Authentication widget (auth.js) Reference
This reference documents the Authentication Cloud browser-side JavaScript library, Authentication Widget (auth.js
). You can use the Authentication Widget to enroll and authenticate users without a password. The Authentication Widget can be embedded in your login and authentication pages, and it can also be customized with your logo and brand colors.
Looking for a step-by-step guide? Learn how to use the Authentication Widget.
Full API documentation available at Integrating the Widget.
Content Security Policy
If your web application has Content Security Policy (CSP) enabled, the widget needs the following attributes to be added or extended to work:
script-src https://<instance-id>.mauth.nevis.cloud/
: required to allowauth.js
to be loadedchild-src https://<instance-id>.mauth.nevis.cloud/
: since the widget operates in aniframe
, this has to be enabled in the CSP for better separation and sandboxingstyle-src 'unsafe-inline'
: is required to position and show the widget properly on the site at all times
For security reasons, the widget also has CSP enabled to limit on which pages it is allowed to work. Your web app URL has to be allowed for your Authentication Cloud instance. Multiple applications can be allowed. If you want the widget to load your logo from an external URL, that URL also has to be added to this allow list.
Contact Nevis support to have the list of allowed URLs modified for your Authentication Cloud instance.
Success Code | Description | Comment |
---|---|---|
success-001 | Successful registration | For newly created users, it returns a userId in a data object element. {userId: '<the id of the new user>'} |
success-002 | Successful login | |
error-1000 | Unknown error | |
error-1001 | Error when requesting enrollment QR code | Invalid, possibly expired intent token |
error-1002 | Error while waiting for the enrollment QR code to be scanned | The user did not scan the QR code or click the app link in a timely manner. |
error-1003 | Error while waiting for the enrollment to be finished on the phone | The user scanned the QR code or clicked the app link, but did not continue the process after that. |
error-1004 | The enrollment process was canceled by the user. | |
error-1005 | Invalid parameters for enrollment | |
error-1010 | Invalid parameters for login | |
error-1011 | Error when requesting login QR code | Invalid, possibly expired intent token |
error-1012 | Error while waiting for the login QR code to be scanned | The user did not scan the QR code or click the app link in a timely manner. |
error-1013 | Error while waiting for the login to be finished on the phone | The user scanned the QR code or clicked the app link, but did not continue the process after that. |
error-1014 | Error while waiting for the login QR code to be scanned | The user did not scan the QR code or click the app link in a timely manner. |
error-1015 | The login process was canceled by the user. |