Usage
triggerLogin
triggerLogin
performs the following actions:
- Opens the login window of the auth provider as a popup
- Listens on the redirected url
- Returns the verifier scoped public private key pair + user info
If your verifier is of normal type, use this method. If you wish to have account
linking / multiple verifiers returning same keys (e.g.: passwordless and google
logins returning the same key), use triggerAggregateLogin
instead.
await torusdirectsdk.triggerLogin(options);
Parameters
options is an object of type SubVerifierDetails
with the following parameters
params
-SubVerifierDetails
: The login options.typeOfLogin
-LOGIN_TYPE
: The type of login. Supported Login Types includegoogle
|facebook
|reddit
|discord
|twitch
|apple
|github
|linkedin
|twitter
|weibo
|line
|email_password
|jwt
. For passwordless and other types of custom logins usejwt
verifier
-string
: A verifier is a unique identifier for your OAuth registration on the torus network. The public/private keys generated for a user are scoped to a verifier. Register your app here to get your verifier today.clientId
:string
: clientId obtained from OAuth registration For native logins, please use the one from OAuth registration. For proxy logins, please use the clientId obtained from proxy providerjwtParams?
:Auth0ClientOptions
(optional): Details belowhash?
:string
(optional): The location hash returned from OAuth login. Useful in case the OAuth redirects to app with hash & query paramsqueryParameters?
:TorusGenericObject
(optional): Key value pairs of query parameters returned from OAuth login. Useful in case the OAuth redirects to app with hash & query paramscustomState?
:TorusGenericObject
(optional): Custom OAuth state parameter. Useful for state management post redirect flow.
info
In some cases (electron apps, chrome extensions), your app will be redirected to the redirect url with hash and query params from OAuth provider. To get torus key in such cases, please pass along those parameters into the sdk. Passing these will skip the login and return the torus result directly.
Returns
Promise<TorusLoginResponse>
: Returns a promise which resolves to theTorusLoginResponse
object
Reference
export interface SubVerifierDetails {
typeOfLogin: LOGIN_TYPE;
verifier: string;
clientId: string;
jwtParams?: Auth0ClientOptions;
hash?: string;
queryParameters?: TorusGenericObject;
customState?: TorusGenericObject;
}
export const LOGIN = {
GOOGLE: "google",
FACEBOOK: "facebook",
REDDIT: "reddit",
DISCORD: "discord",
TWITCH: "twitch",
APPLE: "apple",
GITHUB: "github",
LINKEDIN: "linkedin",
TWITTER: "twitter",
WEIBO: "weibo",
LINE: "line",
EMAIL_PASSWORD: "email_password",
PASSWORDLESS: "passwordless",
JWT: "jwt",
WEBAUTHN: "webauthn",
} as const;
export type LOGIN_TYPE = typeof LOGIN[keyof typeof LOGIN];
// REGION: AUTH0 PARAMS
export interface BaseLoginOptions {
/**
* - `'page'`: displays the UI with a full page view
* - `'popup'`: displays the UI with a popup window
* - `'touch'`: displays the UI in a way that leverages a touch interface
* - `'wap'`: displays the UI with a "feature phone" type interface
*/
display?: "page" | "popup" | "touch" | "wap" | string;
/**
* - `'none'`: do not prompt user for login or consent on reauthentication
* - `'login'`: prompt user for reauthentication
* - `'consent'`: prompt user for consent before processing request
* - `'select_account'`: prompt user to select an account
*/
prompt?: "none" | "login" | "consent" | "select_account" | string;
/**
* Maximum allowable elasped time (in seconds) since authentication.
* If the last time the user authenticated is greater than this value,
* the user must be reauthenticated.
*/
max_age?: string | number;
/**
* The space-separated list of language tags, ordered by preference.
* For example: `'fr-CA fr en'`.
*/
ui_locales?: string;
/**
* Previously issued ID Token.
*/
id_token_hint?: string;
/**
* The user's email address or other identifier. When your app knows
* which user is trying to authenticate, you can provide this parameter
* to pre-fill the email box or select the right session for sign-in.
*
* This currently only affects the classic Lock experience.
*/
login_hint?: string;
acr_values?: string;
/**
* The default scope to be used on authentication requests.
* The defaultScope defined in the Auth0Client is included
* along with this scope
*/
scope?: string;
/**
* The default audience to be used for requesting API access.
*/
audience?: string;
/**
* The name of the connection configured for your application.
* If null, it will redirect to the Auth0 Login Page and show
* the Login Widget.
*/
connection?: string;
/**
* If you need to send custom parameters to the Authorization Server,
* make sure to use the original parameter name.
*/
[key: string]: unknown;
}
export interface Auth0ClientOptions extends BaseLoginOptions {
/**
* Your Auth0 account domain such as `'example.auth0.com'`,
* `'example.eu.auth0.com'` or , `'example.mycompany.com'`
* (when using [custom domains](https://auth0.com/docs/custom-domains))
*/
domain: string;
/**
* The Client ID found on your Application settings page
*/
client_id?: string;
/**
* The default URL where Auth0 will redirect your browser to with
* the authentication result. It must be whitelisted in
* the "Allowed Callback URLs" field in your Auth0 Application's
* settings. If not provided here, it should be provided in the other
* methods that provide authentication.
*/
redirect_uri?: string;
/**
* The value in seconds used to account for clock skew in JWT expirations.
* Typically, this value is no more than a minute or two at maximum.
* Defaults to 60s.
*/
leeway?: number;
/**
* The field in jwt token which maps to verifier id
*/
verifierIdField?: string;
/**
* Whether the verifier id field is case sensitive
* @default true
*/
isVerifierIdCaseSensitive?: boolean;
}
export type TorusGenericObject = {
[key: string]: string;
};
export type TorusLoginResponse = TorusSingleVerifierResponse & TorusKey;
export interface TorusSingleVerifierResponse {
userInfo: TorusVerifierResponse & LoginWindowResponse;
}
export interface TorusKeyPub {
pubKey?: {
pub_key_X: string;
pub_key_Y: string;
};
}
export interface TorusKey extends TorusKeyPub {
publicAddress: string;
privateKey: string;
metadataNonce: string;
}
export interface TorusVerifierResponse {
email: string;
name: string;
profileImage: string;
aggregateVerifier?: string;
verifier: string;
verifierId: string;
typeOfLogin: LOGIN_TYPE;
ref?: string;
registerOnly?: boolean;
extraVerifierParams?: WebAuthnExtraParams;
}
export interface LoginWindowResponse {
accessToken: string;
idToken?: string;
ref?: string;
extraParams?: string;
extraParamsPassed?: string;
state: TorusGenericObject;
}
export type WebAuthnExtraParams = {
signature?: string;
clientDataJSON?: string;
authenticatorData?: string;
publicKey?: string;
challenge?: string;
rpOrigin?: string;
credId?: string;
};
Examples
- Native
- Proxy
- Rehydrate
/*
Native logins use this approach
The following are native logins
- google
- facebook
- reddit
- discord
- twitch
All others are proxy logins
*/
const loginDetails = await torusdirectsdk.triggerLogin({
typeOfLogin: "google",
verifier: "YOUR_VERIFIER_HERE", // get your verifier deployed today
clientId: "YOUR_GOOGLE_CLIENT_ID",
});
const loginDetails = await torusdirectsdk.triggerLogin({
typeOfLogin: "facebook",
verifier: "YOUR_VERIFIER_HERE", // get your verifier deployed today
clientId: "YOUR_FACEBOOK_APP_ID",
});
/*
All logins done via a proxy auth provider use this method
domain is a mandatory param
*/
const jwtParams = {
domain: "YOUR_PROXY_VERIFIER_DOMAIN", // eg: "https://torus-test.auth0.com"
};
// twitter
const loginDetails = await torusdirectsdk.triggerLogin({
typeOfLogin: "twitter",
verifier: "YOUR_TWITTER_VERIFIER",
// this is obtained at the proxy website (e.g.: auth0 application client id)
clientId: "YOUR_PROXY_TWITTER_CLIENT_ID",
jwtParams,
});
// passwordless
const loginDetails = await torusdirectsdk.triggerLogin({
typeOfLogin: "jwt",
verifier: "YOUR_PASSWORDLESS_VERIFIER",
// this is obtained at the proxy website (e.g.: auth0 application client id)
clientId: "YOUR_PROXY_PASSWORDLESS_CLIENT_ID",
jwtParams: {
...jwtParams,
// this corresponds to the field inside jwt which must be used to uniquely
// identify the user
verifierIdField: "name",
isVerifierIdCaseSensitive: false,
},
});
/*
In some platforms (electron etc.) or in cases where you wish to perform
authentication in a different manner other than opening a popup (redirect flow),
you can pass in hash and queryParameters of redirected url into the method
to bypass opening of popup window and return the result
*/
var url = new URL(location.href);
const hash = url.hash.substr(1);
const queryParameters = {};
for (let key of url.searchParams.keys()) {
queryParameters[key] = url.searchParams.get(key);
}
const loginDetails = await torusdirectsdk.triggerLogin({
typeOfLogin: "google",
verifier: "YOUR_GOOGLE_VERIFIER",
clientId: "YOUR_GOOGLE_CLIENT_ID",
jwtParams: {},
hash,
queryParameters,
});
triggerAggregateLogin
triggerAggregateLogin
performs the following actions:
- Opens the login window of the auth provider as a popup
- Listens on the redirected url
- Returns the verifier scoped public private key pair + user info
Use this if you wish to have account linking / multiple verifiers returning same keys (e.g.: passwordless and google logins returning the same key or google iOS, web, android clients to return the same key). Currently, only single_id_verifier is supported as aggregate verifier type
await torusdirectsdk.triggerAggregateLogin(options);
Parameters
options is an object of type AggregateLoginParams
with the following
parameters
params
-AggregateLoginParams
: The login options.aggregateVerifierType
-AGGREGATE_VERIFIER_TYPE
: Currently only single_id_verifier is supportedverifierIdentifier
-string
: A verifierIndentifier is a unique identifier for your OAuth registration on the torus network. The public/private keys generated for a user are scoped to a verifierIdentifier for aggregate login. Register your app here to get your verifier today.subVerifierDetailsArray
-SubVerifierDetails[]
:SubVerifierDetails
is the options parameter for triggerLogin
Returns
Promise<TorusAggregateLoginResponse>
: Returns a promise which resolves to theTorusAggregateLoginResponse
object
Reference
export const AGGREGATE_VERIFIER = {
SINGLE_VERIFIER_ID: "single_id_verifier",
// AND_AGGREGATE_VERIFIER : "and_aggregate_verifier",
// OR_AGGREGATE_VERIFIER : "or_aggregate_verifier",
} as const;
export type AGGREGATE_VERIFIER_TYPE = typeof AGGREGATE_VERIFIER[keyof typeof AGGREGATE_VERIFIER];
export interface AggregateLoginParams {
aggregateVerifierType: AGGREGATE_VERIFIER_TYPE;
verifierIdentifier: string;
subVerifierDetailsArray: SubVerifierDetails[];
}
export type TorusAggregateLoginResponse = TorusAggregateVerifierResponse &
TorusKey;
export interface TorusAggregateVerifierResponse {
userInfo: (TorusVerifierResponse & LoginWindowResponse)[];
}
// Additional types are present in the triggerLogin documentation
Examples
- Native
- Proxy
- Rehydrate
/*
If you want google and facebook logins to have the same user account,
do the following
*/
const subVerifierDetailsGoogle = {
typeOfLogin: "google",
verifier: "ANY_UNIQUE_STRING",
clientId: "YOUR_GOOGLE_CLIENT_ID",
};
const subVerifierDetailsFacebook = {
typeOfLogin: "facebook",
verifier: "ANY_UNIQUE_STRING",
clientId: "YOUR_FACEBOOK_APP_ID",
};
// The deployed verifier identifier links both google and facebook
const commonVerifierIdentifier = "YOUR_VERIFIER_IDENTIFIER_HERE";
// when user clicks google button, use this
const loginDetails = await torusdirectsdk.triggerAggregateLogin({
aggregateVerifierType: "single_id_verifier",
// get your verifier identifier deployed today
verifierIdentifier: commonVerifierIdentifier,
subVerifierDetailsArray: [subVerifierDetailsGoogle],
});
// when user clicks facebook button, use this
const loginDetails = await torusdirectsdk.triggerAggregateLogin({
aggregateVerifierType: "single_id_verifier",
// get your verifier identifier deployed today
verifierIdentifier: commonVerifierIdentifier,
subVerifierDetailsArray: [subVerifierDetailsFacebook],
});
/*
If you want google and passwordless logins to have the same user account,
do the following
*/
const jwtParams = {
domain: "YOUR_PROXY_VERIFIER_DOMAIN", // eg: "https://torus-test.auth0.com"
};
const subVerifierDetailsGoogle = {
typeOfLogin: "google",
verifier: "ANY_UNIQUE_STRING",
clientId: "YOUR_GOOGLE_CLIENT_ID",
};
const subVerifierDetailsPasswordless = {
typeOfLogin: "jwt",
verifier: "ANY_UNIQUE_STRING",
// this is obtained at the proxy website (e.g.: auth0 application client id)
clientId: "YOUR_PROXY_PASSWORDLESS_CLIENT_ID",
jwtParams: {
...jwtParams,
// this corresponds to the field inside jwt which must be used to uniquely
// identify the user. This is mapped b/w google and passwordless logins
verifierIdField: "name",
isVerifierIdCaseSensitive: false,
},
};
// The deployed verifier identifier links both google and passwordless
const commonVerifierIdentifier = "YOUR_VERIFIER_IDENTIFIER_HERE";
// when user clicks google button, use this
const loginDetails = await torusdirectsdk.triggerAggregateLogin({
aggregateVerifierType: "single_id_verifier",
// get your verifier identifier deployed today
verifierIdentifier: commonVerifierIdentifier,
subVerifierDetailsArray: [subVerifierDetailsGoogle],
});
// when user clicks passwordless button, use this
const loginDetails = await torusdirectsdk.triggerAggregateLogin({
aggregateVerifierType: "single_id_verifier",
// get your verifier identifier deployed today
verifierIdentifier: commonVerifierIdentifier,
subVerifierDetailsArray: [subVerifierDetailsPasswordless],
});
/*
In some platforms (electron etc.) or in cases where you wish to perform
authentication in a different manner other than opening a popup (redirect flow),
you can pass in hash and queryParameters of redirected url into the method
to bypass opening of popup window and return the result
*/
var url = new URL(location.href);
const hash = url.hash.substr(1);
const queryParameters = {};
for (let key of url.searchParams.keys()) {
queryParameters[key] = url.searchParams.get(key);
}
const subVerifierDetailsGoogle = {
typeOfLogin: "google",
verifier: "ANY_UNIQUE_STRING",
clientId: "YOUR_GOOGLE_CLIENT_ID",
jwtParams: {},
hash,
queryParameters,
};
// The deployed verifier identifier links both google and other login type
const commonVerifierIdentifier = "YOUR_VERIFIER_IDENTIFIER_HERE";
// when user clicks passwordless button, use this
const loginDetails = await torusdirectsdk.triggerAggregateLogin({
aggregateVerifierType: "single_id_verifier",
// get your verifier identifier deployed today
verifierIdentifier: commonVerifierIdentifier,
subVerifierDetailsArray: [subVerifierDetailsGoogle],
});
getRedirectResult
getRedirectResult
gets the TorusKey result post redirect flow. This method
should only be called at the end of the redirect flow.
await torusdirectsdk.getRedirectResult(options);
Parameters options is an object of type RedirectResultParams
with the
following parameters
options
-RedirectResultParams
: The redirect result options.replaceUrl?
-boolean
(optional) : Whether to clean the url of hash/query params
Returns
Promise<RedirectResult>
: Returns a promise which resolves to theRedirectResult
object
Reference
export const TORUS_METHOD = {
TRIGGER_LOGIN: "triggerLogin",
TRIGGER_AGGREGATE_LOGIN: "triggerAggregateLogin",
TRIGGER_AGGREGATE_HYBRID_LOGIN: "triggerHybridAggregateLogin",
} as const;
export type TORUS_METHOD_TYPE = typeof TORUS_METHOD[keyof typeof TORUS_METHOD];
export interface RedirectResult {
method: TORUS_METHOD_TYPE;
result: TorusLoginResponse | TorusAggregateLoginResponse | unknown;
error?: string;
state: Record<string, unknown>;
}
// types are present in the above documentation
Examples
const torusRedirectResult = await torusdirectsdk.getRedirectResult();
getTorusKey
getTorusKey
is a helper method which by passes the login flow and communicates
directly with the torus nodes to return you the user's key. Use this if you have
a custom login flow and wish to get just the user's key
await torusdirectsdk.getTorusKey(verifier: string,
verifierId: string,
verifierParams: { verifier_id: string },
idToken: string,
additionalParams?: extraParams);
Parameters
verifier
-string
: A verifier is a unique identifier for your OAuth registration on the torus network. The public/private keys generated for a user are scoped to a verifier. Register your app here to get your verifier todayverifierId
-string
:verifierId
is the unique identifier to publicly represent a user on a verifier. e.g: email, sub etc. other fields can be classified as verifierIdverifierParams
-object
: As stated in the signature. Can contain other fields which can be useful for aggregate loginsidToken
-string
:idToken
oraccessToken
received from the OAuth provideradditionalParams
-extraParams
: Any additional parameters you wish to send to the torus nodes. useful for WebAuthn logins
Returns
Promise<TorusKey>
: Returns a promise which resolves to theTorusKey
object
Reference
export interface extraParams {
[key: string]: unknown;
}
// additional types are present in the triggerLogin documentation
Examples
// google
const torusKey = await torusdirectsdk.getTorusKey(
"YOUR_GOOGLE_VERIFIER",
"USER_EMAIL",
{ verifier_id: "USER_EMAIL" },
"USER_GOOGLE_ID_TOKEN"
);
getAggregateTorusKey
getAggregateTorusKey
is a helper method which by passes the login flow and
communicates directly with the torus nodes to return you the user's key. Use
this if you have a custom aggregate login flow and wish to get just the user's
key
await torusdirectsdk.getAggregateTorusKey(
(verifier: string),
(verifierId: string),
(subVerifierInfoArray: TorusSubVerifierInfo[])
);
Parameters
verifier
-string
: A verifier is a unique identifier for your OAuth registration on the torus network. The public/private keys generated for a user are scoped to a verifier. Register your app here to get your verifier todayverifierId
-string
:verifierId
is the unique identifier to publicly represent a user on a verifier. e.g: email, sub etc. other fields can be classified as verifierIdsubVerifierInfoArray
-TorusSubVerifierInfo[]
: Refer below.
Returns
Promise<TorusKey>
: Returns a promise which resolves to theTorusKey
object
Reference
export interface TorusSubVerifierInfo {
verifier: string;
idToken: string;
extraVerifierParams?: WebAuthnExtraParams;
}
// types are present in the triggerLogin documentation
Examples
// google
const torusKey = await torusdirectsdk.getAggregateTorusKey(
"YOUR_AGGREGATE_VERIFIER",
"USER_EMAIL",
[
{
idToken: "OAUTH_ID_TOKEN",
verifier: "SUB_VERIFIER",
},
]
);