Type Alias: AuthMiddlewareOptions
AuthMiddlewareOptions =
object
Defined in: http-server-auth/src/types.ts:77
Properties
allowedOrigins?
optionalallowedOrigins?: (string|RegExp|undefined)[]
Defined in: http-server-auth/src/types.ts:94
Optional origin allowlist. Strings are exact-matched; RegExps are tested. Requests without an Origin header are never rejected by this check.
apiToken?
optionalapiToken?:ApiTokenOptions
Defined in: http-server-auth/src/types.ts:81
jwt?
optionaljwt?:JwtOptions
Defined in: http-server-auth/src/types.ts:80
oauth?
optionaloauth?:OAuthOptions
Defined in: http-server-auth/src/types.ts:83
required?
optionalrequired?:boolean
Defined in: http-server-auth/src/types.ts:99
When true (default), unauthenticated requests receive 401. When false, they pass through with ctx.state.user === undefined.
resourceMetadataUrl?
optionalresourceMetadataUrl?:string
Defined in: http-server-auth/src/types.ts:89
When set, a 401 response carries
WWW-Authenticate: Bearer resource_metadata="<url>" (RFC 9728) so OAuth
clients can discover the authorization server. Otherwise a bare Bearer.
strategies
strategies:
AuthStrategy[]
Defined in: http-server-auth/src/types.ts:79
Ordered list of strategies to attempt. First match wins.
system?
optionalsystem?:SystemOptions
Defined in: http-server-auth/src/types.ts:82