Appearance

Connectum API Reference / @connectum/auth / JwtAuthInterceptorOptions

Interface: JwtAuthInterceptorOptions ​

Defined in: packages/auth/src/types.ts:164

JWT auth interceptor options

Properties ​

algorithms? ​

optional algorithms?: string[]

Defined in: packages/auth/src/types.ts:210

Allowed algorithms

audience? ​

optional audience?: string | string[]

Defined in: packages/auth/src/types.ts:208

Expected audience(s)

claimsMapping? ​

optional claimsMapping?: object

Defined in: packages/auth/src/types.ts:215

Mapping from JWT claims to AuthContext fields. Supports dot-notation paths (e.g., "realm_access.roles").

name? ​

optional name?: string

roles? ​

optional roles?: string

scopes? ​

optional scopes?: string

subject? ​

optional subject?: string

issuer? ​

optional issuer?: string | string[]

Defined in: packages/auth/src/types.ts:206

Expected issuer(s)

jwksUri? ​

optional jwksUri?: string

Defined in: packages/auth/src/types.ts:166

JWKS endpoint URL for remote key set

maxTokenAge? ​

optional maxTokenAge?: string | number

Defined in: packages/auth/src/types.ts:228

Maximum token age. Passed to jose jwtVerify options. Number (seconds) or string (e.g., "2h", "7d").

propagateHeaders? ​

optional propagateHeaders?: boolean

Defined in: packages/auth/src/types.ts:238

Propagate auth context as headers for downstream services.

Default ​

ts
false

publicKey? ​

optional publicKey?: CryptoKey

Defined in: packages/auth/src/types.ts:204

Asymmetric public key for JWT signature verification.

Supported algorithms:

  • RSA: RS256, RS384, RS512
  • RSA-PSS: PS256, PS384, PS512
  • EC (ECDSA): ES256, ES384, ES512
  • EdDSA: Ed25519, Ed448

Import a PEM-encoded key via Web Crypto API:

Examples ​

RSA public key

typescript
const rsaKey = await crypto.subtle.importKey(
  "spki",
  pemToArrayBuffer(rsaPem),
  { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" },
  true,
  ["verify"],
);

EC public key

typescript
const ecKey = await crypto.subtle.importKey(
  "spki",
  pemToArrayBuffer(ecPem),
  { name: "ECDSA", namedCurve: "P-256" },
  true,
  ["verify"],
);

See ​

jose CryptoKey documentation

secret? ​

optional secret?: string

Defined in: packages/auth/src/types.ts:168

HMAC symmetric secret (for HS256/HS384/HS512)

skipMethods? ​

optional skipMethods?: string[]

Defined in: packages/auth/src/types.ts:233

Methods to skip authentication for.

Default ​

ts
[]