Skip to content
Stoma

OAuth2Config

Defined in: packages/gateway/src/policies/auth/oauth2.ts:16

Configuration for the oauth2 policy.

Extends

Section titled “Extends”

Properties

Section titled “Properties”

cacheMaxEntries?

Section titled “cacheMaxEntries?”

optional cacheMaxEntries?: number

Defined in: packages/gateway/src/policies/auth/oauth2.ts:38

Maximum number of tokens to cache. Default: 100.

cacheTtlSeconds?

Section titled “cacheTtlSeconds?”

optional cacheTtlSeconds?: number

Defined in: packages/gateway/src/policies/auth/oauth2.ts:36

Cache introspection results for this many seconds. Default: 0 (no cache).

clientId?

Section titled “clientId?”

optional clientId?: string

Defined in: packages/gateway/src/policies/auth/oauth2.ts:20

Client ID for authenticating with the introspection endpoint.

clientSecret?

Section titled “clientSecret?”

optional clientSecret?: string

Defined in: packages/gateway/src/policies/auth/oauth2.ts:22

Client secret for authenticating with the introspection endpoint.

forwardTokenInfo?

Section titled “forwardTokenInfo?”

optional forwardTokenInfo?: Record<string, string>

Defined in: packages/gateway/src/policies/auth/oauth2.ts:34

Map introspection response fields to request headers. Only applies with introspection.

headerName?

Section titled “headerName?”

optional headerName?: string

Defined in: packages/gateway/src/policies/auth/oauth2.ts:28

Header name when tokenLocation is “header”. Default: “authorization”.

headerPrefix?

Section titled “headerPrefix?”

optional headerPrefix?: string

Defined in: packages/gateway/src/policies/auth/oauth2.ts:30

Prefix to strip from header value. Default: “Bearer”.

introspectionTimeoutMs?

Section titled “introspectionTimeoutMs?”

optional introspectionTimeoutMs?: number

Defined in: packages/gateway/src/policies/auth/oauth2.ts:42

Introspection endpoint fetch timeout in milliseconds. Default: 5000.

introspectionUrl?

Section titled “introspectionUrl?”

optional introspectionUrl?: string

Defined in: packages/gateway/src/policies/auth/oauth2.ts:18

OAuth2 token introspection endpoint (RFC 7662).

localValidate?

Section titled “localValidate?”

optional localValidate?: (token) => boolean | Promise<boolean>

Defined in: packages/gateway/src/policies/auth/oauth2.ts:24

Local validation function as alternative to introspection. Takes precedence if both provided.

Parameters

Section titled “Parameters”
token
Section titled “token”

string

Returns

Section titled “Returns”

boolean | Promise<boolean>

queryParam?

Section titled “queryParam?”

optional queryParam?: string

Defined in: packages/gateway/src/policies/auth/oauth2.ts:32

Query param name when tokenLocation is “query”. Default: “access_token”.

requiredScopes?

Section titled “requiredScopes?”

optional requiredScopes?: string[]

Defined in: packages/gateway/src/policies/auth/oauth2.ts:40

Required scopes - token must have ALL of these (space-separated scope string).

skip?

Section titled “skip?”

optional skip?: (c) => boolean | Promise<boolean>

Defined in: packages/gateway/src/policies/types.ts:90

Skip this policy when condition returns true

Parameters

Section titled “Parameters”
c
Section titled “c”

unknown

Returns

Section titled “Returns”

boolean | Promise<boolean>

Inherited from

Section titled “Inherited from”

PolicyConfig.skip

tokenLocation?

Section titled “tokenLocation?”

optional tokenLocation?: "query" | "header"

Defined in: packages/gateway/src/policies/auth/oauth2.ts:26

Where to look for the token. Default: “header”.