The base URL of the application implementing authentication.
Used to construct redirect URLs and validate cross-origin messages received from popups or iframes.
OptionalauthTimeout (in seconds) for popup and silent (iframe) authentication windows before rejecting with a timeout error.
Applies to signIn, signOut, and signInSilent.
OptionalcallbackRelative callback path where MonoCloud redirects the user after sign-in.
This URL must be registered in the application's callback URL settings in MonoCloud. If omitted, the callback URL defaults to appUrl with path /.
OptionalclientMethod used for client authentication when calling the token endpoint.
Client identifier of the application registered in MonoCloud.
OptionalclientClient secret or JSON Web Key used for client authentication.
Only required for confidential clients (for example, when using client_secret_jwt or private_key_jwt).
OptionalclockMaximum allowed clock skew (in seconds) for ID token issue and expiration (iat, exp) validation.
OptionalclockMaximum allowed clock tolerance (in seconds) applied to other time-based ID token claims such as nbf and auth_time.
OptionaldefaultDefault authorization parameters to include in authentication requests.
Only a subset of AuthorizationParams is configurable here; per-request values (state, nonce, codeChallenge, codeChallengeMethod, redirectUri) are managed internally by the SDK.
If scopes is not set (here or on the signIn call), the SDK defaults to 'openid profile email'.
Hybrid response types (code id_token, code token, code id_token token) are supported, but the SDK always completes the back-channel authorization code exchange and uses those tokens. The front-channel id_token and access_token returned in the URL fragment are only checked for presence; they are not validated and are not stored on the session - the authoritative tokens come from the code exchange, where the ID token signature, nonce, and claims are validated.
OptionalfederatedWhen true, signs the user out from both the application and MonoCloud (Single Sign-Out).
OptionalfetchDetermines whether user profile data is fetched from the UserInfo endpoint after authentication.
OptionalfilteredList of ID token claims to exclude when constructing the final user object stored on the session.
If omitted, a default set of protocol claims are removed.
OptionalidExpected signing algorithm used to validate ID token signatures.
OptionaljwksDuration (in seconds) to cache the JSON Web Key Set (JWKS) document after it is fetched from the authorization server.
OptionalmetadataDuration (in seconds) to cache OpenID Connect discovery metadata after it is fetched from the authorization server.
OptionalpopupThe height of the popup window in pixels.
Used to size and center the window when signIn or signOut is called with mode: 'popup'.
OptionalpopupThe width of the popup window in pixels.
Used to size and center the window when signIn or signOut is called with mode: 'popup'.
OptionalresourcesAdditional resources that can be requested via getTokens().
OptionalsessionA unique identifier that differentiates sessions when multiple clients are used within the same application.
This key is appended to the internal session storage key to prevent collisions when multiple MonoCloudWebJSClient instances share the same clientId.
OptionalsignRelative path where MonoCloud redirects the user after sign-out.
If provided, this URL must be registered in the application's sign-out URLs in MonoCloud.
MonoCloud tenant domain.
OptionalvalidateDetermines whether the ID token signature and claims should be validated.
Disabling validation is not recommended.
Configuration options used to initialize MonoCloudWebJSClient.