Class BackendAuthClient<DatabaseUser, UserId, AssumedUserParams, CsrfHeaderName>

An auth client for creating and validating JWTs embedded in cookies. This should only be used in a backend environment as it accesses native Node packages.

Type Parameters

DatabaseUser extends AnyObject
UserId extends string | number
AssumedUserParams extends AnyObject = EmptyObject
CsrfHeaderName extends string = CsrfToken

Index

Constructors

constructor

new BackendAuthClient<
    DatabaseUser extends AnyObject,
    UserId extends string | number,
    AssumedUserParams extends AnyObject = EmptyObject,
    CsrfHeaderName extends string = CsrfToken,
>(
    config: BackendAuthClientConfig<
        DatabaseUser,
        UserId,
        AssumedUserParams,
        CsrfHeaderName,
    >,
): BackendAuthClient<
    DatabaseUser,
    UserId,
    AssumedUserParams,
    CsrfHeaderName,
>
Type Parameters
- DatabaseUser extends AnyObject
- UserId extends string | number
- AssumedUserParams extends AnyObject = EmptyObject
- CsrfHeaderName extends string = CsrfToken
Parameters
- config: BackendAuthClientConfig<DatabaseUser, UserId, AssumedUserParams, CsrfHeaderName>
Returns BackendAuthClient<DatabaseUser, UserId, AssumedUserParams, CsrfHeaderName>
- Defined in packages/auth-vir/src/auth-client/backend-auth.client.ts:166

Properties

`Protected`cachedParsedJwtKeys

cachedParsedJwtKeys: Record<string, Readonly<JwtKeys>> = {}

`Protected` `Readonly`config

config: BackendAuthClientConfig<
    DatabaseUser,
    UserId,
    AssumedUserParams,
    CsrfHeaderName,
>

Methods

`Protected`createCookieRefreshHeaders

createCookieRefreshHeaders(
    __namedParameters: {
        requestHeaders: IncomingHttpHeaders;
        userIdResult: Readonly<UserIdResult<UserId>>;
    },
): Promise<OutgoingHttpHeaders | undefined>
Creates a 'cookie-set' header to refresh the user's session cookie.
Parameters
- __namedParameters: {
  requestHeaders: IncomingHttpHeaders;
  userIdResult: Readonly<UserIdResult<UserId>>;
  }
Returns Promise<OutgoingHttpHeaders | undefined>
- Defined in packages/auth-vir/src/auth-client/backend-auth.client.ts:230

createLoginHeaders

createLoginHeaders(
    __namedParameters: {
        isSignUpCookie: boolean;
        requestHeaders: IncomingHttpHeaders;
        userId: UserId;
    },
): Promise<OutgoingHttpHeaders>
Use these headers to log a user in.
Parameters
- __namedParameters: { isSignUpCookie: boolean; requestHeaders: IncomingHttpHeaders; userId: UserId }
Returns Promise<OutgoingHttpHeaders>
- Defined in packages/auth-vir/src/auth-client/backend-auth.client.ts:452

createLogoutHeaders

createLogoutHeaders(
    params: Readonly<
        _RequireExactlyOne<
            { allCookies: true; isSignUpCookie: boolean },
            "allCookies" | "isSignUpCookie",
        > & { serviceOrigin?: string },
    >,
): Promise<
    Partial<Record<CsrfHeaderName, string>> & { "set-cookie": string[] },
>
Use these headers to log out the user.
Parameters
- params: Readonly<
      _RequireExactlyOne<
          { allCookies: true; isSignUpCookie: boolean },
          "allCookies" | "isSignUpCookie",
      > & { serviceOrigin?: string },
  >
Returns Promise<Partial<Record<CsrfHeaderName, string>> & { "set-cookie": string[] }>
- Defined in packages/auth-vir/src/auth-client/backend-auth.client.ts:396

`Protected`getAssumedUser

getAssumedUser(
__namedParameters: { headers: IncomingHttpHeaders; user: DatabaseUser },
): Promise<DatabaseUser | undefined>
Reads the user's assumed user headers and, if configured, gets the assumed user.
Parameters
- __namedParameters: { headers: IncomingHttpHeaders; user: DatabaseUser }
Returns Promise<DatabaseUser | undefined>
- Defined in packages/auth-vir/src/auth-client/backend-auth.client.ts:284

`Protected`getCookieParams

getCookieParams(
    __namedParameters: {
        isSignUpCookie: boolean;
        requestHeaders: Readonly<IncomingHttpHeaders> | undefined;
    },
): Promise<Readonly<CookieParams>>
Get all the parameters used for cookie generation.
Parameters
- __namedParameters: {
  isSignUpCookie: boolean;
  requestHeaders: Readonly<IncomingHttpHeaders> | undefined;
  }
  - isSignUpCookie: boolean
    Set this to true when we are setting the initial cookie right after a user signs up. This allows them to auto-authorize when they verify their email address.
    
    This should only be set to true when a new user is signing up.
  - requestHeaders: Readonly<IncomingHttpHeaders> | undefined
Returns Promise<Readonly<CookieParams>>
- Defined in packages/auth-vir/src/auth-client/backend-auth.client.ts:176

`Protected`getDatabaseUser

getDatabaseUser(
    __namedParameters: {
        assumingUser: AssumedUserParams | undefined;
        isSignUpCookie: boolean;
        userId: UserId | undefined;
    },
): Promise<DatabaseUser | undefined>
Calls the provided getUserFromDatabase config.
Parameters
- __namedParameters: {
      assumingUser: AssumedUserParams | undefined;
      isSignUpCookie: boolean;
      userId: UserId | undefined;
  }
Returns Promise<DatabaseUser | undefined>
- Defined in packages/auth-vir/src/auth-client/backend-auth.client.ts:203

getInsecureOrSecureUser

getInsecureOrSecureUser(
    params: {
        allowUserAuthRefresh: boolean;
        isSignUpCookie: boolean;
        requestHeaders: IncomingHttpHeaders;
        serviceOrigin?: string;
    },
): Promise<
    _RequireOneOrNone<
        {
            insecureUser: GetUserResult<DatabaseUser>;
            secureUser: GetUserResult<DatabaseUser>;
        },
        "secureUser"
        | "insecureUser",
    >,
>
Combines .getInsecureUser() and .getSecureUser() into one method.
Parameters
- params: {
      allowUserAuthRefresh: boolean;
      isSignUpCookie: boolean;
      requestHeaders: IncomingHttpHeaders;
      serviceOrigin?: string;
  }
  - allowUserAuthRefresh: boolean
    If true, this method will generate headers to refresh the user's auth session. This should likely only be done with a specific endpoint, like whatever endpoint you trigger with the frontend auth client's checkUser.performCheck callback.
  - isSignUpCookie: boolean
  - requestHeaders: IncomingHttpHeaders
  - OptionalserviceOrigin?: string
    Overrides the client's already established serviceOrigin.
Returns Promise<
    _RequireOneOrNone<
        {
            insecureUser: GetUserResult<DatabaseUser>;
            secureUser: GetUserResult<DatabaseUser>;
        },
        "secureUser"
        | "insecureUser",
    >,
>
- Defined in packages/auth-vir/src/auth-client/backend-auth.client.ts:498

getInsecureUser

getInsecureUser(
    __namedParameters: {
        allowUserAuthRefresh: boolean;
        requestHeaders: IncomingHttpHeaders;
    },
): Promise<GetUserResult<DatabaseUser> | undefined>
Parameters
- __namedParameters: { allowUserAuthRefresh: boolean; requestHeaders: IncomingHttpHeaders }
  - allowUserAuthRefresh: boolean
    If true, this method will generate headers to refresh the user's auth session. This should likely only be done with a specific endpoint, like whatever endpoint you trigger with the frontend auth client's checkUser.performCheck callback.
  - requestHeaders: IncomingHttpHeaders
Returns Promise<GetUserResult<DatabaseUser> | undefined>
Deprecated
This only half authenticates the user. It should only be used in circumstances where JavaScript cannot be used to attach the CSRF token header to the request (like when opening a PDF file). Use .getSecureUser() instead, whenever possible.
- Defined in packages/auth-vir/src/auth-client/backend-auth.client.ts:538

getJwtParams

getJwtParams(): Promise<Readonly<CreateJwtParams>>
Get all the JWT params used when creating the auth cookie, in case you need them for something else too.

Returns Promise<Readonly<CreateJwtParams>>
- Defined in packages/auth-vir/src/auth-client/backend-auth.client.ts:376

getSecureUser

getSecureUser(
    __namedParameters: {
        allowUserAuthRefresh: boolean;
        isSignUpCookie: boolean;
        requestHeaders: IncomingHttpHeaders;
    },
): Promise<GetUserResult<DatabaseUser> | undefined>
Securely extract a user from their request headers.
Parameters
- __namedParameters: {
      allowUserAuthRefresh: boolean;
      isSignUpCookie: boolean;
      requestHeaders: IncomingHttpHeaders;
  }
  - allowUserAuthRefresh: boolean
    If true, this method will generate headers to refresh the user's auth session. This should likely only be done with a specific endpoint, like whatever endpoint you trigger with the frontend auth client's checkUser.performCheck callback.
  - isSignUpCookie: boolean
  - requestHeaders: IncomingHttpHeaders
Returns Promise<GetUserResult<DatabaseUser> | undefined>
- Defined in packages/auth-vir/src/auth-client/backend-auth.client.ts:320

Class BackendAuthClient<DatabaseUser, UserId, AssumedUserParams, CsrfHeaderName>

Type Parameters

Index

Constructors

Properties

Methods

Constructors

constructor

Type Parameters

Parameters

Returns BackendAuthClient<DatabaseUser, UserId, AssumedUserParams, CsrfHeaderName>

Properties

ProtectedcachedParsedJwtKeys

Protected Readonlyconfig

Methods

ProtectedcreateCookieRefreshHeaders

Parameters

Returns Promise<OutgoingHttpHeaders | undefined>

createLoginHeaders

Parameters

Returns Promise<OutgoingHttpHeaders>

createLogoutHeaders

Parameters

Returns Promise<Partial<Record<CsrfHeaderName, string>> & { "set-cookie": string[] }>

ProtectedgetAssumedUser

Parameters

Returns Promise<DatabaseUser | undefined>

ProtectedgetCookieParams

Parameters

isSignUpCookie: boolean

requestHeaders: Readonly<IncomingHttpHeaders> | undefined

Returns Promise<Readonly<CookieParams>>

ProtectedgetDatabaseUser

Parameters

Returns Promise<DatabaseUser | undefined>

getInsecureOrSecureUser

Parameters

allowUserAuthRefresh: boolean

isSignUpCookie: boolean

requestHeaders: IncomingHttpHeaders

OptionalserviceOrigin?: string

Returns Promise< _RequireOneOrNone< { insecureUser: GetUserResult<DatabaseUser>; secureUser: GetUserResult<DatabaseUser>; }, "secureUser" | "insecureUser", >,>

getInsecureUser

Parameters

allowUserAuthRefresh: boolean

requestHeaders: IncomingHttpHeaders

Returns Promise<GetUserResult<DatabaseUser> | undefined>

Deprecated

getJwtParams

Returns Promise<Readonly<CreateJwtParams>>

getSecureUser

Parameters

allowUserAuthRefresh: boolean

isSignUpCookie: boolean

requestHeaders: IncomingHttpHeaders

Returns Promise<GetUserResult<DatabaseUser> | undefined>

Settings

On This Page

`Protected`cachedParsedJwtKeys

`Protected` `Readonly`config

`Protected`createCookieRefreshHeaders

`Protected`getAssumedUser

`Protected`getCookieParams

`Protected`getDatabaseUser

`Optional`serviceOrigin?: string

Returns Promise<
_RequireOneOrNone<
{
insecureUser: GetUserResult<DatabaseUser>;
secureUser: GetUserResult<DatabaseUser>;
},
"secureUser"
| "insecureUser",
>,
>