Skip to main content

Documentation Index

Fetch the complete documentation index at: https://auth0-feat-authentication-api-migration.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

GET /authorize Use the Auth0 user store or your own database to store and manage username and password credentials. If you have your own user database, you can use it as an identity provider in Auth0 to authenticate users. When you make a GET call to the /authorize endpoint for browser-based (passive) authentication, it returns a 302 redirect to the Auth0 Login Page that will show the Login Widget where the user can log in with email and password.
Passive authentication occurs through the browser and is initiated from the Auth0 Login Page, where the user enters their credentials. It does not require any custom code or backend processing like Active Authentication.

Remarks

  • If response_type=token, after the user authenticates, it will redirect to your application callback URL passing the Access Token and ID Token in the address location.hash. This is used for Single-Page Apps and also on Native Mobile SDKs.
  • The main difference between passive and active authentication is that the former happens in the browser through the Auth0 Login Page and the latter can be invoked from anywhere (a script, server to server, and so forth).
  • The sample auth0.js script uses the library version 8. If you are using auth0.js version 7, please see this reference guide.

Learn More

Parameters

response_type
string
required
Specifies the token type. Use code for server side flows and token for application side flows.Allowed values: code, token
client_id
string
required
The client_id of your application.
connection
string
The name of the connection configured to your application. If null, it will redirect to the Auth0 Login Page and show the Login Widget using the first database connection.
redirect_uri
string
required
The URL to which Auth0 will redirect the browser after authorization has been granted by the user. Specify the redirect_uri under your Application’s Settings.
scope
string
OIDC scopes and custom API scopes. For example: openid read:timesheets. Include offline_access to get a Refresh Token.
state
string
An opaque value the application adds to the initial request that the authorization server includes when redirecting back to the application. This value must be used by the application to prevent CSRF attacks.

Response

StatusDescription
302Redirect to the login page
400Bad Request - Invalid parameters
500Internal Server Error