Skip to main content

Type Alias: AuthMiddlewareOptions

AuthMiddlewareOptions = object

Defined in: http-server-auth/src/types.ts:77

Properties

allowedOrigins?

optional allowedOrigins?: (string | RegExp | undefined)[]

Defined in: http-server-auth/src/types.ts:94

Optional origin allowlist. Strings are exact-matched; RegExps are tested. Requests without an Origin header are never rejected by this check.


apiToken?

optional apiToken?: ApiTokenOptions

Defined in: http-server-auth/src/types.ts:81


jwt?

optional jwt?: JwtOptions

Defined in: http-server-auth/src/types.ts:80


oauth?

optional oauth?: OAuthOptions

Defined in: http-server-auth/src/types.ts:83


required?

optional required?: boolean

Defined in: http-server-auth/src/types.ts:99

When true (default), unauthenticated requests receive 401. When false, they pass through with ctx.state.user === undefined.


resourceMetadataUrl?

optional resourceMetadataUrl?: string

Defined in: http-server-auth/src/types.ts:89

When set, a 401 response carries WWW-Authenticate: Bearer resource_metadata="<url>" (RFC 9728) so OAuth clients can discover the authorization server. Otherwise a bare Bearer.


strategies

strategies: AuthStrategy[]

Defined in: http-server-auth/src/types.ts:79

Ordered list of strategies to attempt. First match wins.


system?

optional system?: SystemOptions

Defined in: http-server-auth/src/types.ts:82