Options
All
  • Public
  • Public/Protected
  • All
Menu

express-oauth2-jwt-bearer

Index

Classes

Interfaces

Type aliases

Functions

Type aliases

JSONPrimitive

JSONPrimitive: string | number | boolean | null

Functions

Const auth

  • Middleware that will return a 401 if a valid JWT bearer token is not provided in the request.

    Can be used in 2 ways:

    1. Pass in an AuthOptions.issuerBaseURL (or define the env variable ISSUER_BASE_URL)
    app.use(auth({
  issuerBaseURL: 'http://issuer.example.com',
  audience: 'https://myapi.com'
}));

    This uses the AuthOptions.issuerBaseURL to find the OAuth 2.0 Authorization Server Metadata to get the AuthOptions.jwksUri and AuthOptions.issuer.

    1. You can also skip discovery and provide the AuthOptions.jwksUri (or define the env variable JWKS_URI) and AuthOptions.issuer (or define the env variable ISSUER) yourself.
    app.use(auth({
  jwksUri: 'http://issuer.example.com/well-known/jwks.json',
  issuer: 'http://issuer.example.com',
  audience: 'https://myapi.com'
}));

    You must provide the audience argument (or AUDIENCE environment variable) used to match against the Access Token's aud claim.

    Parameters

    Returns Handler

Const claimCheck

  • claimCheck(fn: (payload: JWTPayload) => boolean, errMsg?: string): Handler

  • Check the token's claims using a custom method that receives the JWTPayload and should return true if the token is valid. Raises a 401 invalid_token error if the function returns false. You can also customise the error_description which should be formatted per rfc6750.

    app.use(auth());

app.get('/admin/edit', claimCheck((claims) => {
  return claims.isAdmin && claims.roles.includes('editor');
}, `Unexpected 'isAdmin' and 'roles' claims`), (req, res) => { ... });

    Parameters

    Returns Handler

Const claimEquals

Const claimIncludes

  • claimIncludes(claim: string, ...expected: JSONPrimitive[]): Handler

  • Check a token's claim to include a number of given JSONPrimitives (string, number, boolean or null) raises a 401 invalid_token error if the value of the claim does not include all the given values.

    app.use(auth());

app.get('/admin/edit', claimIncludes('role', 'admin', 'editor'),
   (req, res) => { ... });

    Parameters

    Returns Handler

Const requiredScopes

  • requiredScopes(scopes: string | string[]): Handler

  • Check a token's scope claim to include a number of given scopes, raises a 403 insufficient_scope error if the value of the scope claim does not include all the given scopes.

    app.use(auth());

app.get('/admin/edit', requiredScopes('read:admin write:admin'),
   (req, res) => { ... });

    Parameters

    • scopes: string | string[]

    Returns Handler

Const scopeIncludesAny

  • scopeIncludesAny(scopes: string | string[]): Handler

  • Check a token's scope claim to include any of the given scopes, raises a 403 insufficient_scope error if the value of the scope claim does not include any of the given scopes.

    app.use(auth());

app.get('/admin/edit', scopeIncludesAny('read:msg read:admin'),
   (req, res) => { ... });

    Parameters

    • scopes: string | string[]

    Returns Handler