Minimal interface for custom token verification.
Implement this to integrate non-OAuth auth (API keys, JWTs, custom tokens) into the framework's auth pipeline. Structurally compatible with the SDK's OAuthTokenVerifier.
OAuthTokenVerifier
const apiKeyVerifier: TokenVerifier = { verifyAccessToken: async (token) => { const user = await db.users.findByApiKey(token); if (!user) throw new Error('Invalid API key'); return { token, clientId: user.id, scopes: user.permissions }; },}; Copy
const apiKeyVerifier: TokenVerifier = { verifyAccessToken: async (token) => { const user = await db.users.findByApiKey(token); if (!user) throw new Error('Invalid API key'); return { token, clientId: user.id, scopes: user.permissions }; },};
Verify an access token and return auth information.
The bearer token from the Authorization header
Auth info with clientId, scopes, and optional expiry
If the token is invalid, expired, or revoked
Minimal interface for custom token verification.
Implement this to integrate non-OAuth auth (API keys, JWTs, custom tokens) into the framework's auth pipeline. Structurally compatible with the SDK's
OAuthTokenVerifier.Example