Skip to content
Stoma

JwtAuthConfig

Defined in: packages/gateway/src/policies/auth/jwt-auth.ts:19

Configuration for the jwtAuth policy.

Extends

Section titled “Extends”

Properties

Section titled “Properties”

audience?

Section titled “audience?”

optional audience?: string

Defined in: packages/gateway/src/policies/auth/jwt-auth.ts:27

Expected JWT audience

clockSkewSeconds?

Section titled “clockSkewSeconds?”

optional clockSkewSeconds?: number

Defined in: packages/gateway/src/policies/auth/jwt-auth.ts:39

Clock skew tolerance in seconds for expiry checks. Default: 0.

forwardClaims?

Section titled “forwardClaims?”

optional forwardClaims?: Record<string, string>

Defined in: packages/gateway/src/policies/auth/jwt-auth.ts:33

Claims to inject into request headers for upstream consumption

headerName?

Section titled “headerName?”

optional headerName?: string

Defined in: packages/gateway/src/policies/auth/jwt-auth.ts:29

Header to read the token from. Default: “Authorization”

issuer?

Section titled “issuer?”

optional issuer?: string

Defined in: packages/gateway/src/policies/auth/jwt-auth.ts:25

Expected JWT issuer

jwksCacheTtlMs?

Section titled “jwksCacheTtlMs?”

optional jwksCacheTtlMs?: number

Defined in: packages/gateway/src/policies/auth/jwt-auth.ts:35

JWKS cache TTL in milliseconds. Default: 300000 (5 minutes).

jwksTimeoutMs?

Section titled “jwksTimeoutMs?”

optional jwksTimeoutMs?: number

Defined in: packages/gateway/src/policies/auth/jwt-auth.ts:37

JWKS fetch timeout in milliseconds. Default: 10000 (10 seconds).

jwksUrl?

Section titled “jwksUrl?”

optional jwksUrl?: string

Defined in: packages/gateway/src/policies/auth/jwt-auth.ts:23

JWKS endpoint URL (e.g. Supabase, Auth0)

requireExp?

Section titled “requireExp?”

optional requireExp?: boolean

Defined in: packages/gateway/src/policies/auth/jwt-auth.ts:41

Require the exp claim to be present. Default: false.

secret?

Section titled “secret?”

optional secret?: string

Defined in: packages/gateway/src/policies/auth/jwt-auth.ts:21

JWT secret for HMAC verification

skip?

Section titled “skip?”

optional skip?: (c) => boolean | Promise<boolean>

Defined in: packages/gateway/src/policies/types.ts:90

Skip this policy when condition returns true

Parameters

Section titled “Parameters”
c
Section titled “c”

unknown

Returns

Section titled “Returns”

boolean | Promise<boolean>

Inherited from

Section titled “Inherited from”

PolicyConfig.skip

tokenPrefix?

Section titled “tokenPrefix?”

optional tokenPrefix?: string

Defined in: packages/gateway/src/policies/auth/jwt-auth.ts:31

Token prefix. Default: “Bearer”