-that was started by the user like a button click, for example,
-otherwise the popup will be blocked in most browsers.
-
-
-Parameters
-
--
-
Optional options: PopupLoginOptions
-The login options
-
--
-
Optional config: PopupConfigOptions
-Configuration for the popup window
-
-Returns Observable<void>
-
-login
-
-- login
--
-
loginWithRedirect(options);
+
+ Opens a popup with the /authorize URL using the
+ parameters provided as arguments. Random and secure
+ state and nonce parameters will be
+ auto-generated. If the response is successful, results will
+ be valid according to their expiration times.
+
+
+ IMPORTANT: This method has to be called from an event
+ handler that was started by the user like a button click,
+ for example, otherwise the popup will be blocked in most
+ browsers.
+
+
+
+ Parameters
+
+ -
+
+ Optional
+ options:
+ PopupLoginOptions
+
+
+ The login options
+
+
+ -
+
+ Optional
+ config:
+ PopupConfigOptions
+
+
+ Configuration for the popup window
+
+
+
+
+
+ Returns Observable<void>
+
+
+
+
+
+
+
+
+ login
+
+ -
+ login
+ -
+
+
loginWithRedirect(options);
-Performs a redirect to /authorize using the parameters
-provided as arguments. Random and secure state and nonce
-parameters will be auto-generated.
-
-
-Parameters
-
--
-
Optional options: RedirectLoginOptions<TAppState>
-The login options
-
-Returns Observable<void>
-
-logout
-
-- logout(options?: LogoutOptions): Observable<void>
--
-
logout();
+
+ Performs a redirect to /authorize using the
+ parameters provided as arguments. Random and secure
+ state and nonce parameters will be
+ auto-generated.
+
+
+
+ Parameters
+
+ -
+
+ Optional
+ options:
+ RedirectLoginOptions<TAppState>
+
+
+ The login options
+
+
+
+
+
+ Returns Observable<void>
+
+
+
+
+
+
+
+
+ logout
+
+
+ -
+ logout(options?: LogoutOptions): Observable<void>
+
+ -
+
+
logout();
-Clears the application session and performs a redirect to /v2/logout, using
-the parameters provided as arguments, to clear the Auth0 session.
-If the federated option is specified it also clears the Identity Provider session.
-If the openUrl option is set to false, it only clears the application session.
-It is invalid to set both the federated to true and openUrl to false,
-and an error will be thrown if you do.
-Read more about how Logout works at Auth0.
-
-
-Parameters
-
--
-
Optional options: LogoutOptions
-The logout options
-
-Returns Observable<void>
-
-ng
-
-
-
\ No newline at end of file
+
+ Clears the application session and performs a redirect to
+ /v2/logout, using the parameters provided as
+ arguments, to clear the Auth0 session. If the
+ federated option is specified it also clears
+ the Identity Provider session. If the
+ openUrl option is set to false, it only clears
+ the application session. It is invalid to set both the
+ federated to true and openUrl to
+ false, and an error will be thrown if you do.
+ Read more about how Logout works at Auth0.
+
+ Optional
+ options:
+ LogoutOptions
+ The logout options
+Tracks the Authentication State for the SDK
-Readonly error$Emits errors that occur during login, or when checking for an active session on startup.
-Readonly idEmits ID token claims when authenticated, or null if not authenticated.
-Readonly isEmits boolean values indicating the authentication state of the user. If true, it means a user has authenticated.
-This depends on the value of isLoading$, so there is no need to manually check the loading state of the SDK.
Readonly isEmits boolean values indicating the loading state of the SDK.
-Readonly user$Emits details about the authenticated user, or null if not authenticated.
-Tracks the Authentication State for the SDK
+Readonly
+ error$
+ + Emits errors that occur during login, or when checking for an + active session on startup. +
+Readonly
+ id+ Emits ID token claims when authenticated, or null if not + authenticated. +
+Readonly
+ is
+ Emits boolean values indicating the authentication state of the
+ user. If true, it means a user has authenticated.
+ This depends on the value of isLoading$, so there
+ is no need to manually check the loading state of the SDK.
+
Readonly
+ is+ Emits boolean values indicating the loading state of the SDK. +
+Readonly
+ user$
+ + Emits details about the authenticated user, or null if not + authenticated. +
+Optional addressOptional birthdateOptional emailOptional email_Optional family_Optional genderOptional given_Optional localeOptional middle_Optional nameOptional nicknameOptional phone_Optional phone_Optional pictureOptional preferred_Optional profileOptional subOptional updated_Optional websiteOptional zoneinfoOptional
+ address
+ Optional
+ birthdate
+ Optional
+ email
+ Optional
+ email_Optional
+ family_Optional
+ gender
+ Optional
+ given_Optional
+ locale
+ Optional
+ middle_Optional
+ name
+ Optional
+ nickname
+ Optional
+ phone_Optional
+ phone_Optional
+ picture
+ Optional
+ preferred_Optional
+ profile
+ Optional
+ sub
+ Optional
+ updated_Optional
+ website
+ Optional
+ zoneinfo
+ Const
+ Defines a common set of HTTP methods.
+Functional AuthGuard to ensure routes can only be accessed when authenticated.
-Note: Should only be used as of Angular 15
+ + + + + ++ Functional AuthGuard to ensure routes can only be accessed + when authenticated. +
+Note: Should only be used as of Angular 15
-An Observable, indicating if the route can be accessed or not
-Contains the information about a route associated with a component loaded in an outlet at a particular moment in time.
-Represents the state of the router at a moment in time.
-+ An Observable, indicating if the route can be accessed or not +
++ Contains the information about a route associated with a + component loaded in an outlet at a particular moment in + time. +
++ Represents the state of the router at a moment in time. +
+Functional AuthHttpInterceptor to include the access token in matching requests.
-Note: Should only be used as of Angular 15
+ + + + + ++ Functional AuthHttpInterceptor to include the access token in + matching requests. +
+Note: Should only be used as of Angular 15
-An Observable representing the intercepted HttpRequest
-An outgoing HTTP request with an optional typed body.
-Represents the next interceptor in an interceptor chain, or the real backend if there are no -further interceptors.
-An Observable representing the intercepted HttpRequest
++ An outgoing HTTP request with an optional typed body. +
++ Represents the next interceptor in an interceptor chain, + or the real backend if there are no further + interceptors. +
+A custom type guard to help identify route definitions that are actually HttpInterceptorRouteConfig types.
-The route definition type
-+ A custom type guard to help identify route definitions that + are actually HttpInterceptorRouteConfig types. +
+The route definition type
+Initialize the authentication system. Configuration can either be specified here, -or by calling AuthClientConfig.set (perhaps from an APP_INITIALIZER factory function).
-Note: Should only be used as of Angular 15, and should not be added to a component's providers.
+ + + + + ++ Initialize the authentication system. Configuration can either + be specified here, or by calling AuthClientConfig.set (perhaps + from an APP_INITIALIZER factory function). +
++ Note: Should only be used as of Angular 15, and should not be + added to a component's providers. +
-bootstrapApplication(AppComponent, {
providers: [
provideAuth0(),
],
});
+ Example
+ bootstrapApplication(AppComponent, {
providers: [
provideAuth0(),
],
});
-Optional config: AuthConfigThe optional configuration for the SDK.
-Optional
+ config:
+ AuthConfig
+ The optional configuration for the SDK.
+Angular specific state to be stored before redirect
-Optional targetTarget path the app gets routed to after -handling the callback from Auth0 (defaults to '/')
-Angular specific state to be stored before redirect
+Optional
+ target
+ + Target path the app gets routed to after handling the callback + from Auth0 (defaults to '/') +
+Configuration for the authentication service
-Optional Internal auth0Internal property to send information about the client to the authorization server.
-Optional env?: { Optional authorizationURL parameters that will be sent back to the Authorization Server. This can be known parameters -defined by Auth0 or custom parameters that you define.
-Optional authorizeA maximum number of seconds to wait before declaring background calls to /authorize as failed for timeout -Defaults to 60s.
-Optional cacheSpecify a custom cache implementation to use for token storage and retrieval. This setting takes precedence over cacheLocation if they are both specified.
Optional cacheThe location to use when storing cache data. Valid values are memory or localstorage.
-The default setting is memory.
Read more about changing storage options in the Auth0 docs
-The Client ID found on your Application settings page
-Optional cookieThe domain the cookie is accessible from. If not set, the cookie is scoped to -the current domain, including the subdomain.
-Note: setting this incorrectly may cause silent authentication to stop working -on page load.
-To keep a user logged in across multiple subdomains set this to your
-top-level domain and prefixed with a . (eg: .example.com).
Your Auth0 account domain such as 'example.auth0.com',
-'example.eu.auth0.com' or , 'example.mycompany.com'
-(when using custom domains)
Optional errorPath in your application to redirect to when the Authorization server
-returns an error. Defaults to /
Optional httpConfiguration for the built-in Http Interceptor, used for -automatically attaching access tokens.
-Optional httpSpecify the timeout for HTTP calls using fetch. The default is 10 seconds.
Optional issuerThe issuer to be used for validation of JWTs, optionally defaults to the domain above
-Optional leewayThe value in seconds used to account for clock skew in JWT expirations. -Typically, this value is no more than a minute or two at maximum. -Defaults to 60s.
-Optional legacySets an additional cookie with no SameSite attribute to support legacy browsers -that are not compatible with the latest SameSite changes. -This will log a warning on modern browsers, you can disable the warning by setting -this to false but be aware that some older useragents will not work, -See https://www.chromium.org/updates/same-site/incompatible-clients -Defaults to true
-Optional nowModify the value used as the current time during the token validation.
-Note: Using this improperly can potentially compromise the token validation.
-Optional sessionNumber of days until the cookie auth0.is.authenticated will expire
-Defaults to 1.
Optional skipBy default, if the page URL has code and state parameters, the SDK will assume they are for
-an Auth0 application and attempt to exchange the code for a token.
-In some cases the code might be for something else (e.g. another OAuth SDK). In these
-instances you can instruct the client to ignore them by setting skipRedirectCallback.
AuthModule.forRoot({
skipRedirectCallback: window.location.pathname === '/other-callback'
})
+
+
+
+
+
+ AuthConfig | @auth0/auth0-angular
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Interface AuthConfig
+
+
+
+ Configuration for the authentication service
+
+
+
+ Hierarchy
+
+ -
+ Auth0ClientOptions
+
+ - AuthConfig
+
+
+
+
+
+
+
+
+
+
+
+ Index
+
+
+
+
+ Properties
+
+ auth0
+
+
+
+
+
+ Properties
+
+
+
+ Optional
+ Internal
+ auth0
+
+ auth0
    env?: {
        [key: string]: string;
    };
    name: string;
    version: string;
}
+
+
+
+ Internal property to send information about the client to the
+ authorization server.
+
+
+
+ Type declaration
+
+ -
+
+ Optional
+ env?: {
    [key: string]: string;
}
+
+
+ -
+
+ [key:
+ string]: string
+
+
+
+
+ -
+
+ name: string
+
+
+ -
+
+ version: string
+
+
+
+
+
+
+
+
+
+ Optional
+ authorization
+
+
+
+ URL parameters that will be sent back to the Authorization
+ Server. This can be known parameters defined by Auth0 or custom
+ parameters that you define.
+
+
+
+
+
+
+
+ Optional
+ authorize
+
+ authorize
+ A maximum number of seconds to wait before declaring background
+ calls to /authorize as failed for timeout Defaults to 60s.
+
+
+
+
+
+
+
+ Optional
+ cache
+
+
+ cache?:
+ ICache
+
+
+
+ Specify a custom cache implementation to use for token storage
+ and retrieval. This setting takes precedence over
+ cacheLocation if they are both specified.
+
+
+
+
+
+
+
+ Optional
+ cache
+
+ cache
+ The location to use when storing cache data. Valid values are
+ memory or localstorage. The default
+ setting is memory.
+
+
+ Read more about
+ changing storage options in the Auth0 docs
+
+
+
+
+
+
+
+ client
+
+ clientThe Client ID found on your Application settings page
+
+
+
+
+
+
+ Optional
+ cookie
+
+ cookie
+ The domain the cookie is accessible from. If not set, the cookie
+ is scoped to the current domain, including the subdomain.
+
+
+ Note: setting this incorrectly may cause silent authentication
+ to stop working on page load.
+
+
+ To keep a user logged in across multiple subdomains set this to
+ your top-level domain and prefixed with a . (eg:
+ .example.com).
+
+
+
+
+
+
+
+ domain
+
+
+ domain:
+ string
+
+
+
+ Your Auth0 account domain such as
+ 'example.auth0.com',
+ 'example.eu.auth0.com' or ,
+ 'example.mycompany.com' (when using
+ custom domains)
+
+
+
+
+
+
+
+ Optional
+ error
+
+ error
+ Path in your application to redirect to when the Authorization
+ server returns an error. Defaults to /
+
+
+
+
+
+
+
+ Optional
+ http
+
+
+
+ Configuration for the built-in Http Interceptor, used for
+ automatically attaching access tokens.
+
+
+
+
+
+
+
+ Optional
+ http
+
+ http
+ Specify the timeout for HTTP calls using fetch. The
+ default is 10 seconds.
+
+
+
+
+
+
+
+ Optional
+ issuer
+
+
+ issuer?:
+ string
+
+
+
+ The issuer to be used for validation of JWTs, optionally
+ defaults to the domain above
+
+
+
+
+
+
+
+ Optional
+ leeway
+
+
+ leeway?:
+ number
+
+
+
+ The value in seconds used to account for clock skew in JWT
+ expirations. Typically, this value is no more than a minute or
+ two at maximum. Defaults to 60s.
+
+
+
+
+
+
+
+ Optional
+ legacy
+
+ legacy
+ Sets an additional cookie with no SameSite attribute to support
+ legacy browsers that are not compatible with the latest SameSite
+ changes. This will log a warning on modern browsers, you can
+ disable the warning by setting this to false but be aware that
+ some older useragents will not work, See
+ https://www.chromium.org/updates/same-site/incompatible-clients
+ Defaults to true
+
+
+
+
+
+
+
+ Optional
+ now
+
+ nowType declaration
+
+ -
+
+ -
+ (): number | Promise<number>
+
+ -
+
+
+ Modify the value used as the current time during the
+ token validation.
+
+
+ Note: Using this improperly can
+ potentially compromise the token validation.
+
+
+
+ Returns number | Promise<number>
+
+
+
+
+
+
+
+
+
+
+
+ Optional
+ session
+
+ session
+ Number of days until the cookie
+ auth0.is.authenticated will expire Defaults to 1.
+
+
+
+
+
+
+
+ Optional
+ skip
+
+ skip
+ By default, if the page URL has code and state parameters, the
+ SDK will assume they are for an Auth0 application and attempt to
+ exchange the code for a token. In some cases the code might be
+ for something else (e.g. another OAuth SDK). In these instances
+ you can instruct the client to ignore them by setting
+ skipRedirectCallback.
+
+ AuthModule.forRoot({
skipRedirectCallback: window.location.pathname === '/other-callback'
})
-Note: In the above example, /other-callback is an existing route that will be called
-by any other OAuth provider with a code (or error in case when something went wrong) and state.
-
-
-Optional use
-useIf true, the SDK will use a cookie when storing information about the auth transaction while
-the user is going through the authentication flow on the authorization server.
-The default is false, in which case the SDK will use session storage.
+
+ Note: In the above example,
+ /other-callback is an existing route that will be
+ called by any other OAuth provider with a code (or
+ error in case when something went wrong) and
+ state.
+
+
+
+
+
+
+
+ Optional
+ use
+
+ use
+ If true, the SDK will use a cookie when storing
+ information about the auth transaction while the user is going
+ through the authentication flow on the authorization server.
+
+
+ The default is false, in which case the SDK will
+ use session storage.
+
-Notes
You might want to enable this if you rely on your users being able to authenticate using flows that
-may end up spanning across multiple tabs (e.g. magic links) or you cannot otherwise rely on session storage being available.
-
-
-Optional use
-useIf true, data to the token endpoint is transmitted as x-www-form-urlencoded data, if false it will be transmitted as JSON. The default setting is true.
-Note: Setting this to false may affect you if you use Auth0 Rules and are sending custom, non-primitive data. If you disable this,
-please verify that your Auth0 Rules continue to work as intended.
-
-
-Optional use
-useIf true, refresh tokens are used to fetch new access tokens from the Auth0 server. If false, the legacy technique of using a hidden iframe and the authorization_code grant with prompt=none is used.
-The default setting is false.
-Note: Use of refresh tokens must be enabled by an administrator on your Auth0 client application.
-
-
-Optional use
-useIf true, fallback to the technique of using a hidden iframe and the authorization_code grant with prompt=none when unable to use refresh tokens. If false, the iframe fallback is not used and
-errors relating to a failed refresh_token grant should be handled appropriately. The default setting is false.
-Note: There might be situations where doing silent auth with a Web Message response from an iframe is not possible,
-like when you're serving your application from the file system or a custom protocol (like in a Desktop or Native app).
-In situations like this you can disable the iframe fallback and handle the failed refresh_token grant and prompt the user to login interactively with loginWithRedirect or loginWithPopup."
-E.g. Using the file: protocol in an Electron application does not support that legacy technique.
+ Notes
+
+ You might want to enable this if you rely on your users being
+ able to authenticate using flows that may end up spanning across
+ multiple tabs (e.g. magic links) or you cannot otherwise rely on
+ session storage being available.
+
+
+
+
+
+
+
+ Optional
+ use
+
+ use
+ If true, data to the token endpoint is transmitted as
+ x-www-form-urlencoded data, if false it will be transmitted as
+ JSON. The default setting is true.
+
+
+ Note: Setting this to false may
+ affect you if you use Auth0 Rules and are sending custom,
+ non-primitive data. If you disable this, please verify that your
+ Auth0 Rules continue to work as intended.
+
+
+
+
+
+
+
+ Optional
+ use
+
+ use
+ If true, refresh tokens are used to fetch new access tokens from
+ the Auth0 server. If false, the legacy technique of using a
+ hidden iframe and the authorization_code grant with
+ prompt=none is used. The default setting is
+ false.
+
+
+ Note: Use of refresh tokens must be enabled by
+ an administrator on your Auth0 client application.
+
+
+
+
+
+
+
+ Optional
+ use
+
+ use
+ If true, fallback to the technique of using a hidden iframe and
+ the authorization_code grant with
+ prompt=none when unable to use refresh tokens. If
+ false, the iframe fallback is not used and errors relating to a
+ failed refresh_token grant should be handled
+ appropriately. The default setting is false.
+
+
+ Note: There might be situations where doing
+ silent auth with a Web Message response from an iframe is not
+ possible, like when you're serving your application from the
+ file system or a custom protocol (like in a Desktop or Native
+ app). In situations like this you can disable the iframe
+ fallback and handle the failed refresh_token grant
+ and prompt the user to login interactively with
+ loginWithRedirect or
+ loginWithPopup."
+
+
+ E.g. Using the file: protocol in an Electron
+ application does not support that legacy technique.
+
-Example
let token: string;
try {
token = await auth0.getTokenSilently();
} catch (e) {
if (e.error === 'missing_refresh_token' || e.error === 'invalid_grant') {
auth0.loginWithRedirect();
}
}
+ Example
+ let token: string;
try {
token = await auth0.getTokenSilently();
} catch (e) {
if (e.error === 'missing_refresh_token' || e.error === 'invalid_grant') {
auth0.loginWithRedirect();
}
}
-
-
-
\ No newline at end of file
+ Optional acr_Optional audienceThe default audience to be used for requesting API access.
-Optional connectionThe name of the connection configured for your application. -If null, it will redirect to the Auth0 Login Page and show -the Login Widget.
-Optional display'page': displays the UI with a full page view'popup': displays the UI with a popup window'touch': displays the UI in a way that leverages a touch interface'wap': displays the UI with a "feature phone" type interfaceOptional id_Previously issued ID Token.
-Optional invitationThe Id of an invitation to accept. This is available from the user invitation URL that is given when participating in a user invitation flow.
-Optional login_The user's email address or other identifier. When your app knows -which user is trying to authenticate, you can provide this parameter -to pre-fill the email box or select the right session for sign-in.
-This currently only affects the classic Lock experience.
-Optional max_Maximum allowable elapsed time (in seconds) since authentication. -If the last time the user authenticated is greater than this value, -the user must be reauthenticated.
-Optional organizationThe Id of an organization to log in to.
-This will specify an organization parameter in your user's login request and will add a step to validate
-the org_id claim in your user's ID Token.
Optional prompt'none': do not prompt user for login or consent on reauthentication'login': prompt user for reauthentication'consent': prompt user for consent before processing request'select_account': prompt user to select an accountOptional redirect_The default URL where Auth0 will redirect your browser to with -the authentication result. It must be whitelisted in -the "Allowed Callback URLs" field in your Auth0 Application's -settings. If not provided here, it should be provided in the other -methods that provide authentication.
-Optional scopeThe default scope to be used on authentication requests.
-This defaults to profile email if not set. If you are setting extra scopes and require
-profile and email to be included then you must include them in the provided scope.
Note: The openid scope is always applied regardless of this setting.
Optional screen_Provides a hint to Auth0 as to what flow should be displayed. -The default behavior is to show a login page but you can override -this by passing 'signup' to show the signup page instead.
-This only affects the New Universal Login Experience.
-Optional ui_The space-separated list of language tags, ordered by preference.
-For example: 'fr-CA fr en'.
Optional
+ acr_Optional
+ audience
+ The default audience to be used for requesting API access.
+Optional
+ connection
+ + The name of the connection configured for your application. If + null, it will redirect to the Auth0 Login Page and show the + Login Widget. +
+Optional
+ display
+ 'page': displays the UI with a full page
+ view
+ 'popup': displays the UI with a popup
+ window
+ 'touch': displays the UI in a way that
+ leverages a touch interface
+ 'wap': displays the UI with a
+ "feature phone" type interface
+ Optional
+ id_Previously issued ID Token.
+Optional
+ invitation
+ + The Id of an invitation to accept. This is available from the + user invitation URL that is given when participating in a user + invitation flow. +
+Optional
+ login_+ The user's email address or other identifier. When your app + knows which user is trying to authenticate, you can provide this + parameter to pre-fill the email box or select the right session + for sign-in. +
+This currently only affects the classic Lock experience.
+Optional
+ max_+ Maximum allowable elapsed time (in seconds) since + authentication. If the last time the user authenticated is + greater than this value, the user must be reauthenticated. +
+Optional
+ organization
+ The organization to log in to.
+
+ This will specify an organization parameter in your
+ user's login request.
+
org_), it will be validated against the
+ org_id claim of your user's ID Token. The
+ validation is case-sensitive.
+ org_), it will be
+ validated against the org_name claim of your
+ user's ID Token. The validation is case-insensitive.
+ Optional
+ prompt
+ 'none': do not prompt user for login or
+ consent on reauthentication
+ 'login': prompt user for reauthentication
+ 'consent': prompt user for consent before
+ processing request
+ 'select_account': prompt user to select
+ an account
+ Optional
+ redirect_+ The default URL where Auth0 will redirect your browser to with + the authentication result. It must be whitelisted in the + "Allowed Callback URLs" field in your Auth0 + Application's settings. If not provided here, it should be + provided in the other methods that provide authentication. +
+Optional
+ scope
+ The default scope to be used on authentication requests.
+
+ This defaults to profile email if not set. If you
+ are setting extra scopes and require profile and
+ email to be included then you must include them in
+ the provided scope.
+
+ Note: The openid scope is
+ always applied regardless of this setting.
+
Optional
+ screen_+ Provides a hint to Auth0 as to what flow should be displayed. + The default behavior is to show a login page but you can + override this by passing 'signup' to show the signup + page instead. +
+This only affects the New Universal Login Experience.
+Optional
+ ui_
+ The space-separated list of language tags, ordered by
+ preference. For example: 'fr-CA fr en'.
+
Optional authorizationParameters that will be sent back to Auth0 as part of a request.
-Optional audience?: stringThe audience that was used in the authentication request
-Optional redirect_There's no actual redirect when getting a token silently,
-but, according to the spec, a redirect_uri param is required.
-Auth0 uses this parameter to validate that the current origin
-matches the redirect_uri origin when sending the response.
-It must be whitelisted in the "Allowed Web Origins" in your
-Auth0 Application's settings.
Optional scope?: stringThe scope that was used in the authentication request
-Optional cacheWhen off, ignores the cache and always sends a
-request to Auth0.
-When cache-only, only reads from the cache and never sends a request to Auth0.
-Defaults to on, where it both reads from the cache and sends a request to Auth0 as needed.
Optional detailedIf true, the full response from the /oauth/token endpoint (or the cache, if the cache was used) is returned
-(minus refresh_token if one was issued). Otherwise, just the access token is returned.
The default is false.
Optional timeoutA maximum number of seconds to wait before declaring the background /authorize call as failed for timeout -Defaults to 60s.
-Optional
+ authorization+ Parameters that will be sent back to Auth0 as part of a request. +
+Optional
+ audience?: string
+ + The audience that was used in the authentication request +
+Optional
+ redirect_
+ There's no actual redirect when getting a token
+ silently, but, according to the spec, a
+ redirect_uri param is required. Auth0 uses
+ this parameter to validate that the current
+ origin matches the redirect_uri
+ origin when sending the response. It must be
+ whitelisted in the "Allowed Web Origins" in your
+ Auth0 Application's settings.
+
Optional
+ scope?: string
+ The scope that was used in the authentication request
+Optional
+ cache
+ When off, ignores the cache and always sends a
+ request to Auth0. When cache-only, only reads from
+ the cache and never sends a request to Auth0. Defaults to
+ on, where it both reads from the cache and sends a
+ request to Auth0 as needed.
+
Optional
+ detailed
+ If true, the full response from the /oauth/token endpoint (or
+ the cache, if the cache was used) is returned (minus
+ refresh_token if one was issued). Otherwise, just
+ the access token is returned.
+
The default is false.
Optional
+ timeout+ A maximum number of seconds to wait before declaring the + background /authorize call as failed for timeout Defaults to + 60s. +
+Optional authorizationURL parameters that will be sent back to the Authorization Server. This can be known parameters -defined by Auth0 or custom parameters that you define.
-Optional cacheWhen off, ignores the cache and always sends a request to Auth0.
-When cache-only, only reads from the cache and never sends a request to Auth0.
-Defaults to on, where it both reads from the cache and sends a request to Auth0 as needed.
Optional
+ authorization+ URL parameters that will be sent back to the Authorization + Server. This can be known parameters defined by Auth0 or custom + parameters that you define. +
+Optional
+ cache
+ When off, ignores the cache and always sends a
+ request to Auth0. When cache-only, only reads from
+ the cache and never sends a request to Auth0. Defaults to
+ on, where it both reads from the cache and sends a
+ request to Auth0 as needed.
+
Configuration for the HttpInterceptor
+Configuration for a single interceptor route
-Optional allowAllow the HTTP call to be executed anonymously, when no token is available.
-When omitted (or set to false), calls that match the configuration will fail when no token is available.
-Optional httpThe HTTP method to match on. If specified, the HTTP method of -the outgoing request will be checked against this. If there is no match, the -Authorization header is not attached.
-The HTTP method name is case-sensitive.
-Optional tokenThe options that are passed to the SDK when retrieving the -access token to attach to the outgoing request.
-Optional uriThe URL to test, by supplying the URL to match.
-If test is a match for the current request path from the HTTP client, then
-an access token is attached to the request in the
- "Authorization" header.
If the test does not pass, the request proceeds without the access token attached.
-A wildcard character can be used to match only the start of the URL.
+ + + + + +Configuration for a single interceptor route
+Optional
+ allow+ Allow the HTTP call to be executed anonymously, when no token is + available. +
++ When omitted (or set to false), calls that match the + configuration will fail when no token is available. +
+Optional
+ http+ The HTTP method to match on. If specified, the HTTP method of + the outgoing request will be checked against this. If there is + no match, the Authorization header is not attached. +
+The HTTP method name is case-sensitive.
+Optional
+ token+ The options that are passed to the SDK when retrieving the + access token to attach to the outgoing request. +
+Optional
+ uri
+
+ The URL to test, by supplying the URL to match. If
+ test is a match for the current request path from
+ the HTTP client, then an access token is attached to the request
+ in the
+ "Authorization" header.
+
+ If the test does not pass, the request proceeds without the + access token attached. +
++ A wildcard character can be used to match only the start of the + URL. +
-'/api' - exactly match the route /api -'/api/*' - match any route that starts with /api/
-Optional uriA function that will be called with the HttpRequest.url value, allowing you to do -any kind of flexible matching.
-If this function returns true, then -an access token is attached to the request in the - "Authorization" header.
-If it returns false, the request proceeds without the access token attached.
-+ '/api' - exactly match the route /api '/api/*' - + match any route that starts with /api/ +
+Optional
+ uri+ A function that will be called with the + HttpRequest.url value, allowing you to do any kind of + flexible matching. +
++ If this function returns true, then an access token is + attached to the request in the + "Authorization" header. +
++ If it returns false, the request proceeds without the + access token attached. +
+Optional acrOptional addressOptional amrOptional at_Optional audOptional auth_Optional azpOptional birthdateOptional c_Optional cnfOptional emailOptional email_Optional expOptional family_Optional genderOptional given_Optional iatOptional issOptional jtiOptional localeOptional middle_Optional nameOptional nbfOptional nicknameOptional nonceOptional org_Optional phone_Optional phone_Optional pictureOptional preferred_Optional profileOptional sidOptional sub_Optional updated_Optional websiteOptional zoneinfoOptional
+ acr
+ Optional
+ address
+ Optional
+ amr
+ Optional
+ at_Optional
+ aud
+ Optional
+ auth_Optional
+ azp
+ Optional
+ birthdate
+ Optional
+ c_Optional
+ cnf
+ Optional
+ email
+ Optional
+ email_Optional
+ exp
+ Optional
+ family_Optional
+ gender
+ Optional
+ given_Optional
+ iat
+ Optional
+ iss
+ Optional
+ jti
+ Optional
+ locale
+ Optional
+ middle_Optional
+ name
+ Optional
+ nbf
+ Optional
+ nickname
+ Optional
+ nonce
+ Optional
+ org_Optional
+ org_Optional
+ phone_Optional
+ phone_Optional
+ picture
+ Optional
+ preferred_Optional
+ profile
+ Optional
+ sid
+ Optional
+ sub_Optional
+ updated_Optional
+ website
+ Optional
+ zoneinfo
+ Optional clientThe clientId of your application.
If this property is not set, then the clientId that was used during initialization of the SDK is sent to the logout endpoint.
If this property is set to null, then no client ID value is sent to the logout endpoint.
Optional logoutParameters to pass to the logout endpoint. This can be known parameters defined by Auth0 or custom parameters -you wish to provide.
-Optional federated?: booleanWhen supported by the upstream identity provider, -forces the user to logout of their identity provider -and from Auth0. -Read more about how federated logout works at Auth0
-Optional returnThe URL where Auth0 will redirect your browser to after the logout.
-Note: If the client_id parameter is included, the
-returnTo URL that is provided must be listed in the
-Application's "Allowed Logout URLs" in the Auth0 dashboard.
-However, if the client_id parameter is not included, the
-returnTo URL must be listed in the "Allowed Logout URLs" at
-the account level in the Auth0 dashboard.
Optional openUsed to control the redirect and not rely on the SDK to do the actual redirect.
-Set to false to disable the redirect, or provide a function to handle the actual redirect yourself.
Optional
+ clientThe clientId of your application.
+ If this property is not set, then the clientId that
+ was used during initialization of the SDK is sent to the logout
+ endpoint.
+
+ If this property is set to null, then no client ID
+ value is sent to the logout endpoint.
+
Optional
+ logout+ Parameters to pass to the logout endpoint. This can be known + parameters defined by Auth0 or custom parameters you wish to + provide. +
+Optional
+ federated?: boolean
+ + When supported by the upstream identity provider, forces + the user to logout of their identity provider and from + Auth0. + Read more about how federated logout works at Auth0 +
+Optional
+ return+ The URL where Auth0 will redirect your browser to after + the logout. +
+
+ Note: If the
+ client_id parameter is included, the
+ returnTo URL that is provided must be listed
+ in the Application's "Allowed Logout URLs"
+ in the Auth0 dashboard. However, if the
+ client_id parameter is not included, the
+ returnTo URL must be listed in the
+ "Allowed Logout URLs" at the account level in
+ the Auth0 dashboard.
+
Optional
+ open+ Used to control the redirect and not rely on the SDK to do the + actual redirect. +
+
+ Set to false to disable the redirect, or provide a
+ function to handle the actual redirect yourself.
+
await auth0.logout({
async openUrl(url) {
window.location.replace(url);
}
});
+ Example
+ await auth0.logout({
openUrl(url) {
window.location.replace(url);
}
});
-import { Browser } from '@capacitor/browser';
await auth0.logout({
async openUrl(url) {
await Browser.open({ url });
}
});
+Optional popupAccepts an already-created popup window to use. If not specified, the SDK -will create its own. This may be useful for platforms like iOS that have -security restrictions around when popups can be invoked (e.g. from a user click event)
-Optional timeoutThe number of seconds to wait for a popup response before -throwing a timeout error. Defaults to 60s
-Optional
+ popup
+ + Accepts an already-created popup window to use. If not + specified, the SDK will create its own. This may be useful for + platforms like iOS that have security restrictions around when + popups can be invoked (e.g. from a user click event) +
+Optional
+ timeout+ The number of seconds to wait for a popup response before + throwing a timeout error. Defaults to 60s +
+Optional authorizationURL parameters that will be sent back to the Authorization Server. This can be known parameters -defined by Auth0 or custom parameters that you define.
-Optional
+ authorization+ URL parameters that will be sent back to the Authorization + Server. This can be known parameters defined by Auth0 or custom + parameters that you define. +
+Optional appUsed to store state before doing the redirect
-Optional authorizationURL parameters that will be sent back to the Authorization Server. This can be known parameters -defined by Auth0 or custom parameters that you define.
-Optional fragmentUsed to add to the URL fragment before redirecting
-Optional openUsed to control the redirect and not rely on the SDK to do the actual redirect.
+ + + + + +Optional
+ appUsed to store state before doing the redirect
+Optional
+ authorization+ URL parameters that will be sent back to the Authorization + Server. This can be known parameters defined by Auth0 or custom + parameters that you define. +
+Optional
+ fragment
+ Used to add to the URL fragment before redirecting
+Optional
+ open+ Used to control the redirect and not rely on the SDK + to do the actual redirect. +
-const client = new Auth0Client({
async openUrl(url) {
window.location.replace(url);
}
});
+ Example
+ const client = new Auth0Client({
openUrl(url) {
window.location.replace(url);
}
});
-import { Browser } from '@capacitor/browser';
const client = new Auth0Client({
async openUrl(url) {
await Browser.open({ url });
}
});
+Defines the type for a route config entry. Can either be:
-Defines the type for a route config entry. Can either be:
+Const Const
+ Const Injection token for accessing configuration.
+ + + + + +Const
+ Injection token for accessing configuration.
-Use the Inject decorator to access the configuration from a service or component:
class MyService(@Inject(AuthConfigService) config: AuthConfig) {}
+ Usage Notes
+
+ Use the Inject decorator to access the configuration
+ from a service or component:
+
+ class MyService(@Inject(AuthConfigService) config: AuthConfig) {}
-
Gets and sets configuration for the internal Auth0 client. This can be -used to provide configuration outside of using AuthModule.forRoot, i.e. from -a factory provided by APP_INITIALIZER.
+ + + + + ++- Preparing search index...
+ - The search index is not available
+
+ @auth0/auth0-angular ++- @auth0/auth0-angular
+ - AuthClientConfig
+
+Class AuthClientConfig
++ Gets and sets configuration for the internal Auth0 client. This + can be used to provide configuration outside of using + AuthModule.forRoot, i.e. from a factory provided by + APP_INITIALIZER. +
-Usage
Hierarchy
--- AuthClientConfig
-
-Index
Constructors
-Methods
-Constructors
-constructor
--- new
--
-
-
-
Parameters
---
-
Optionalconfig: AuthConfigReturns AuthClientConfig
Methods
-get
--- get(): AuthConfig
--
-
Gets the config that has been set by other consumers of the service
-Returns AuthConfig
set
--- set(config: AuthConfig): void
--
-
-
-
Sets configuration to be read by other consumers of the service (see usage notes)
-Parameters
---
-
config: AuthConfig
-The configuration to set
-Returns void
-
-Settings
Member Visibility
Theme