Interface: OAuthServerOptions
Defined in: auth-core/src/oauthServerTypes.ts:203
Configuration for createOAuthHandlers.
Properties
authCodeStore
authCodeStore:
AuthCodeStore
Defined in: auth-core/src/oauthServerTypes.ts:209
App-provided store for short-lived authorization codes.
authorizationCodeTtl?
optionalauthorizationCodeTtl?:number
Defined in: auth-core/src/oauthServerTypes.ts:241
Authorization code lifetime in seconds.
Default
600
clientStore
clientStore:
ClientStore
Defined in: auth-core/src/oauthServerTypes.ts:207
App-provided store for dynamic clients.
endpoints?
optionalendpoints?:object
Defined in: auth-core/src/oauthServerTypes.ts:243
Override the default endpoint paths.
authorize?
optionalauthorize?:string
Default
'/authorize'
register?
optionalregister?:string
Default
'/register'
token?
optionaltoken?:string
Default
'/token'
issuer
issuer:
string
Defined in: auth-core/src/oauthServerTypes.ts:205
The authorization server's issuer identifier (its base URL).
issueTokens
issueTokens: (
args) =>IssuedTokens|Promise<IssuedTokens>
Defined in: auth-core/src/oauthServerTypes.ts:214
App-owned token minting. The core never sees the user model or signing keys — it hands you the subject/scopes/client and you return the tokens.
Parameters
| Parameter | Type |
|---|---|
args | IssueTokensArgs |
Returns
IssuedTokens | Promise<IssuedTokens>
onAuthorize
onAuthorize: (
args) =>OnAuthorizeResult|Promise<OnAuthorizeResult>
Defined in: auth-core/src/oauthServerTypes.ts:220
App-owned login/consent. Called on every authorize request; return the
authenticated subject to approve, or { approved: false, redirect } to send
the user to your own login/consent UI.
Parameters
| Parameter | Type |
|---|---|
args | OnAuthorizeArgs |
Returns
OnAuthorizeResult | Promise<OnAuthorizeResult>
onRefreshToken?
optionalonRefreshToken?: (args) =>OnRefreshTokenResult|Promise<OnRefreshTokenResult>
Defined in: auth-core/src/oauthServerTypes.ts:227
App-owned refresh-token validation. Required to support the refresh_token
grant; when omitted, refresh requests get unsupported_grant_type.
Parameters
| Parameter | Type |
|---|---|
args | OnRefreshTokenArgs |
Returns
OnRefreshTokenResult | Promise<OnRefreshTokenResult>
resource?
optionalresource?:string
Defined in: auth-core/src/oauthServerTypes.ts:236
When set, OAuthHandlers.protectedResourceMetadata is served, pairing this resource URL with the issuer as its authorization server (RFC 9728).
scopesSupported?
optionalscopesSupported?:string[]
Defined in: auth-core/src/oauthServerTypes.ts:231
Scopes advertised in discovery metadata (scopes_supported).