Constructor Detail

• AuthenticationAPIClient

  AuthenticationAPIClient(Auth0 auth0)

  Creates a new API client instance providing Auth0 account info.

  Parameters:

  auth0 - account information

Method Detail

• login

   final AuthenticationRequest login(String usernameOrEmail, String password, String realmOrConnection)

  Log in a user with email/username and password for a connection/realm. It will use the password-realm grant type for the /oauth/token endpoint The default scope used is 'openid profile email'.

  Example usage:

  client
      .login("{username or email}", "{password}", "{database connection name}")
      .validateClaims() //mandatory
      .start(object : Callback<Credentials, AuthenticationException> {
          override fun onSuccess(result: Credentials) { }
          override fun onFailure(error: AuthenticationException) { }
  })

  Parameters:

  usernameOrEmail - of the user depending of the type of DB connection

  password - of the user

  realmOrConnection - realm to use in the authorize flow or the name of the database to authenticate with.

• login

   final AuthenticationRequest login(String usernameOrEmail, String password)

  Log in a user with email/username and password using the password grant and the default directory. The default scope used is 'openid profile email'.

  Example usage:

  client.login("{username or email}", "{password}")
      .validateClaims() //mandatory
      .start(object:  Callback<Credentials, AuthenticationException> {
          override fun onSuccess(result: Credentials) { }
          override fun onFailure(error: AuthenticationException) { }
  })

  Parameters:

  usernameOrEmail - of the user

  password - of the user

• loginWithOTP

   final AuthenticationRequest loginWithOTP(String mfaToken, String otp)

  Log in a user using the One Time Password code after they have received the 'mfa_required' error. The MFA token tells the server the username or email, password, and realm values sent on the first request.

  Requires your client to have the MFA OTP Grant Type enabled. See Client Grant Types to learn how to enable it.

  Example usage:

  client.loginWithOTP("{mfa token}", "{one time password}")
      .validateClaims() //mandatory
      .start(object : Callback<Credentials, AuthenticationException> {
          override fun onFailure(error: AuthenticationException) { }
          override fun onSuccess(result: Credentials) { }
  })

  Parameters:

  mfaToken - the token received in the previous .

  otp - the one time password code provided by the resource owner, typically obtained from an MFA application such as Google Authenticator or Guardian.

• loginWithOOB

   final AuthenticationRequest loginWithOOB(String mfaToken, String oobCode, String bindingCode)

  Log in a user using an Out Of Band authentication code after they have received the 'mfa_required' error. The MFA token tells the server the username or email, password, and realm values sent on the first request.

  Requires your client to have the MFA OOB Grant Type enabled. See Client Grant Types to learn how to enable it.

  Example usage:

  client.loginWithOOB("{mfa token}", "{out of band code}", "{binding code}")
      .validateClaims() //mandatory
      .start(object : Callback<Credentials, AuthenticationException> {
          override fun onFailure(error: AuthenticationException) { }
          override fun onSuccess(result: Credentials) { }
  })

  Parameters:

  mfaToken - the token received in the previous .

  oobCode - the out of band code received in the challenge response.

  bindingCode - the code used to bind the side channel (used to deliver the challenge) with the main channel you are using to authenticate.

• loginWithRecoveryCode

   final AuthenticationRequest loginWithRecoveryCode(String mfaToken, String recoveryCode)

  Log in a user using a multi-factor authentication Recovery Code after they have received the 'mfa_required' error. The MFA token tells the server the username or email, password, and realm values sent on the first request.

  Requires your client to have the MFA Grant Type enabled. See Client Grant Types to learn how to enable it.

  Example usage:

  client.loginWithRecoveryCode("{mfa token}", "{recovery code}")
      .validateClaims() //mandatory
      .start(object : Callback<Credentials, AuthenticationException> {
          override fun onFailure(error: AuthenticationException) { }
          override fun onSuccess(result: Credentials) { }
  })

  Parameters:

  mfaToken - the token received in the previous .

  recoveryCode - the recovery code provided by the end-user.

• multifactorChallenge

   final Request<Challenge, AuthenticationException> multifactorChallenge(String mfaToken, String challengeType, String authenticatorId)

  Request a challenge for multi-factor authentication (MFA) based on the challenge types supported by the application and user. The challenge type is how the user will get the challenge and prove possession. Supported challenge types include: "otp" and "oob".

  Example usage:

  client.multifactorChallenge("{mfa token}", "{challenge type}", "{authenticator id}")
      .start(object : Callback<Challenge, AuthenticationException> {
          override fun onFailure(error: AuthenticationException) { }
          override fun onSuccess(result: Challenge) { }
  })

  Parameters:

  mfaToken - the token received in the previous .

  challengeType - A whitespace-separated list of the challenges types accepted by your application.

  authenticatorId - The ID of the authenticator to challenge.

• loginWithNativeSocialToken

   final AuthenticationRequest loginWithNativeSocialToken(String token, String tokenType)

  Log in a user using a token obtained from a Native Social Identity Provider, such as Facebook, using '\oauth\token' endpoint The default scope used is 'openid profile email'.

  Example usage:

  client.loginWithNativeSocialToken("{subject token}", "{subject token type}")
      .validateClaims() //mandatory
      .start(object: Callback<Credentials, AuthenticationException> {
          override fun onSuccess(result: Credentials) { }
          override fun onFailure(error: AuthenticationException) { }
  })

  Parameters:

  token - the subject token, typically obtained through the Identity Provider's SDK

  tokenType - the subject token type that is associated with this Identity Provider.

• loginWithPhoneNumber

  @JvmOverloads() final AuthenticationRequest loginWithPhoneNumber(String phoneNumber, String verificationCode, String realmOrConnection)

  Log in a user using a phone number and a verification code received via SMS (Part of passwordless login flow) The default scope used is 'openid profile email'.

  Your Application must have the Passwordless OTP Grant Type enabled.

  Example usage:

  client.loginWithPhoneNumber("{phone number}", "{code}", "{passwordless connection name}")
      .validateClaims() //mandatory
      .start(object: Callback<Credentials, AuthenticationException> {
          override fun onSuccess(result: Credentials) { }
          override fun onFailure(error: AuthenticationException) { }
  })

  Parameters:

  phoneNumber - where the user received the verification code

  verificationCode - sent by Auth0 via SMS

  realmOrConnection - to end the passwordless authentication on

• loginWithEmail

  @JvmOverloads() final AuthenticationRequest loginWithEmail(String email, String verificationCode, String realmOrConnection)

  Log in a user using an email and a verification code received via Email (Part of passwordless login flow). The default scope used is 'openid profile email'.

  Your Application must have the Passwordless OTP Grant Type enabled.

  Example usage:

  client.loginWithEmail("{email}", "{code}", "{passwordless connection name}")
      .validateClaims() //mandatory
      .start(object: Callback<Credentials, AuthenticationException> {
          override fun onSuccess(result: Credentials) { }
          override fun onFailure(error: AuthenticationException) { }
  })

  Parameters:

  email - where the user received the verification code

  verificationCode - sent by Auth0 via Email

  realmOrConnection - to end the passwordless authentication on

• userInfo

   final Request<UserProfile, AuthenticationException> userInfo(String accessToken)

  Returns the information of the user associated with the given access_token.

  Example usage:

  client.userInfo("{access_token}")
      .start(object: Callback<UserProfile, AuthenticationException> {
          override fun onSuccess(result: UserProfile) { }
          override fun onFailure(error: AuthenticationException) { }
  })

  Parameters:

  accessToken - used to fetch it's information

• createUser

  @JvmOverloads() final Request<DatabaseUser, AuthenticationException> createUser(String email, String password, String username, String connection, Map<String, String> userMetadata)

  Creates a user in a DB connection using '/dbconnections/signup' endpoint

  Example usage:

  client.createUser("{email}", "{password}", "{username}", "{database connection name}")
      .start(object: Callback<DatabaseUser, AuthenticationException> {
          override fun onSuccess(result: DatabaseUser) { }
          override fun onFailure(error: AuthenticationException) { }
  })

  Parameters:

  email - of the user and must be non null

  password - of the user and must be non null

  username - of the user and must be non null

  connection - of the database to create the user on

  userMetadata - to set upon creation of the user

• signUp

  @JvmOverloads() final SignUpRequest signUp(String email, String password, String username, String connection, Map<String, String> userMetadata)

  Creates a user in a DB connection using '/dbconnections/signup' endpoint and then logs in the user. The default scope used is 'openid profile email'.

  Example usage:

  client.signUp("{email}", "{password}", "{username}", "{database connection name}")
      .validateClaims() //mandatory
      .start(object: Callback<Credentials, AuthenticationException> {
          override fun onSuccess(result: Credentials) { }
          override fun onFailure(error: AuthenticationException) { }
  })

  Parameters:

  email - of the user and must be non null

  password - of the user and must be non null

  username - of the user and must be non null

  connection - of the database to sign up with

  userMetadata - to set upon creation of the user

• resetPassword

   final Request<Void, AuthenticationException> resetPassword(String email, String connection)

  Request a reset password using '/dbconnections/change_password'

  Example usage:

  client.resetPassword("{email}", "{database connection name}")
      .start(object: Callback<Void?, AuthenticationException> {
          override fun onSuccess(result: Void?) { }
          override fun onFailure(error: AuthenticationException) { }
  })

  Parameters:

  email - of the user to request the password reset.

  connection - of the database to request the reset password on

• revokeToken

   final Request<Void, AuthenticationException> revokeToken(String refreshToken)

  Request the revoke of a given refresh_token. Once revoked, the refresh_token cannot be used to obtain new tokens. Your Auth0 Application Type should be set to 'Native' and Token Endpoint Authentication Method must be set to 'None'.

  Example usage:

  client.revokeToken("{refresh_token}")
      .start(object: Callback<Void?, AuthenticationException> {
          override fun onSuccess(result: Void?) { }
          override fun onFailure(error: AuthenticationException) { }
  })

  Parameters:

  refreshToken - the token to revoke

• renewAuth

   final Request<Credentials, AuthenticationException> renewAuth(String refreshToken)

  Requests new Credentials using a valid Refresh Token. The received token will have the same audience and scope as first requested.

  This method will use the /oauth/token endpoint with the 'refresh_token' grant, and the response will include an id_token and an access_token if 'openid' scope was requested when the refresh_token was obtained. Additionally, if the application has Refresh Token Rotation configured, a new one-time use refresh token will also be included in the response.

  The scope of the newly received Access Token can be reduced sending the scope parameter with this request.

  Example usage:

  client.renewAuth("{refresh_token}")
      .addParameter("scope", "openid profile email")
      .start(object: Callback<Credentials, AuthenticationException> {
          override fun onSuccess(result: Credentials) { }
          override fun onFailure(error: AuthenticationException) { }
  })

  Parameters:

  refreshToken - used to fetch the new Credentials.

• passwordlessWithEmail

  @JvmOverloads() final Request<Void, AuthenticationException> passwordlessWithEmail(String email, PasswordlessType passwordlessType, String connection)

  Start a passwordless flow with an Email.

  Your Application must have the Passwordless OTP Grant Type enabled.

  Example usage:

  client.passwordlessWithEmail("{email}", PasswordlessType.CODE, "{passwordless connection name}")
      .start(object: Callback<Void?, AuthenticationException> {
          override onSuccess(result: Void?) { }
          override onFailure(error: AuthenticationException) { }
  })

  Parameters:

  email - that will receive a verification code to use for login

  passwordlessType - indicate whether the email should contain a code, link or magic link (android & iOS)

  connection - the passwordless connection to start the flow with.

• passwordlessWithSMS

  @JvmOverloads() final Request<Void, AuthenticationException> passwordlessWithSMS(String phoneNumber, PasswordlessType passwordlessType, String connection)

  Start a passwordless flow with a SMS

  Your Application requires to have the Passwordless OTP Grant Type enabled.

  Example usage:

  client.passwordlessWithSms("{phone number}", PasswordlessType.CODE, "{passwordless connection name}")
      .start(object: Callback<Void?, AuthenticationException> {
          override fun onSuccess(result: Void?) { }
          override fun onFailure(error: AuthenticationException) { }
  })

  Parameters:

  phoneNumber - where an SMS with a verification code will be sent

  passwordlessType - indicate whether the SMS should contain a code, link or magic link (android & iOS)

  connection - the passwordless connection to start the flow with.

• getProfileAfter

   final ProfileRequest getProfileAfter(AuthenticationRequest authenticationRequest)

  Fetch the user's profile after it's authenticated by a login request. If the login request fails, the returned request will fail

  Parameters:

  authenticationRequest - that will authenticate a user with Auth0 and return a Credentials

• token

   final Request<Credentials, AuthenticationException> token(String authorizationCode, String codeVerifier, String redirectUri)

  Fetch the token information from Auth0, using the authorization_code grant type The authorization code received from the Auth0 server and the code verifier used to generate the challenge sent to the /authorize call must be provided.

  Example usage:

  client
      .token("authorization code", "code verifier", "redirect_uri")
      .start(object: Callback<Credentials, AuthenticationException> {...})

  Parameters:

  authorizationCode - the authorization code received from the /authorize call.

  codeVerifier - the code verifier used to generate the code challenge sent to /authorize.

  redirectUri - the uri sent to /authorize as the 'redirect_uri'.

• fetchJsonWebKeys

   final Request<Map<String, PublicKey>, AuthenticationException> fetchJsonWebKeys()

  Creates a new Request to obtain the JSON Web Keys associated with the Auth0 account under the given domain. Only supports RSA keys used for signatures (Public Keys).

• getClientId

   final String getClientId()

• getBaseURL

   final String getBaseURL()