UNPKG

@wristband/express-auth

Version:

SDK for integrating your ExpressJS application with Wristband. Handles user authentication, session management, and token management.

wristband.dev

wristband-dev/express-auth

72 lines (71 loc) 2.59 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
import type { JWTPayload } from '@wristband/typescript-jwt'; /** * JWT type augmentation for Express. * * Import this module to enable TypeScript support for `req.auth` when using JWT authentication strategy. * This augments the Express Request type to include the decoded JWT payload and bearer token. * * @example * ```typescript * // At the top of your wristband.ts setup file * import '@wristband/express-auth/jwt'; * * // In your route handlers protected by JWT auth middleware * app.get('/api/orders', requireAuth, (req, res) => { * // req.auth is always defined after requireAuth middleware * const userId = req.auth.sub; * const tenantId = req.auth.tnt_id; * const token = req.auth.jwt; * * // Validate required claims * if (!userId || !tenantId) { * return res.status(401).json({ error: 'Invalid token' }); * } * * res.json({ userId, tenantId }); * }); * ``` */ declare module 'express-serve-static-core' { interface Request { /** * Decoded JWT payload and bearer token. * * Always defined as an object (initialized by auth middleware). In routes protected by JWT * authentication middleware, this contains the decoded JWT claims and the bearer token string. * In unprotected routes or before authentication, this will be an empty object. * * **Standard JWT Claims** (all optional): * - `sub` - Subject identifier (typically user ID) * - `iss` - Issuer (who created the token) * - `aud` - Audience (who the token is intended for) * - `exp` - Expiration time (Unix timestamp) * - `iat` - Issued at time (Unix timestamp) * - `jti` - JWT ID (unique identifier) * * **Wristband-Specific Claims**: * - `tnt_id` - Tenant ID * - `app_id` - Application ID * - `idp_name` - Identity provider name * * **Additional Properties**: * - `jwt` - The bearer token string (only present after successful JWT authentication) * - Any custom claims included in your JWT * * @see https://github.com/wristband-dev/express-auth#jwt-authentication * * @example * ```typescript * // Accessing claims in a protected route * if (!req.auth.sub) { * return res.status(401).json({ error: 'Missing user ID' }); * } * const userId: string = req.auth.sub; * ``` */ auth: JWTPayload & { jwt?: string; }; } } export {};