Skip to main content

Type Alias: OAuthOptions

OAuthOptions = object

Defined in: http-server-auth/src/types.ts:46

Properties

mapPayload?

optional mapPayload?: (payload, ctx) => AuthenticatedUser | null

Defined in: http-server-auth/src/types.ts:65

Maps the verified payload to an AuthenticatedUser. Defaults to the payload itself with id taken from sub, so claims like scope remain available on ctx.state.user.

Parameters

ParameterType
payloadRecord<string, unknown>
ctxContext

Returns

AuthenticatedUser | null


requiredScopes?

optional requiredScopes?: string[]

Defined in: http-server-auth/src/types.ts:74

Scopes that must all be present on the token, else 403. verify may return either scope: string (space-separated JWT claim) or scopes: string[]; both are normalised internally.


verify

verify: (token, ctx) => Promise<Record<string, unknown> | null> | Record<string, unknown> | null

Defined in: http-server-auth/src/types.ts:56

Verifies a Bearer token issued by an OAuth provider (Cognito, Auth0, Keycloak, your own authorization server, …). Resolve with the verified payload, return null, or throw to reject — both rejection forms yield a 401. Wrap a provider SDK here (e.g. CognitoJwtVerifier from @ttoss/auth-core/amazon-cognito) to keep this package provider-agnostic.

Receives the Koa ctx as a second argument for request-scoped work.

Parameters

ParameterType
tokenstring
ctxContext

Returns

Promise<Record<string, unknown> | null> | Record<string, unknown> | null