Connectum API Reference / @connectum/auth / JwtAuthInterceptorOptions
Interface: JwtAuthInterceptorOptions
Defined in: packages/auth/src/types.ts:164
JWT auth interceptor options
Properties
algorithms?
optionalalgorithms:string[]
Defined in: packages/auth/src/types.ts:210
Allowed algorithms
audience?
optionalaudience:string|string[]
Defined in: packages/auth/src/types.ts:208
Expected audience(s)
claimsMapping?
optionalclaimsMapping:object
Defined in: packages/auth/src/types.ts:215
Mapping from JWT claims to AuthContext fields. Supports dot-notation paths (e.g., "realm_access.roles").
name?
optionalname:string
roles?
optionalroles:string
scopes?
optionalscopes:string
subject?
optionalsubject:string
issuer?
optionalissuer:string|string[]
Defined in: packages/auth/src/types.ts:206
Expected issuer(s)
jwksUri?
optionaljwksUri:string
Defined in: packages/auth/src/types.ts:166
JWKS endpoint URL for remote key set
maxTokenAge?
optionalmaxTokenAge:string|number
Defined in: packages/auth/src/types.ts:228
Maximum token age. Passed to jose jwtVerify options. Number (seconds) or string (e.g., "2h", "7d").
propagateHeaders?
optionalpropagateHeaders:boolean
Defined in: packages/auth/src/types.ts:238
Propagate auth context as headers for downstream services.
Default
falsepublicKey?
optionalpublicKey:CryptoKey
Defined in: packages/auth/src/types.ts:204
Asymmetric public key for JWT signature verification.
Supported algorithms:
- RSA: RS256, RS384, RS512
- RSA-PSS: PS256, PS384, PS512
- EC (ECDSA): ES256, ES384, ES512
- EdDSA: Ed25519, Ed448
Import a PEM-encoded key via Web Crypto API:
Examples
const rsaKey = await crypto.subtle.importKey(
"spki",
pemToArrayBuffer(rsaPem),
{ name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" },
true,
["verify"],
);const ecKey = await crypto.subtle.importKey(
"spki",
pemToArrayBuffer(ecPem),
{ name: "ECDSA", namedCurve: "P-256" },
true,
["verify"],
);See
secret?
optionalsecret:string
Defined in: packages/auth/src/types.ts:168
HMAC symmetric secret (for HS256/HS384/HS512)
skipMethods?
optionalskipMethods:string[]
Defined in: packages/auth/src/types.ts:233
Methods to skip authentication for.
Default
[]