Check the token's claims using a custom method that receives the
JWTPayload and should return true
if the token is valid. Raises
a 401 invalid_token
error if the function returns false. You can also
customise the error_description
which should be formatted per rfc6750.
app.use(auth());
app.get('/admin/edit', claimCheck((claims) => {
return claims.isAdmin && claims.roles.includes('editor');
}, `Unexpected 'isAdmin' and 'roles' claims`), (req, res) => { ... });
Check a token's claim to be equal a given JSONPrimitive
(string
, number
, boolean
or null
) raises a 401 invalid_token
error if the value of the claim does not match.
app.use(auth());
app.get('/admin', claimEquals('isAdmin', true), (req, res) => { ... });
Check a token's claim to include a number of given JSONPrimitives
(string
, number
, boolean
or null
) raises a 401 invalid_token
error if the value of the claim does not include all the given values.
app.use(auth());
app.get('/admin/edit', claimIncludes('role', 'admin', 'editor'),
(req, res) => { ... });
Check a token's scope
claim to include a number of given scopes, raises a
403 insufficient_scope
error if the value of the scope
claim does not
include all the given scopes.
app.use(auth());
app.get('/admin/edit', requiredScopes('read:admin write:admin'),
(req, res) => { ... });
Check a token's scope
claim to include any of the given scopes, raises a
403 insufficient_scope
error if the value of the scope
claim does not
include any of the given scopes.
app.use(auth());
app.get('/admin/edit', scopeIncludesAny('read:msg read:admin'),
(req, res) => { ... });
Middleware that will return a 401 if a valid JWT bearer token is not provided in the request.
Can be used in 2 ways:
ISSUER_BASE_URL
)This uses the AuthOptions.issuerBaseURL to find the OAuth 2.0 Authorization Server Metadata to get the AuthOptions.jwksUri and AuthOptions.issuer.
JWKS_URI
) and AuthOptions.issuer (or define the env variableISSUER
) yourself.You must provide the
audience
argument (orAUDIENCE
environment variable) used to match against the Access Token'saud
claim.