Interface BearerAuthMiddlewareOptions

interface BearerAuthMiddlewareOptions {
    requiredScopes?: string[];
    resourceMetadataUrl?: string;
    verifier: OAuthTokenVerifier;
}

Properties

requiredScopes?: string[]

Optional scopes that the token must have. When any are missing the middleware responds with 403 insufficient_scope.

resourceMetadataUrl?: string

Optional Protected Resource Metadata URL to advertise in the WWW-Authenticate header on 401/403 responses, per RFC 9728.

Typically built with getOAuthProtectedResourceMetadataUrl.

A verifier used to validate access tokens.