@auth0/auth0-spa-js
Version:
Auth0 SDK for Single Page Applications using Authorization Code Grant Flow with PKCE
253 lines (237 loc) • 6.39 kB
text/typescript
/**
* @ignore
*/
interface BaseLoginOptions {
/**
* - `'page'`: displays the UI with a full page view
* - `'popup'`: displays the UI with a popup window
* - `'touch'`: displays the UI in a way that leverages a touch interface
* - `'wap'`: displays the UI with a "feature phone" type interface
*/
display?: 'page' | 'popup' | 'touch' | 'wap';
/**
* - `'none'`: do not prompt user for login or consent on reauthentication
* - `'login'`: prompt user for reauthentication
* - `'consent'`: prompt user for consent before processing request
* - `'select_account'`: prompt user to select an account
*/
prompt?: 'none' | 'login' | 'consent' | 'select_account';
/**
* Maximum allowable elasped time (in seconds) since authentication.
* If the last time the user authenticated is greater than this value,
* the user must be reauthenticated.
*/
max_age?: string;
/**
* The space-separated list of language tags, ordered by preference.
* For example: `'fr-CA fr en'`.
*/
ui_locales?: string;
/**
* Previously issued ID Token.
*/
id_token_hint?: string;
/**
* The user's email address or other identifier. When your app knows
* which user is trying to authenticate, you can provide this parameter
* to pre-fill the email box or select the right session for sign-in.
*/
login_hint?: string;
acr_values?: string;
/**
* The default scope to be used on authentication requests.
* `openid profile email` is always added to all requests.
*/
scope?: string;
/**
* The default audience to be used for requesting API access.
*/
audience?: string;
/**
* The name of the connection configured for your application.
* If null, it will redirect to the Auth0 Login Page and show
* the Login Widget.
*/
connection?: string;
}
interface Auth0ClientOptions extends BaseLoginOptions {
/**
* Your Auth0 account domain such as `'example.auth0.com'`,
* `'example.eu.auth0.com'` or , `'example.mycompany.com'`
* (when using [custom domains](https://auth0.com/docs/custom-domains))
*/
domain: string;
/**
* The Client ID found on your Application settings page
*/
client_id: string;
/**
* The default URL where Auth0 will redirect your browser to with
* the authentication result. It must be whitelisted in
* the "Allowed Callback URLs" field in your Auth0 Application's
* settings. If not provided here, it should be provided in the other
* methods that provide authentication.
*/
redirect_uri?: string;
/**
* The value in seconds used to account for clock skew in JWT expirations.
* Typically, this value is no more than a minute or two at maximum.
*/
leeway?: number;
}
/**
* @ignore
*/
interface AuthorizeOptions extends BaseLoginOptions {
response_type: string;
response_mode: string;
redirect_uri: string;
nonce: string;
state: string;
scope: string;
code_challenge: string;
code_challenge_method: string;
}
interface RedirectLoginOptions extends BaseLoginOptions {
/**
* The URL where Auth0 will redirect your browser to with
* the authentication result. It must be whitelisted in
* the "Allowed Callback URLs" field in your Auth0 Application's
* settings.
*/
redirect_uri?: string;
/**
* Used to store state before doing the redirect
*/
appState?: any;
}
interface RedirectLoginResult {
/**
* State stored when the redirect request was made
*/
appState?: any;
}
interface PopupLoginOptions extends BaseLoginOptions {}
interface GetUserOptions {
/**
* The scope that was used in the authentication request
*/
scope: string;
/**
* The audience that was used in the authentication request
*/
audience: string;
}
interface getIdTokenClaimsOptions {
/**
* The scope that was used in the authentication request
*/
scope: string;
/**
* The audience that was used in the authentication request
*/
audience: string;
}
interface GetTokenSilentlyOptions extends GetUserOptions {
/**
* When `true`, ignores the cache and always sends a
* request to Auth0.
*/
ignoreCache?: boolean;
/**
* There's no actual redirect when getting a token silently,
* but, according to the spec, a `redirect_uri` param is required.
* Auth0 uses this parameter to validate that the current `origin`
* matches the `redirect_uri` `origin` when sending the response.
* It must be whitelisted in the "Allowed Web Origins" in your
* Auth0 Application's settings.
*/
redirect_uri?: string;
}
interface GetTokenWithPopupOptions extends PopupLoginOptions {}
interface LogoutOptions {
/**
* The URL where Auth0 will redirect your browser to after the logout.
*
* > Note that if the `client_id` parameter is included, the
* `returnTo` URL that is provided must be listed in the
* Application's "Allowed Logout URLs" in the Auth0 dashboard.
* However, if the `client_id` parameter is not included, the
* `returnTo` URL must be listed in the "Allowed Logout URLs" at
* the account level in the Auth0 dashboard.
*/
returnTo?: string;
/**
* The `client_id` of your application.
*/
client_id?: string;
}
/**
* @ignore
*/
interface AuthenticationResult {
state: string;
code?: string;
error?: string;
error_description?: string;
}
/**
* @ignore
*/
interface OAuthTokenOptions {
baseUrl: string;
client_id: string;
audience?: string;
code_verifier: string;
code: string;
}
/**
* @ignore
*/
interface JWTVerifyOptions {
iss: string;
aud: string;
id_token: string;
nonce?: string;
leeway?: number;
}
/**
* @ignore
*/
interface IdToken {
name?: string;
given_name?: string;
family_name?: string;
middle_name?: string;
nickname?: string;
preferred_username?: string;
profile?: string;
picture?: string;
website?: string;
email?: string;
email_verified?: boolean;
gender?: string;
birthdate?: string;
zoneinfo?: string;
locale?: string;
phone_number?: string;
phone_number_verified?: boolean;
address?: string;
updated_at?: string;
iss?: string;
aud?: string;
exp?: number;
nbf?: number;
iat?: number;
jti?: string;
azp?: string;
nonce?: string;
auth_time?: string;
at_hash?: string;
c_hash?: string;
acr?: string;
amr?: string;
sub_jwk?: string;
cnf?: string;
sid?: string;
}