Skip to main content

Authentication Widget (auth.js) Reference

This reference documents the Authentication Cloud browser-side JavaScript library, Authentication Widget (auth.js). You can use the Authentication Widget to enroll and authenticate users without a password. The Authentication Widget can be embedded in your login and authentication pages, and it can also be customized with your logo and brand colors.

info

Looking for a step-by-step guide? Learn how to use the Authentication Widget.

Full API documentation available at Integrating the Widget.

Content Security Policy

If your web application has Content Security Policy (CSP) enabled, the widget needs the following attributes to be added or extended to work:

  • script-src https://<instance-id>.mauth.nevis.cloud/: required to allow auth.js to be loaded
  • child-src https://<instance-id>.mauth.nevis.cloud/: since the widget operates in an iframe, this has to be enabled in the CSP for better separation and sandboxing
  • style-src 'unsafe-inline': is required to position and show the widget properly on the site at all times

For security reasons, the widget also has CSP enabled to limit on which pages it is allowed to work. Your web app URL has to be allowed for your Authentication Cloud instance. Multiple applications can be allowed. If you want the widget to load your logo from an external URL, that URL also has to be added to this allow list.

info

Contact Nevis support to have the list of allowed URLs modified for your Authentication Cloud instance.

Success CodeDescriptionComment
success-001Successful registrationFor newly created users, it returns a userId in a data object element. {userId: '<the id of the new user>'}
success-002Successful login
error-1000Unknown error
error-1001Error when requesting enrollment QR codeInvalid, possibly expired intent token
error-1002Error while waiting for the enrollment QR code to be scannedThe user did not scan the QR code or click the app link in a timely manner.
error-1003Error while waiting for the enrollment to be finished on the phoneThe user scanned the QR code or clicked the app link, but did not continue the process after that.
error-1004The enrollment process was canceled by the user.
error-1005Invalid parameters for enrollment
error-1010Invalid parameters for login
error-1011Error when requesting login QR codeInvalid, possibly expired intent token
error-1012Error while waiting for the login QR code to be scannedThe user did not scan the QR code or click the app link in a timely manner.
error-1013Error while waiting for the login to be finished on the phoneThe user scanned the QR code or clicked the app link, but did not continue the process after that.
error-1014Error while waiting for the login QR code to be scannedThe user did not scan the QR code or click the app link in a timely manner.
error-1015The login process was canceled by the user.