MonoCloud Authentication SDK
    Preparing search index...

    Interface MonoCloudBackendNodeClientOptions

    Configuration options for the MonoCloudBackendNodeClient.

    Configuration values can be provided using either:

    • Constructor options - passed when creating the client instance.
    • Environment variables - using MONOCLOUD_BACKEND_* variables.

    When both are provided, constructor options override environment variables.

    Environment Variable Description
    MONOCLOUD_BACKEND_TENANT_DOMAIN The domain of your MonoCloud tenant (for example, https://your-tenant.us.monocloud.com).
    MONOCLOUD_BACKEND_AUDIENCE The expected audience for access token validation (for example, https://api.example.com).
    Environment Variable Description
    MONOCLOUD_BACKEND_CLIENT_ID Unique identifier for your application/client.
    MONOCLOUD_BACKEND_CLIENT_SECRET Application/client secret used for authentication.
    MONOCLOUD_BACKEND_CLIENT_AUTH_METHOD Client authentication method (for example, client_secret_basic, client_secret_post, client_secret_jwt, private_key_jwt, tls_client_auth, self_signed_tls_client_auth).
    Environment Variable Description
    MONOCLOUD_BACKEND_CLOCK_SKEW Allowed clock drift (in seconds) when validating token timestamps.
    MONOCLOUD_BACKEND_CLOCK_TOLERANCE Additional time tolerance (in seconds) for time-based claim validation.
    MONOCLOUD_BACKEND_INTROSPECT_JWT_TOKENS When true, JWT tokens are introspected at the server instead of being validated locally.
    Environment Variable Description
    MONOCLOUD_BACKEND_GROUPS_CLAIM The claim name in the token that contains group memberships.
    MONOCLOUD_BACKEND_GROUPS_MATCH_ALL When true, requires the token to contain all specified groups.
    Environment Variable Description
    MONOCLOUD_BACKEND_JWKS_CACHE_DURATION Duration (in seconds) to cache the JSON Web Key Set (JWKS) used to verify tokens.
    MONOCLOUD_BACKEND_METADATA_CACHE_DURATION Duration (in seconds) to cache the OpenID Connect discovery metadata.
    interface MonoCloudBackendNodeClientOptions {
        audience: string;
        cache?: ICache;
        clientAuthMethod?: ClientAuthMethod;
        clientId?: string;
        clientSecret?: string | Jwk;
        clockSkew?: number;
        clockTolerance?: number;
        fetcher?: {
            (input: URL | RequestInfo, init?: RequestInit): Promise<Response>;
            (input: string | URL | Request, init?: RequestInit): Promise<Response>;
        };
        groupOptions?: IsUserInGroupOptions;
        introspectJwtTokens?: boolean;
        jwksCacheDuration?: number;
        metadataCacheDuration?: number;
        tenantDomain: string;
    }

    Hierarchy

    Index
    audience cache? clientAuthMethod? clientId? clientSecret? clockSkew? clockTolerance? fetcher? groupOptions? introspectJwtTokens? jwksCacheDuration? metadataCacheDuration? tenantDomain
    audience: string

    The expected audience URI for access token validation (e.g. https://api.example.com).

    cache?: ICache

    Optional cache implementation for storing validated access token claims.

    clientAuthMethod?: ClientAuthMethod

    Client authentication method used when communicating with the token endpoint.

    'client_secret_basic'
    clientId?: string

    Client identifier of the application registered in MonoCloud.

    clientSecret?: string | Jwk

    Client secret or key material used for client authentication.

    When clientAuthMethod is client_secret_jwt and a plain-text secret is provided, the default signing algorithm is HS256.

    To use a different algorithm, provide a symmetric JSON Web Key (JWK) (kty: "oct") with the desired algorithm specified in its alg property.

    clockSkew?: number

    Number of seconds to adjust the current time to account for clock differences.

    0
    clockTolerance?: number

    Additional time tolerance in seconds for time-based claim validation.

    300
    fetcher?: {
        (input: URL | RequestInfo, init?: RequestInit): Promise<Response>;
        (input: string | URL | Request, init?: RequestInit): Promise<Response>;
    }

    Optional custom fetch implementation used for network requests.

    Type Declaration

      • (input: URL | RequestInfo, init?: RequestInit): Promise<Response>

      • MDN Reference

        Parameters

        • input: URL | RequestInfo
        • Optionalinit: RequestInit

        Returns Promise<Response>

      • (input: string | URL | Request, init?: RequestInit): Promise<Response>

      • MDN Reference

        Parameters

        • input: string | URL | Request
        • Optionalinit: RequestInit

        Returns Promise<Response>

    groupOptions?: IsUserInGroupOptions

    Options for group membership validation applied to all token validations performed by this client.

    introspectJwtTokens?: boolean

    When true, JWT access tokens are introspected instead of locally validated.

    This skips JWT signature/header/payload checks and always uses the introspection endpoint.

    false
    jwksCacheDuration?: number

    Duration (in seconds) to cache the JSON Web Key Set (JWKS) retrieved from the authorization server.

    300
    metadataCacheDuration?: number

    Duration (in seconds) to cache OpenID Connect discovery metadata.

    300
    tenantDomain: string

    The MonoCloud tenant domain URL (e.g. https://example.monocloud.dev).

    Settings

    On This Page

    audiencecacheclientAuthMethodclientIdclientSecretclockSkewclockTolerancefetchergroupOptionsintrospectJwtTokensjwksCacheDurationmetadataCacheDurationtenantDomain