/** * * * This module contains functions and types * to encode and decode {@link https://authjs.dev/concepts/session-strategies#jwt JWT}s * issued and used by Auth.js. * * The JWT issued by Auth.js is _encrypted by default_, using the _A256GCM_ algorithm ({@link https://www.rfc-editor.org/rfc/rfc7516 JWE}). * It uses the `AUTH_SECRET` environment variable to derive a sufficient encryption key. * * :::info Note * Auth.js JWTs are meant to be used by the same app that issued them. * If you need JWT authentication for your third-party API, you should rely on your Identity Provider instead. * ::: * * ## Installation * * ```bash npm2yarn2pnpm * npm install @auth/core * ``` * * You can then import this submodule from `@auth/core/jwt`. * * ## Usage * * :::warning Warning * This module *will* be refactored/changed. We do not recommend relying on it right now. * ::: * * * ## Resources * * - [What is a JWT session strategy](https://authjs.dev/concepts/session-strategies#jwt) * - [RFC7519 - JSON Web Token (JWT)](https://www.rfc-editor.org/rfc/rfc7519) * * @module jwt */ import { Awaitable } from "./types.js"; import type { LoggerInstance } from "./lib/utils/logger.js"; /** Issues a JWT. By default, the JWT is encrypted using "A256GCM". */ export declare function encode(params: JWTEncodeParams): Promise; /** Decodes a Auth.js issued JWT. */ export declare function decode(params: JWTDecodeParams): Promise; export interface GetTokenParams { /** The request containing the JWT either in the cookies or in the `Authorization` header. */ req: Request | { cookies: Record; headers: Record; }; /** * Use secure prefix for cookie name, unless URL in `NEXTAUTH_URL` is http:// * or not set (e.g. development or test instance) case use unprefixed name */ secureCookie?: boolean; /** If the JWT is in the cookie, what name `getToken()` should look for. */ cookieName?: string; /** * `getToken()` will return the raw JWT if this is set to `true` * * @default false */ raw?: R; /** * The same `secret` used in the `NextAuth` configuration. * Defaults to the `AUTH_SECRET` environment variable. */ secret?: string; decode?: JWTOptions["decode"]; logger?: LoggerInstance | Console; } /** * Takes an Auth.js request (`req`) and returns either the Auth.js issued JWT's payload, * or the raw JWT string. We look for the JWT in the either the cookies, or the `Authorization` header. * [Documentation](https://authjs.dev/guides/basics/securing-pages-and-api-routes#using-gettoken) */ export declare function getToken(params: GetTokenParams): Promise; export interface DefaultJWT extends Record { name?: string | null; email?: string | null; picture?: string | null; sub?: string; } /** * Returned by the `jwt` callback and `getToken`, when using JWT sessions * * [`jwt` callback](https://next-auth.js.org/configuration/callbacks#jwt-callback) | [`getToken`](https://next-auth.js.org/tutorials/securing-pages-and-api-routes#using-gettoken) */ export interface JWT extends Record, DefaultJWT { } export interface JWTEncodeParams { /** The JWT payload. */ token?: Payload; /** The secret used to encode the Auth.js issued JWT. */ secret: string; /** * The maximum age of the Auth.js issued JWT in seconds. * * @default 30 * 24 * 60 * 60 // 30 days */ maxAge?: number; } export interface JWTDecodeParams { /** The Auth.js issued JWT to be decoded */ token?: string; /** The secret used to decode the Auth.js issued JWT. */ secret: string; } export interface JWTOptions { /** * The secret used to encode/decode the Auth.js issued JWT. * * @deprecated Set the `AUTH_SECRET` environment variable or * use the top-level `secret` option instead */ secret: string; /** * The maximum age of the Auth.js issued JWT in seconds. * * @default 30 * 24 * 60 * 60 // 30 days */ maxAge: number; /** Override this method to control the Auth.js issued JWT encoding. */ encode: (params: JWTEncodeParams) => Awaitable; /** Override this method to control the Auth.js issued JWT decoding. */ decode: (params: JWTDecodeParams) => Awaitable; } //# sourceMappingURL=jwt.d.ts.map