Interface AuthenticateOptions

Options used when authenticating a user via the Authorization Code flow.

interface AuthenticateOptions {
    codeVerifier?: string;
    fetchUserInfo?: boolean;
    filteredIdTokenClaims?: string[];
    idTokenClockSkew?: number;
    idTokenClockTolerance?: number;
    idTokenMaxAge?: number;
    idTokenNonce?: string;
    jwks?: Jwks;
    onSessionCreating?: OnSessionCreating;
    validateIdToken?: boolean;
}

Index

Properties

codeVerifier? fetchUserInfo? filteredIdTokenClaims? idTokenClockSkew? idTokenClockTolerance? idTokenMaxAge? idTokenNonce? jwks? onSessionCreating? validateIdToken?

Properties

`Optional`codeVerifier

codeVerifier?: string

PKCE code verifier associated with the authorization request.

`Optional`fetchUserInfo

fetchUserInfo?: boolean

When enabled, user profile data is fetched from the UserInfo endpoint and merged into the session user object.

Default Value

false

`Optional`filteredIdTokenClaims

filteredIdTokenClaims?: string[]

List of ID token claims to remove before storing the session.

`Optional`idTokenClockSkew

idTokenClockSkew?: number

Clock skew adjustment (in seconds) applied when validating ID token timestamps against the authorization server.

`Optional`idTokenClockTolerance

idTokenClockTolerance?: number

Additional allowed clock tolerance (in seconds) when validating time-based ID token claims such as exp, iat, and nbf.

`Optional`idTokenMaxAge

idTokenMaxAge?: number

Maximum allowed authentication age (in seconds) for the ID token.

`Optional`idTokenNonce

idTokenNonce?: string

Nonce value expected in the ID token. Used to prevent replay attacks.

`Optional`jwks

jwks?: Jwks

JSON Web Key Set used to validate the ID token signature.

If not provided, the JWKS is automatically fetched from the authorization server metadata.

`Optional`onSessionCreating

onSessionCreating?: OnSessionCreating

Callback invoked before a session is created or updated. Allows customization or enrichment of the session.

`Optional`validateIdToken

validateIdToken?: boolean

Determines whether the ID token signature and claims should be validated. Disabling validation is not recommended except for advanced or controlled environments.

Default Value

true

Interface AuthenticateOptions

Index

Properties

Properties

`Optional`codeVerifier

`Optional`fetchUserInfo

Default Value

`Optional`filteredIdTokenClaims

`Optional`idTokenClockSkew

`Optional`idTokenClockTolerance

`Optional`idTokenMaxAge

`Optional`idTokenNonce

`Optional`jwks

`Optional`onSessionCreating

`Optional`validateIdToken

Default Value

Settings

On This Page

Interface AuthenticateOptions

Index

Properties

Properties

OptionalcodeVerifier

OptionalfetchUserInfo

Default Value

OptionalfilteredIdTokenClaims

OptionalidTokenClockSkew

OptionalidTokenClockTolerance

OptionalidTokenMaxAge

OptionalidTokenNonce

Optionaljwks

OptionalonSessionCreating

OptionalvalidateIdToken

Default Value

Settings

On This Page

`Optional`codeVerifier

`Optional`fetchUserInfo

`Optional`filteredIdTokenClaims

`Optional`idTokenClockSkew

`Optional`idTokenClockTolerance

`Optional`idTokenMaxAge

`Optional`idTokenNonce

`Optional`jwks

`Optional`onSessionCreating

`Optional`validateIdToken