Skip to content

Configuration

INFO

The default configuration is great for most users. You might not need to tweak anything here.

The authorization server has a few optional settings with the following default values;

ts
type AuthorizationServerOptions = {
  requiresPKCE: true;
  requiresS256: false;
  notBeforeLeeway: 0;
  tokenCID: "id" | "name";
  issuer: undefined;
}
OptionTypeDefaultDetails
requiresPKCEbooleantruePKCE is enabled by default and recommended for all users. To support a legacy client without PKCE, disable this option. [Learn more]
requiresS256booleantrueDisabled by default. If you want to require all clients to use S256, you can enable that here. [Learn more]
notBeforeLeewaynumber0Implementers MAY provide for some small leeway, usually no more than a few minutes, to account for clock skew. Its value MUST be a number containing a NumericDate value.
tokenCID"id" or "name""id"Sets the JWT accessToken.cid to either the client.id or client.name.

In 3.x the default is "id", in v2.x the default was "name". [Learn more]
issuerstring | undefinedundefinedSets the JWT accessToken.iss to this value.

To configure these options, pass the value in as the last argument:

typescript
const authorizationServer = new AuthorizationServer(
  clientRepository,
  accessTokenRepository,
  scopeRepository,
  new JwtService("secret-key"),
  {
    issuer: "auth.example.com",
  }
);

Released under the MIT License.