OptionaladditionalOptionalalgorithmsA list of accepted JWS "alg" (Algorithm) Header Parameter values. By default all "alg" (Algorithm) values applicable for the used key/secret are allowed.
Unsecured JWTs ({ "alg": "none" }) are never accepted by this API.
OptionalaudienceExpected JWT "aud" (Audience) Claim value(s).
This option makes the JWT "aud" (Audience) Claim presence required.
OptionalclockClock skew tolerance
Used when validating the JWT "nbf" (Not Before) and "exp" (Expiration Time) claims, and when
validating the "iat" (Issued At) claim if the maxTokenAge option is set.
OptionalcritAn object with keys representing recognized "crit" (Critical) Header Parameter names. The value
for those is either true or false. true when the Header Parameter MUST be integrity
protected, false when it's irrelevant.
This makes the "Extension Header Parameter "..." is not recognized" error go away.
Use this when a given JWS/JWT/JWE profile requires the use of proprietary non-registered "crit" (Critical) Header Parameters. This will only make sure the Header Parameter is syntactically correct when provided and that it is optionally integrity protected. It will not process the Header Parameter in any way or reject the operation if it is missing. You MUST still verify the Header Parameter was present and process it according to the profile's validation steps after the operation succeeds.
The JWS extension Header Parameter b64 is always recognized and processed properly. No other
registered Header Parameters that need this kind of default built-in treatment are currently
available.
OptionalcurrentDate to use when comparing NumericDate claims, defaults to new Date().
OptionaldiscoveryOptionalgetA function for getting the JWT from the request. By default, the JWT is pulled from the auth header.
OptionalissuerExpected JWT "iss" (Issuer) Claim value(s).
This option makes the JWT "iss" (Issuer) Claim presence required.
OptionalkeyOptionalmaxMaximum time elapsed (in seconds) from the JWT "iat" (Issued At) Claim value.
This option makes the JWT "iat" (Issued At) Claim presence required.
OptionalrequiredArray of required Claim Names that must be present in the JWT Claims Set. Default is that: if
the issuer option is set, then JWT "iss" (Issuer) Claim must be present; if the
audience option is set, then JWT "aud" (Audience) Claim must be present; if
the subject option is set, then JWT "sub" (Subject) Claim must be present; if
the maxTokenAge option is set, then JWT "iat" (Issued At) Claim must be
present.
A required schema for the Payload you will be validating
OptionalsubjectExpected JWT "sub" (Subject) Claim value.
This option makes the JWT "sub" (Subject) Claim presence required.
OptionaltransformerThe function that you will use for manipulating the JWT you are authenticating.
OptionaltypExpected JWT "typ" (Type) Header Parameter value.
This option makes the JWT "typ" (Type) Header Parameter presence required.
OptionalvalidateBoolean used to signify if we want to validate the jwt if true, or just decode it if false.
An optional array of functions that will also be used to validate the JWT.