Interface: OAuthServerOptions
Defined in: oauthServerTypes.ts:252
Configuration for createOAuthHandlers.
Properties
authCodeStore
authCodeStore:
AuthCodeStore
Defined in: oauthServerTypes.ts:258
App-provided store for short-lived authorization codes.
authorizationCodeTtl?
optionalauthorizationCodeTtl?:number
Defined in: oauthServerTypes.ts:290
Authorization code lifetime in seconds.
Default
600
clientStore
clientStore:
ClientStore
Defined in: oauthServerTypes.ts:256
App-provided store for dynamic clients.
endpoints?
optionalendpoints?:object
Defined in: oauthServerTypes.ts:292
Override the default endpoint paths.
authorize?
optionalauthorize?:string
Default
'/authorize'
register?
optionalregister?:string
Default
'/register'
token?
optionaltoken?:string
Default
'/token'
issuer
issuer:
string
Defined in: oauthServerTypes.ts:254
The authorization server's issuer identifier (its base URL).
issueTokens
issueTokens: (
args) =>IssuedTokens|Promise<IssuedTokens>
Defined in: oauthServerTypes.ts:263
App-owned token minting. The core never sees the user model or signing keys — it hands you the subject/scopes/client and you return the tokens.
Parameters
| Parameter | Type |
|---|---|
args | IssueTokensArgs |
Returns
IssuedTokens | Promise<IssuedTokens>
onAuthorize
onAuthorize: (
args) =>OnAuthorizeResult|Promise<OnAuthorizeResult>
Defined in: oauthServerTypes.ts:269
App-owned login/consent. Called on every authorize request; return the
authenticated subject to approve, or { approved: false, redirect } to send
the user to your own login/consent UI.
Parameters
| Parameter | Type |
|---|---|
args | OnAuthorizeArgs |
Returns
OnAuthorizeResult | Promise<OnAuthorizeResult>
onRefreshToken?
optionalonRefreshToken?: (args) =>OnRefreshTokenResult|Promise<OnRefreshTokenResult>
Defined in: oauthServerTypes.ts:276
App-owned refresh-token validation. Required to support the refresh_token
grant; when omitted, refresh requests get unsupported_grant_type.
Parameters
| Parameter | Type |
|---|---|
args | OnRefreshTokenArgs |
Returns
OnRefreshTokenResult | Promise<OnRefreshTokenResult>
resource?
optionalresource?:string
Defined in: oauthServerTypes.ts:285
When set, OAuthHandlers.protectedResourceMetadata is served, pairing this resource URL with the issuer as its authorization server (RFC 9728).
scopesSupported?
optionalscopesSupported?:string[]
Defined in: oauthServerTypes.ts:280
Scopes advertised in discovery metadata (scopes_supported).