-
public final class AuthenticationAPIClient
API client for Auth0 Authentication API.
val auth0 = Auth0("YOUR_CLIENT_ID", "YOUR_DOMAIN") val client = AuthenticationAPIClient(auth0)
-
-
Constructor Summary
Constructors Constructor Description AuthenticationAPIClient(Auth0 auth0)
Creates a new API client instance providing Auth0 account info.
-
Method Summary
Modifier and Type Method Description final AuthenticationRequest
login(String usernameOrEmail, String password, String realmOrConnection)
Log in a user with email/username and password for a connection/realm. final AuthenticationRequest
login(String usernameOrEmail, String password)
Log in a user with email/username and password using the password grant and the default directory. final AuthenticationRequest
loginWithOTP(String mfaToken, String otp)
Log in a user using the One Time Password code after they have received the 'mfa_required' error. final AuthenticationRequest
loginWithOOB(String mfaToken, String oobCode, String bindingCode)
Log in a user using an Out Of Band authentication code after they have received the 'mfa_required' error. final AuthenticationRequest
loginWithRecoveryCode(String mfaToken, String recoveryCode)
Log in a user using a multi-factor authentication Recovery Code after they have received the 'mfa_required' error. final Request<Challenge, AuthenticationException>
multifactorChallenge(String mfaToken, String challengeType, String authenticatorId)
Request a challenge for multi-factor authentication (MFA) based on the challenge types supported by the application and user. final AuthenticationRequest
loginWithNativeSocialToken(String token, String tokenType)
Log in a user using a token obtained from a Native Social Identity Provider, such as Facebook, using '\oauth\token' endpoint The default scope used is 'openid profile email'. final AuthenticationRequest
loginWithPhoneNumber(String phoneNumber, String verificationCode, String realmOrConnection)
Log in a user using a phone number and a verification code received via SMS (Part of passwordless login flow) The default scope used is 'openid profile email'. final AuthenticationRequest
loginWithEmail(String email, String verificationCode, String realmOrConnection)
Log in a user using an email and a verification code received via Email (Part of passwordless login flow). final Request<UserProfile, AuthenticationException>
userInfo(String accessToken)
Returns the information of the user associated with the given access_token. final Request<DatabaseUser, AuthenticationException>
createUser(String email, String password, String username, String connection, Map<String, String> userMetadata)
Creates a user in a DB connection using '/dbconnections/signup' endpointExample usage: client.createUser("{email}", "{password}", "{username}", "{database connection name}") .start(object: Callback<DatabaseUser, AuthenticationException> { override fun onSuccess(result: DatabaseUser) { } override fun onFailure(error: AuthenticationException) { } })
final SignUpRequest
signUp(String email, String password, String username, String connection, Map<String, String> userMetadata)
Creates a user in a DB connection using '/dbconnections/signup' endpoint and then logs in the user. final Request<Void, AuthenticationException>
resetPassword(String email, String connection)
Request a reset password using '/dbconnections/change_password'Example usage: client.resetPassword("{email}", "{database connection name}") .start(object: Callback<Void?, AuthenticationException> { override fun onSuccess(result: Void?) { } override fun onFailure(error: AuthenticationException) { } })
final Request<Void, AuthenticationException>
revokeToken(String refreshToken)
Request the revoke of a given refresh_token. final Request<Credentials, AuthenticationException>
renewAuth(String refreshToken)
Requests new Credentials using a valid Refresh Token. final Request<Void, AuthenticationException>
passwordlessWithEmail(String email, PasswordlessType passwordlessType, String connection)
Start a passwordless flow with an Email. final Request<Void, AuthenticationException>
passwordlessWithSMS(String phoneNumber, PasswordlessType passwordlessType, String connection)
Start a passwordless flow with a SMSYour Application requires to have the Passwordless OTP Grant Type enabled. final ProfileRequest
getProfileAfter(AuthenticationRequest authenticationRequest)
Fetch the user's profile after it's authenticated by a login request. final Request<Credentials, AuthenticationException>
token(String authorizationCode, String codeVerifier, String redirectUri)
Fetch the token information from Auth0, using the authorization_code grant type The authorization code received from the Auth0 server and the code verifier used to generate the challenge sent to the /authorize call must be provided. final Request<Map<String, PublicKey>, AuthenticationException>
fetchJsonWebKeys()
Creates a new Request to obtain the JSON Web Keys associated with the Auth0 account under the given domain. final String
getClientId()
final String
getBaseURL()
-
-
Constructor Detail
-
AuthenticationAPIClient
AuthenticationAPIClient(Auth0 auth0)
Creates a new API client instance providing Auth0 account info.- Parameters:
auth0
- account information
-
-
Method Detail
-
login
final AuthenticationRequest login(String usernameOrEmail, String password, String realmOrConnection)
Log in a user with email/username and password for a connection/realm. It will use the password-realm grant type for the
/oauth/token
endpoint The default scope used is 'openid profile email'.Example usage:
client .login("{username or email}", "{password}", "{database connection name}") .validateClaims() //mandatory .start(object : Callback<Credentials, AuthenticationException> { override fun onSuccess(result: Credentials) { } override fun onFailure(error: AuthenticationException) { } })
- Parameters:
usernameOrEmail
- of the user depending of the type of DB connectionpassword
- of the userrealmOrConnection
- realm to use in the authorize flow or the name of the database to authenticate with.
-
login
final AuthenticationRequest login(String usernameOrEmail, String password)
Log in a user with email/username and password using the password grant and the default directory. The default scope used is 'openid profile email'.
Example usage:
client.login("{username or email}", "{password}") .validateClaims() //mandatory .start(object: Callback<Credentials, AuthenticationException> { override fun onSuccess(result: Credentials) { } override fun onFailure(error: AuthenticationException) { } })
- Parameters:
usernameOrEmail
- of the userpassword
- of the user
-
loginWithOTP
final AuthenticationRequest loginWithOTP(String mfaToken, String otp)
Log in a user using the One Time Password code after they have received the 'mfa_required' error. The MFA token tells the server the username or email, password, and realm values sent on the first request.
Requires your client to have the MFA OTP Grant Type enabled. See Client Grant Types to learn how to enable it.
Example usage:
client.loginWithOTP("{mfa token}", "{one time password}") .validateClaims() //mandatory .start(object : Callback<Credentials, AuthenticationException> { override fun onFailure(error: AuthenticationException) { } override fun onSuccess(result: Credentials) { } })
- Parameters:
mfaToken
- the token received in the previous .otp
- the one time password code provided by the resource owner, typically obtained from an MFA application such as Google Authenticator or Guardian.
-
loginWithOOB
final AuthenticationRequest loginWithOOB(String mfaToken, String oobCode, String bindingCode)
Log in a user using an Out Of Band authentication code after they have received the 'mfa_required' error. The MFA token tells the server the username or email, password, and realm values sent on the first request.
Requires your client to have the MFA OOB Grant Type enabled. See Client Grant Types to learn how to enable it.
Example usage:
client.loginWithOOB("{mfa token}", "{out of band code}", "{binding code}") .validateClaims() //mandatory .start(object : Callback<Credentials, AuthenticationException> { override fun onFailure(error: AuthenticationException) { } override fun onSuccess(result: Credentials) { } })
- Parameters:
mfaToken
- the token received in the previous .oobCode
- the out of band code received in the challenge response.bindingCode
- the code used to bind the side channel (used to deliver the challenge) with the main channel you are using to authenticate.
-
loginWithRecoveryCode
final AuthenticationRequest loginWithRecoveryCode(String mfaToken, String recoveryCode)
Log in a user using a multi-factor authentication Recovery Code after they have received the 'mfa_required' error. The MFA token tells the server the username or email, password, and realm values sent on the first request.
Requires your client to have the MFA Grant Type enabled. See Client Grant Types to learn how to enable it.
Example usage:
client.loginWithRecoveryCode("{mfa token}", "{recovery code}") .validateClaims() //mandatory .start(object : Callback<Credentials, AuthenticationException> { override fun onFailure(error: AuthenticationException) { } override fun onSuccess(result: Credentials) { } })
- Parameters:
mfaToken
- the token received in the previous .recoveryCode
- the recovery code provided by the end-user.
-
multifactorChallenge
final Request<Challenge, AuthenticationException> multifactorChallenge(String mfaToken, String challengeType, String authenticatorId)
Request a challenge for multi-factor authentication (MFA) based on the challenge types supported by the application and user. The challenge type is how the user will get the challenge and prove possession. Supported challenge types include: "otp" and "oob".
Example usage:
client.multifactorChallenge("{mfa token}", "{challenge type}", "{authenticator id}") .start(object : Callback<Challenge, AuthenticationException> { override fun onFailure(error: AuthenticationException) { } override fun onSuccess(result: Challenge) { } })
- Parameters:
mfaToken
- the token received in the previous .challengeType
- A whitespace-separated list of the challenges types accepted by your application.authenticatorId
- The ID of the authenticator to challenge.
-
loginWithNativeSocialToken
final AuthenticationRequest loginWithNativeSocialToken(String token, String tokenType)
Log in a user using a token obtained from a Native Social Identity Provider, such as Facebook, using '\oauth\token' endpoint The default scope used is 'openid profile email'.
Example usage:
client.loginWithNativeSocialToken("{subject token}", "{subject token type}") .validateClaims() //mandatory .start(object: Callback<Credentials, AuthenticationException> { override fun onSuccess(result: Credentials) { } override fun onFailure(error: AuthenticationException) { } })
- Parameters:
token
- the subject token, typically obtained through the Identity Provider's SDKtokenType
- the subject token type that is associated with this Identity Provider.
-
loginWithPhoneNumber
@JvmOverloads() final AuthenticationRequest loginWithPhoneNumber(String phoneNumber, String verificationCode, String realmOrConnection)
Log in a user using a phone number and a verification code received via SMS (Part of passwordless login flow) The default scope used is 'openid profile email'.
Your Application must have the Passwordless OTP Grant Type enabled.
Example usage:
client.loginWithPhoneNumber("{phone number}", "{code}", "{passwordless connection name}") .validateClaims() //mandatory .start(object: Callback<Credentials, AuthenticationException> { override fun onSuccess(result: Credentials) { } override fun onFailure(error: AuthenticationException) { } })
- Parameters:
phoneNumber
- where the user received the verification codeverificationCode
- sent by Auth0 via SMSrealmOrConnection
- to end the passwordless authentication on
-
loginWithEmail
@JvmOverloads() final AuthenticationRequest loginWithEmail(String email, String verificationCode, String realmOrConnection)
Log in a user using an email and a verification code received via Email (Part of passwordless login flow). The default scope used is 'openid profile email'.
Your Application must have the Passwordless OTP Grant Type enabled.
Example usage:
client.loginWithEmail("{email}", "{code}", "{passwordless connection name}") .validateClaims() //mandatory .start(object: Callback<Credentials, AuthenticationException> { override fun onSuccess(result: Credentials) { } override fun onFailure(error: AuthenticationException) { } })
- Parameters:
email
- where the user received the verification codeverificationCode
- sent by Auth0 via EmailrealmOrConnection
- to end the passwordless authentication on
-
userInfo
final Request<UserProfile, AuthenticationException> userInfo(String accessToken)
Returns the information of the user associated with the given access_token.
Example usage:
client.userInfo("{access_token}") .start(object: Callback<UserProfile, AuthenticationException> { override fun onSuccess(result: UserProfile) { } override fun onFailure(error: AuthenticationException) { } })
- Parameters:
accessToken
- used to fetch it's information
-
createUser
@JvmOverloads() final Request<DatabaseUser, AuthenticationException> createUser(String email, String password, String username, String connection, Map<String, String> userMetadata)
Creates a user in a DB connection using '/dbconnections/signup' endpoint
Example usage:
client.createUser("{email}", "{password}", "{username}", "{database connection name}") .start(object: Callback<DatabaseUser, AuthenticationException> { override fun onSuccess(result: DatabaseUser) { } override fun onFailure(error: AuthenticationException) { } })
- Parameters:
email
- of the user and must be non nullpassword
- of the user and must be non nullusername
- of the user and must be non nullconnection
- of the database to create the user onuserMetadata
- to set upon creation of the user
-
signUp
@JvmOverloads() final SignUpRequest signUp(String email, String password, String username, String connection, Map<String, String> userMetadata)
Creates a user in a DB connection using '/dbconnections/signup' endpoint and then logs in the user. The default scope used is 'openid profile email'.
Example usage:
client.signUp("{email}", "{password}", "{username}", "{database connection name}") .validateClaims() //mandatory .start(object: Callback<Credentials, AuthenticationException> { override fun onSuccess(result: Credentials) { } override fun onFailure(error: AuthenticationException) { } })
- Parameters:
email
- of the user and must be non nullpassword
- of the user and must be non nullusername
- of the user and must be non nullconnection
- of the database to sign up withuserMetadata
- to set upon creation of the user
-
resetPassword
final Request<Void, AuthenticationException> resetPassword(String email, String connection)
Request a reset password using '/dbconnections/change_password'
Example usage:
client.resetPassword("{email}", "{database connection name}") .start(object: Callback<Void?, AuthenticationException> { override fun onSuccess(result: Void?) { } override fun onFailure(error: AuthenticationException) { } })
- Parameters:
email
- of the user to request the password reset.connection
- of the database to request the reset password on
-
revokeToken
final Request<Void, AuthenticationException> revokeToken(String refreshToken)
Request the revoke of a given refresh_token. Once revoked, the refresh_token cannot be used to obtain new tokens. Your Auth0 Application Type should be set to 'Native' and Token Endpoint Authentication Method must be set to 'None'.
Example usage:
client.revokeToken("{refresh_token}") .start(object: Callback<Void?, AuthenticationException> { override fun onSuccess(result: Void?) { } override fun onFailure(error: AuthenticationException) { } })
- Parameters:
refreshToken
- the token to revoke
-
renewAuth
final Request<Credentials, AuthenticationException> renewAuth(String refreshToken)
Requests new Credentials using a valid Refresh Token. The received token will have the same audience and scope as first requested.
This method will use the /oauth/token endpoint with the 'refresh_token' grant, and the response will include an id_token and an access_token if 'openid' scope was requested when the refresh_token was obtained. Additionally, if the application has Refresh Token Rotation configured, a new one-time use refresh token will also be included in the response.
The scope of the newly received Access Token can be reduced sending the scope parameter with this request.
Example usage:
client.renewAuth("{refresh_token}") .addParameter("scope", "openid profile email") .start(object: Callback<Credentials, AuthenticationException> { override fun onSuccess(result: Credentials) { } override fun onFailure(error: AuthenticationException) { } })
- Parameters:
refreshToken
- used to fetch the new Credentials.
-
passwordlessWithEmail
@JvmOverloads() final Request<Void, AuthenticationException> passwordlessWithEmail(String email, PasswordlessType passwordlessType, String connection)
Start a passwordless flow with an Email.
Your Application must have the Passwordless OTP Grant Type enabled.
Example usage:
client.passwordlessWithEmail("{email}", PasswordlessType.CODE, "{passwordless connection name}") .start(object: Callback<Void?, AuthenticationException> { override onSuccess(result: Void?) { } override onFailure(error: AuthenticationException) { } })
- Parameters:
email
- that will receive a verification code to use for loginpasswordlessType
- indicate whether the email should contain a code, link or magic link (android & iOS)connection
- the passwordless connection to start the flow with.
-
passwordlessWithSMS
@JvmOverloads() final Request<Void, AuthenticationException> passwordlessWithSMS(String phoneNumber, PasswordlessType passwordlessType, String connection)
Start a passwordless flow with a SMS
Your Application requires to have the Passwordless OTP Grant Type enabled.
Example usage:
client.passwordlessWithSms("{phone number}", PasswordlessType.CODE, "{passwordless connection name}") .start(object: Callback<Void?, AuthenticationException> { override fun onSuccess(result: Void?) { } override fun onFailure(error: AuthenticationException) { } })
- Parameters:
phoneNumber
- where an SMS with a verification code will be sentpasswordlessType
- indicate whether the SMS should contain a code, link or magic link (android & iOS)connection
- the passwordless connection to start the flow with.
-
getProfileAfter
final ProfileRequest getProfileAfter(AuthenticationRequest authenticationRequest)
Fetch the user's profile after it's authenticated by a login request. If the login request fails, the returned request will fail
- Parameters:
authenticationRequest
- that will authenticate a user with Auth0 and return a Credentials
-
token
final Request<Credentials, AuthenticationException> token(String authorizationCode, String codeVerifier, String redirectUri)
Fetch the token information from Auth0, using the authorization_code grant type The authorization code received from the Auth0 server and the code verifier used to generate the challenge sent to the /authorize call must be provided.
Example usage:
client .token("authorization code", "code verifier", "redirect_uri") .start(object: Callback<Credentials, AuthenticationException> {...})
- Parameters:
authorizationCode
- the authorization code received from the /authorize call.codeVerifier
- the code verifier used to generate the code challenge sent to /authorize.redirectUri
- the uri sent to /authorize as the 'redirect_uri'.
-
fetchJsonWebKeys
final Request<Map<String, PublicKey>, AuthenticationException> fetchJsonWebKeys()
Creates a new Request to obtain the JSON Web Keys associated with the Auth0 account under the given domain. Only supports RSA keys used for signatures (Public Keys).
-
getClientId
final String getClientId()
-
getBaseURL
final String getBaseURL()
-
-
-
-