Function: oauthVerify()

oauthVerify(options): Middleware

Defined in: http-server-oauth/src/index.ts:214

Koa middleware that verifies the incoming Authorization: Bearer token (the OAuth resource-server role). Invalid or missing tokens get 401 (with an RFC 9728 WWW-Authenticate header when resourceMetadataUrl is set); tokens missing a requiredScopes entry get 403. On success the verified payload is stored on ctx.state.identity.

This is the opt-in "http-server with OAuth (verifying)" path.

Parameters

Parameter	Type
options	OAuthVerifyOptions

Returns

Middleware

Example

app.use(oauthVerify({ verifyToken: async (t) => myJwt.verify(t), requiredScopes: ['read'] }));