Connectum API Reference / @connectum/auth / AuthInterceptorOptions

Interface: AuthInterceptorOptions

Defined in: packages/auth/src/types.ts:115

Generic auth interceptor options

Properties

cache?

optional cache: CacheOptions

Defined in: packages/auth/src/types.ts:151

LRU cache for credentials verification results. Caches AuthContext by credential string to reduce verification overhead.

---

extractCredentials()?

optional extractCredentials: (req) => string | Promise<string | null> | null

Defined in: packages/auth/src/types.ts:123

Extract credentials from request. Default: extracts Bearer token from Authorization header.

Parameters

req

Request with headers

header

Headers

Returns

string | Promise<string | null> | null

Credential string or null if no credentials found

---

propagatedClaims?

optional propagatedClaims: string[]

Defined in: packages/auth/src/types.ts:158

Filter which claims are propagated in headers (SEC-001). When set, only listed claim keys are included in x-auth-claims header. When not set, all claims are propagated.

---

propagateHeaders?

optional propagateHeaders: boolean

Defined in: packages/auth/src/types.ts:145

Propagate auth context as headers for downstream services.

Default

false

---

skipMethods?

optional skipMethods: string[]

Defined in: packages/auth/src/types.ts:139

Methods to skip authentication for. Patterns: "Service/Method" or "Service/*"

Default

[] (health and reflection methods are NOT auto-skipped)

---

verifyCredentials()

verifyCredentials: (credentials) => AuthContext | Promise<AuthContext>

Defined in: packages/auth/src/types.ts:132

Verify credentials and return auth context. REQUIRED. Must throw on invalid credentials.

Parameters

credentials

string

Extracted credential string

Returns

AuthContext | Promise<AuthContext>

AuthContext for valid credentials