Connectum API Reference / @connectum/auth / JwtAuthInterceptorOptions

Interface: JwtAuthInterceptorOptions

Defined in: packages/auth/src/types.ts:164

JWT auth interceptor options

Properties

algorithms?

optional algorithms?: string[]

Defined in: packages/auth/src/types.ts:210

Allowed algorithms

audience?

optional audience?: string | string[]

Defined in: packages/auth/src/types.ts:208

Expected audience(s)

claimsMapping?

optional claimsMapping?: object

Defined in: packages/auth/src/types.ts:215

Mapping from JWT claims to AuthContext fields. Supports dot-notation paths (e.g., "realm_access.roles").

name?

optional name?: string

roles?

optional roles?: string

scopes?

optional scopes?: string

subject?

optional subject?: string

issuer?

optional issuer?: string | string[]

Defined in: packages/auth/src/types.ts:206

Expected issuer(s)

jwksUri?

optional jwksUri?: string

Defined in: packages/auth/src/types.ts:166

JWKS endpoint URL for remote key set

maxTokenAge?

optional maxTokenAge?: string | number

Defined in: packages/auth/src/types.ts:228

Maximum token age. Passed to jose jwtVerify options. Number (seconds) or string (e.g., "2h", "7d").

propagateHeaders?

optional propagateHeaders?: boolean

Defined in: packages/auth/src/types.ts:238

Propagate auth context as headers for downstream services.

Default

false

publicKey?

optional publicKey?: CryptoKey

Defined in: packages/auth/src/types.ts:204

Asymmetric public key for JWT signature verification.

Supported algorithms:

RSA: RS256, RS384, RS512
RSA-PSS: PS256, PS384, PS512
EC (ECDSA): ES256, ES384, ES512
EdDSA: Ed25519, Ed448

Import a PEM-encoded key via Web Crypto API:

Examples

typescript

const rsaKey = await crypto.subtle.importKey(
  "spki",
  pemToArrayBuffer(rsaPem),
  { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" },
  true,
  ["verify"],
);

typescript

const ecKey = await crypto.subtle.importKey(
  "spki",
  pemToArrayBuffer(ecPem),
  { name: "ECDSA", namedCurve: "P-256" },
  true,
  ["verify"],
);

See

jose CryptoKey documentation

secret?

optional secret?: string

Defined in: packages/auth/src/types.ts:168

HMAC symmetric secret (for HS256/HS384/HS512)

skipMethods?

optional skipMethods?: string[]

Defined in: packages/auth/src/types.ts:233

Methods to skip authentication for.

Default

[]

proto

Type Aliases

Variables

testing

Variables

Functions

proto-sync

Interfaces

Variables

Functions

reflection

Interfaces

Functions

types

Interfaces

Type Aliases

Variables

types

Interfaces

Type Aliases

types

Interfaces

types

Interfaces

types

Interfaces

types

Interfaces

bulkhead

Functions

circuit-breaker

Functions

defaults

Interfaces

Functions

errorHandler

Functions

fallback

Functions

logger

Functions

method-filter

Functions

retry

Functions

serializer

Functions

timeout

Functions

attributes

Type Aliases

Variables

client-interceptor

Functions

interceptor

Functions

logger

Interfaces

Functions

meter

Functions

metrics

Interfaces

Functions

provider

Interfaces

Functions

shared

Interfaces

Functions

traceAll

Functions

traced

Functions

tracer

Functions

Interface: JwtAuthInterceptorOptions ​

Properties ​

algorithms? ​

audience? ​

Interface: JwtAuthInterceptorOptions

Properties

algorithms?

audience?

claimsMapping?

name?

roles?

scopes?

subject?

issuer?

jwksUri?

maxTokenAge?

propagateHeaders?

Default

publicKey?