Custom Database Error Handling and Troubleshooting

Custom Database Error Handling and Troubleshooting

How to implement the Resource Owner Password Grant

auth0.js v9 Reference


Renew Tokens When Using Safari

Passwordless Connections

Where to Store Tokens

Lock Android v2 Refreshing JWTs


This feature uses delegation. By default, delegation is disabled for tenants without an add-on in use as of 8 June 2017. Legacy tenants who currently use an add-on that requires delegation may continue to use this feature. If delegation functionality is changed or removed from service at some point, customers who currently use it will be notified beforehand and given ample time to migrate.

When an authentication is performed with the offline_access LockLockscopesscope(s)OpenID Connect (OIDC)PasswordlessAccess Tokensscope included, the returned Credentials will contain a JSON Web Token (JWT)Universal LoginRefresh TokensRefresh Token and an ID Token. Both tokens can be used to request a new audienceRefresh TokenAccess Token and avoid asking the user their credentials again.

We need to store the tokens in a secure storage after a successful authentication. Keep in mind that Refresh Tokens never expire. To request a new token you'll need to use's AuthenticationAPIClient. Don't forget to request the same scope used in the first login call.

Types of errors

Types of errors

Before you start

Configure Auth0

Ready-to-go example


Configure Auth0


Configure Auth0 APIs

Regular web apps

Using Refresh Token

Return errors

Return errors

Configure your tenant

Get Your Application Keys

Setup and initialization

ITP and Browser Behavior

Get Your Application Keys

Supported authentication methods

Create an API

Native/mobile apps

Using a non-expired ID Token