Module

x/jose/index.ts>JWTClaimVerificationOptions

JWA, JWS, JWE, JWT, JWK, JWKS for Node.js, Browser, Cloudflare Workers, Deno, Bun, and other Web-interoperable runtimes.
Extremely Popular
Latest
interface JWTClaimVerificationOptions
import { type JWTClaimVerificationOptions } from "https://dotland.deno.dev/x/jose@v5.9.6/index.ts";

JWT Claims Set verification options.

Properties

optional
audience: string | string[]

Expected JWT "aud" (Audience) Claim value(s).

This option makes the JWT "aud" (Audience) Claim presence required.

optional
clockTolerance: string | number

Expected clock tolerance

  • In seconds when number (e.g. 5)
  • Parsed as seconds when a string (e.g. "5 seconds", "10 minutes", "2 hours").
optional
issuer: string | string[]

Expected JWT "iss" (Issuer) Claim value(s).

This option makes the JWT "iss" (Issuer) Claim presence required.

optional
maxTokenAge: string | number

Maximum time elapsed (in seconds) from the JWT "iat" (Issued At) Claim value.

  • In seconds when number (e.g. 5)
  • Parsed as seconds when a string (e.g. "5 seconds", "10 minutes", "2 hours").

This option makes the JWT "iat" (Issued At) Claim presence required.

optional
subject: string

Expected JWT "sub" (Subject) Claim value.

This option makes the JWT "sub" (Subject) Claim presence required.

optional
typ: string

Expected JWT "typ" (Type) Header Parameter value.

This option makes the JWT "typ" (Type) Header Parameter presence required.

optional
currentDate: Date

Date to use when comparing NumericDate claims, defaults to new Date().

optional
requiredClaims: string[]

Array of required Claim Names that must be present in the JWT Claims Set. Default is that: if the {@link JWTClaimVerificationOptions.issuer | issuer option} is set, then JWT "iss" (Issuer) Claim must be present; if the {@link JWTClaimVerificationOptions.audience | audience option} is set, then JWT "aud" (Audience) Claim must be present; if the {@link JWTClaimVerificationOptions.subject | subject option} is set, then JWT "sub" (Subject) Claim must be present; if the {@link JWTClaimVerificationOptions.maxTokenAge | maxTokenAge option} is set, then JWT "iat" (Issued At) Claim must be present.