Interface MonoCloudAuthProviderProps

The base URL of the application implementing authentication.

Used to construct redirect URLs and validate cross-origin messages received from popups or iframes.

If omitted, it defaults to the current page's origin (window.location.origin).

Timeout (in seconds) for popup and silent (iframe) authentication windows before rejecting with a timeout error.

Applies to signIn, signOut, and signInSilent.

When true (the default), the provider processes the OIDC callback automatically when it mounts. Set it to false when you handle the callback yourself with <ProcessCallback /> on a dedicated route.

Relative callback path where MonoCloud redirects the user after sign-in.

This URL must be registered in the application's callback URL settings in MonoCloud. If omitted, the callback URL defaults to appUrl with path /.

The application tree that should have access to the authentication context.

Method used for client authentication when calling the token endpoint.

Client identifier of the application registered in MonoCloud.

Client secret or JSON Web Key used for client authentication.

Only required for confidential clients (for example, when using client_secret_jwt or private_key_jwt).

Maximum allowed clock skew (in seconds) for claims validations.

Maximum allowed clock tolerance (in seconds) applied to time-based claims validations.

Default authorization parameters to include in authentication requests.

Only a subset of AuthorizationParams is configurable here; per-request values (state, nonce, codeChallenge, codeChallengeMethod, redirectUri) are managed internally by the SDK.

If scopes is not set (here or on the signIn call), the SDK defaults to 'openid profile email'.

Hybrid response types (code id_token, code token, code id_token token) are supported, but the SDK always completes the back-channel authorization code exchange and uses those tokens. The front-channel id_token and access_token returned in the URL fragment are only checked for presence; they are not validated and are not stored on the session - the authoritative tokens come from the code exchange, where the ID token signature, nonce, and claims are validated.

When true, signs the user out from both the application and MonoCloud (Single Sign-Out).

Determines whether user profile data is fetched from the UserInfo endpoint after authentication.

List of ID token claims to exclude when constructing the final user object stored on the session.

If omitted, a default set of protocol claims are removed.

Expected signing algorithm used to validate ID token signatures.

Duration (in seconds) to cache the JSON Web Key Set (JWKS) document after it is fetched from the authorization server.

Duration (in seconds) to cache OpenID Connect discovery metadata after it is fetched from the authorization server.

Hook invoked while creating or updating session.

The height of the popup window in pixels.

Used to size and center the window when signIn or signOut is called with mode: 'popup'.

The width of the popup window in pixels.

Used to size and center the window when signIn or signOut is called with mode: 'popup'.

Callback executed after a successful sign-in or sign-out callback. Useful for client-side router integration.

Additional resources that can be requested via getTokens().

A unique identifier that differentiates sessions when multiple clients are used within the same application.

This key is appended to the internal session storage key to prevent collisions when multiple MonoCloudWebJSClient instances share the same clientId.

Relative path where MonoCloud redirects the user after sign-out.

This URL must be registered in the application's sign-out URLs in MonoCloud. If omitted, the sign-out callback URL defaults to appUrl with path /.

Storage implementation used to persist sessions. Defaults to LocalStorage.

MonoCloud tenant domain.

Determines whether the ID token signature and claims should be validated.

Disabling validation is not recommended.