Auth0 headless browser sdk
Clone or download
joshcanhelp and luisrudge Update playground with configurable data and updated styleguide (#875)
## Changes

- Allows you to configure the auth and user data
- Saves data in cookies
- Updates styling to newer [styleguide](


Latest commit 789f5cb Nov 20, 2018
Type Name Latest commit message Commit time
Failed to load latest commit information.
.circleci Check for JS compatibility during tests (#870) Nov 6, 2018
.github first commit in orphan Nov 2, 2016
.vscode Remove webpack and add Rollup as a module bundler (#772) Jun 12, 2018
docs Release v9.8.2 (#873) Nov 13, 2018
example Update playground with configurable data and updated styleguide (#875) Nov 20, 2018
integration Adding prettier + precommit hooks to format the code (#439) May 19, 2017
plugins/cordova Migrate to ES modules (#774) Jul 6, 2018
scripts Fix build folder not being published in the tag (#801) Jul 14, 2018
src Release v9.8.2 (#873) Nov 13, 2018
test Parse file protocol from Url (#846) Nov 9, 2018
.babelrc Migrate to ES modules (#774) Jul 6, 2018
.eslintignore Remove webpack and add Rollup as a module bundler (#772) Jun 12, 2018
.eslintrc.json fix: .eslintrc withouth extension (#853) Oct 24, 2018
.gitignore Migrate to ES modules (#774) Jul 6, 2018
.jsdoc.json Move docs to Apr 24, 2017
.nycrc Migrate to ES modules (#774) Jul 6, 2018 Release v9.8.2 (#873) Nov 13, 2018
LICENSE Update copyright years in license (#850) Oct 24, 2018 Release v9.8.2 (#873) Nov 13, 2018 Rename to (#765) Jun 5, 2018
bower.json Remove webpack and add Rollup as a module bundler (#772) Jun 12, 2018
codecov.yml Rename codecov.yml Mar 9, 2017
package.json Release v9.8.2 (#873) Nov 13, 2018
rollup.config.js Fix npm module export (#808) Jul 18, 2018
yarn.lock Check for JS compatibility during tests (#870) Nov 6, 2018


Build Status NPM version Coverage License Downloads

Client Side Javascript toolkit for Auth0 API.

If you want to read the full API documentation of auth0.js, see here.


  1. Install
  2. auth0.WebAuth
  3. auth0.Authentication
  4. auth0.Management
  5. Documentation
  6. Migration
  7. Develop
  8. Issue Reporting
  9. Author
  10. License


From CDN:

<!-- Latest patch release -->
<script src=""></script>

From npm:

npm install auth0-js

After installing the auth0-js module, you'll need bundle it up along with all of its dependencies.


Provides support for all the authentication flows.


var auth0 = new auth0.WebAuth({
  domain: "{YOUR_AUTH0_DOMAIN}",
  clientID: "{YOUR_AUTH0_CLIENT_ID}"


  • domain {REQUIRED, string}: Your Auth0 account domain such as '' or ''.
  • clientID {REQUIRED, string}: The Client ID found on your Application settings page.
  • redirectUri {OPTIONAL, string}: The URL where Auth0 will call back to with the result of a successful or failed authentication. It must be whitelisted in the "Allowed Callback URLs" in your Auth0 Application's settings.
  • scope {OPTIONAL, string}: The default scope used for all authorization requests.
  • audience {OPTIONAL, string}: The default audience, used if requesting access to an API.
  • responseType {OPTIONAL, string}: Response type for all authentication requests. It can be any space separated list of the values code, token, id_token. If you don't provide a global responseType, you will have to provide a responseType for each method that you use.
  • responseMode {OPTIONAL, string}: The default responseMode used, defaults to 'fragment'. The parseHash method can be used to parse authentication responses using fragment response mode. Supported values are query, fragment and form_post. The query value is only supported when responseType is code.
  • _disableDeprecationWarnings {OPTIONAL, boolean}: Indicates if deprecation warnings should be output to the browser console, defaults to false.


  • authorize(options): Redirects to the /authorize endpoint to start an authentication/authorization transaction. Auth0 will call back to your application with the results at the specified redirectUri. The default scope for this method is openid profile email.
  audience: '',
  scope: 'read:order write:order',
  responseType: 'token',
  redirectUri: ''
  • parseHash(options, callback): Parses a URL hash fragment to extract the result of an Auth0 authentication response.

This method requires that your tokens are signed with RS256. Please check our Migration Guide for more information.

auth0.parseHash({ hash: window.location.hash }, function(err, authResult) {
  if (err) {
    return console.log(err);

  // The contents of authResult depend on which authentication parameters were used.
  // It can include the following:
  // authResult.accessToken - access token for the API specified by `audience`
  // authResult.expiresIn - string with the access token's expiration time in seconds
  // authResult.idToken - ID token JWT containing user profile information

  auth0.client.userInfo(authResult.accessToken, function(err, user) {
    // Now you have the user's information
  • checkSession(options, callback): Allows you to acquire a new token from Auth0 for a user who already has an SSO session established against Auth0 for your domain. If the user is not authenticated, the authentication result will be empty and you'll receive an error like this: {error: 'login_required'}.The method accepts any valid OAuth2 parameters that would normally be sent to /authorize. Everything happens inside an iframe, so it will not reload your application or redirect away from it.
  audience: '',
  scope: 'read:order write:order'
  }, function (err, authResult) {
    // Authentication tokens or error

The contents of authResult are identical to those returned by parseHash().

Important: If you're not using the hosted login page to do social logins, you have to use your own social connection keys. If you use Auth0's dev keys, you'll always get login_required as an error when calling checkSession.

Important: Because there is no redirect in this method, responseType: 'code' is not supported and will throw an error.

Remember to add the URL where the authorization request originates from to the Allowed Web Origins list of your Auth0 Application in the Dashboard under your Applications's Settings.

  • client.login(options, callback): Authenticates a user with username and password in a realm using /oauth/token. This will not initialize a SSO session at Auth0, hence can not be used along with silent authentication.
  realm: 'Username-Password-Authentication', //connection name or HRD domain
  username: '',
  password: 'areallystrongpassword',
  audience: '',
  scope: 'read:order write:order',
  }, function(err, authResult) {
    // Auth tokens in the result or an error

The contents of authResult are identical to those returned by parseHash().


Provides an API client for the Auth0 Authentication API.


var auth0 = new auth0.Authentication({
  domain: "{YOUR_AUTH0_DOMAIN}",
  clientID: "{YOUR_AUTH0_CLIENT_ID}"



Provides an API Client for the Auth0 Management API (only methods meant to be used from the client with the user token). You should use an access_token with the audience to make this work. For more information, read the user management section of the Auth0.js documentation.


var auth0 = new auth0.Management({
  domain: "{YOUR_AUTH0_DOMAIN}",



For a complete reference and examples please check our docs.


If you need help migrating to v9, please refer to the v9 Migration Guide.

If you need help migrating to v8, please refer to the v8 Migration Guide.


Run npm start and point your browser to https://localhost:3000/example to run the example page.

Run npm run test to run the test suite.

Run npm run test:watch to run the test suite while you work.

Run npm run test:coverage to run the test suite with coverage report.

Run npm run lint to run the linter and check code styles.

Issue Reporting

If you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.

For auth0 related questions/support please use the Support Center.




This project is licensed under the MIT license. See the LICENSE file for more info.