auth.provider API
    Preparing search index...

    Interface GrantDependencies

    interface GrantDependencies {
        config: {
            http: { port: number; trustProxy: boolean };
            oauth: {
                accessToken: { expiresIn: number };
                code?: { adapter?: "memory" | "redis" };
                grants: { [key: string]: unknown };
                jwt: {
                    issuer?: string;
                    legacyTypAccept?: boolean;
                    signingKey: {
                        local?:
                            | {
                                algorithm: "HS256";
                                kid: string;
                                previousSecrets?: { expiresAt: string; kid: string; secret: string }[];
                                secret?: string;
                            }
                            | {
                                algorithm: "RS256"
                                | "ES256"
                                | "EdDSA";
                                kid: string;
                                previousKeys?: {
                                    expiresAt: string;
                                    kid: string;
                                    publicKey?: (...) | (...);
                                    publicKeyPath?: (...) | (...);
                                }[];
                                privateKey?: string;
                                privateKeyPath?: string;
                                publicKey?: string;
                                publicKeyPath?: string;
                                [key: string]: unknown;
                            };
                        provider: string;
                        [key: string]: unknown;
                    };
                };
                nonce?: { maxLength: number };
                oidcMode: "oidc-required" | "dual";
                refreshToken: {
                    expiresIn: number;
                    legacyRtPolicy: "reject";
                    unknownFamilyPolicy: "accept" | "reject";
                };
                resourceIndicator?: { enabled: boolean };
                tokenExchange?: { maxActorChainDepth: number };
            };
        } & Record<string, unknown>;
        grantPolicy?: GrantPolicyHook;
        keyStore: KeyStore;
        logger?: Logger;
        pathResolver?: PathResolver;
        refreshTokenFamilyRevocation?: RefreshTokenFamilyRevocation;
        refreshTokenFamilyRotation?: RefreshTokenFamilyRotation;
        sessionFamilyIndex?: SessionFamilyIndex;
        sessionFederationIndex?: SessionFederationIndex;
        sessionRPRegistry?: SessionRPRegistry;
        userSessionStore?: UserSessionStore;
    }
    Index

    Properties

    config grantPolicy? keyStore logger? pathResolver? refreshTokenFamilyRevocation? refreshTokenFamilyRotation? sessionFamilyIndex? sessionFederationIndex? sessionRPRegistry? userSessionStore?

    Properties

    config: {
        http: { port: number; trustProxy: boolean };
        oauth: {
            accessToken: { expiresIn: number };
            code?: { adapter?: "memory" | "redis" };
            grants: { [key: string]: unknown };
            jwt: {
                issuer?: string;
                legacyTypAccept?: boolean;
                signingKey: {
                    local?:
                        | {
                            algorithm: "HS256";
                            kid: string;
                            previousSecrets?: { expiresAt: string; kid: string; secret: string }[];
                            secret?: string;
                        }
                        | {
                            algorithm: "RS256"
                            | "ES256"
                            | "EdDSA";
                            kid: string;
                            previousKeys?: {
                                expiresAt: string;
                                kid: string;
                                publicKey?: (...) | (...);
                                publicKeyPath?: (...) | (...);
                            }[];
                            privateKey?: string;
                            privateKeyPath?: string;
                            publicKey?: string;
                            publicKeyPath?: string;
                            [key: string]: unknown;
                        };
                    provider: string;
                    [key: string]: unknown;
                };
            };
            nonce?: { maxLength: number };
            oidcMode: "oidc-required" | "dual";
            refreshToken: {
                expiresIn: number;
                legacyRtPolicy: "reject";
                unknownFamilyPolicy: "accept" | "reject";
            };
            resourceIndicator?: { enabled: boolean };
            tokenExchange?: { maxActorChainDepth: number };
        };
    } & Record<string, unknown>
    grantPolicy?: GrantPolicyHook
    keyStore: KeyStore
    logger?: Logger

    Optional structured logger for security-relevant grant audit events (RT replay detection, unknown-family policy decisions, legacy-token acceptance). Falls back silently when absent so the grant factory remains usable from minimal test harnesses; production wires the logger slot per ComponentMap.logger declaration merge.

    pathResolver?: PathResolver
    refreshTokenFamilyRevocation?: RefreshTokenFamilyRevocation
    refreshTokenFamilyRotation?: RefreshTokenFamilyRotation
    sessionFamilyIndex?: SessionFamilyIndex
    sessionFederationIndex?: SessionFederationIndex
    sessionRPRegistry?: SessionRPRegistry
    userSessionStore?: UserSessionStore

    Settings

    Member Visibility

    On This Page

    Properties