Changes to recommended defaults, like defaultScope
The default audience to be used for requesting API access.
The endpoint used to get an API's authorization code. It assumes the domain is the host
and appends the authorization endpoint to it (ex. 'example.mycompany.com' + '/my/authorize').
Defaults to /authorize
A maximum number of seconds to wait before declaring background calls to /authorize as failed for timeout Defaults to 60s.
The location to use when storing cache data. Valid values are memory or localstorage.
The default setting is memory.
The Client ID found on your Application settings page
The name of the connection configured for your application. If null, it will redirect to the Auth0 Login Page and show the Login Widget.
'page': displays the UI with a full page view'popup': displays the UI with a popup window'touch': displays the UI in a way that leverages a touch interface'wap': displays the UI with a "feature phone" type interfaceYour Auth0 account domain such as 'example.auth0.com',
'example.eu.auth0.com' or , 'example.mycompany.com'
(when using custom domains)
Previously issued ID Token.
The issuer to be used for validation of JWTs, optionally defaults to the domain above
The value in seconds used to account for clock skew in JWT expirations. Typically, this value is no more than a minute or two at maximum. Defaults to 60s.
Sets an additional cookie with no SameSite attribute to support legacy browsers that are not compatible with the latest SameSite changes. This will log a warning on modern browsers, you can disable the warning by setting this to false but be aware that some older useragents will not work, See https://www.chromium.org/updates/same-site/incompatible-clients Defaults to true
The user's email address or other identifier. When your app knows which user is trying to authenticate, you can provide this parameter to pre-fill the email box or select the right session for sign-in.
This currently only affects the classic Lock experience.
Maximum allowable elasped time (in seconds) since authentication. If the last time the user authenticated is greater than this value, the user must be reauthenticated.
'none': do not prompt user for login or consent on reauthentication'login': prompt user for reauthentication'consent': prompt user for consent before processing request'select_account': prompt user to select an accountThe default URL where Auth0 will redirect your browser to with the authentication result. It must be whitelisted in the "Allowed Callback URLs" field in your Auth0 Application's settings. If not provided here, it should be provided in the other methods that provide authentication.
The default scope to be used on authentication requests. The defaultScope defined in the Auth0Client is included along with this scope
The endpoint used to get an API's access token. It assumes the domain is the host
and appends the token endpoint to it (ex. 'example.mycompany.com' + '/my/token').
Defaults to /oauth/token
The space-separated list of language tags, ordered by preference.
For example: 'fr-CA fr en'.
If true, refresh tokens are used to fetch new access tokens from the Auth0 server. If false, the legacy technique of using a hidden iframe and the authorization_code grant with prompt=none is used.
The default setting is false.
Note: Use of refresh tokens must be enabled by an administrator on your Auth0 client application.
If you need to send custom parameters to the Authorization Server, make sure to use the original parameter name.