JSPM

elysia-oauth2-resource-server

0.1.1
  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
    • 0
  • Score
    100M100P100Q16713F
  • License Apache-2.0

OAuth2 Resource Server middleware for Elysia

Package Exports

  • elysia-oauth2-resource-server
  • elysia-oauth2-resource-server/dist/index.js

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (elysia-oauth2-resource-server) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

elysia-oauth2-resource-server

OAuth2 Resource Server middleware for Elysia, providing local JWT validation against JWKS endpoints. Inspired by the tower-oauth2-resource-server crate for Rust.

NPM Version License

Features

  • Validates JWT tokens from OAuth2/OIDC providers
  • JWKS-based signature validation
  • Verifies issuer and audience claims
  • Validates token scopes for authorization

Installation

bun add elysia-oauth2-resource-server

Quick Start

import { Elysia } from "elysia";
import { oauth2ResourceServer } from "elysia-oauth2-resource-server"

const app = new Elysia()
    .use(oauth2ResourceServer({
        jwksUri: 'https://auth.example.com/.well-known/jwks.json',
        issuer: 'https://auth.example.com',
        audience: 'my-api',
        requiredScopes: ['read:users']
    }))
    .get('/users', ({ auth }) => {
        // auth contains the validated JWT payload
        return { userId: auth.sub }
    })
    .listen(3000);

console.log("Server is listening at http://localhost:3000");

API Reference

oauth2ResourceServer(options)

Creates an OAuth2 Resource Server middleware that validates JWTs against a JWKS endpoint.

Options

Option Type Required Description
jwksUri string Yes The URL to the JWKS endpoint (typically ends with /.well-known/jwks.json)
issuer string Yes The expected issuer claim value (must match the JWT's iss claim)
audience string | string[] No Expected audience(s) (must be included in the JWT's aud claim)
requiredScopes string[] No List of scopes that must be present in the token
jwksOptions object No Options for JWKS retrieval and caching
jwksOptions.cacheMaxAge number No Max age of cached JWKS in milliseconds
jwksOptions.timeoutDuration number No Timeout for JWKS request in milliseconds

Returns

Adds an auth property to the request context, which contains the validated JWT payload.