Auth SDK
Official @nfyio/auth npm package — sign-in, token refresh, userinfo and JWT verification for your nfyio Auth project (OIDC, realm-per-project).
Auth SDK — @nfyio/auth
nfyio Auth is OIDC (one realm per project). Point the client at your project’s
issuer — https://auth.nfyio.com/realms/<slug> — and your client id, both
from the dashboard at Auth → your project.
Install
npm install @nfyio/auth
Sign in a user (client)
import { NfyioAuth } from '@nfyio/auth'
const auth = new NfyioAuth({
issuer: 'https://auth.nfyio.com/realms/my-project',
clientId: 'my-app',
})
const session = await auth.signIn({ username: 'a@b.com', password: '••••' })
const user = await auth.getUser(session.accessToken)
const next = await auth.refresh(session.refreshToken)
await auth.signOut(session.refreshToken)
Verify a token (server)
// Verifies signature (realm JWKS), issuer and expiry — throws if invalid.
const { payload } = await auth.verify(bearerToken)
// payload.sub, payload.email, payload.realm_access?.roles ...
Machine-to-machine
const auth = new NfyioAuth({
issuer: 'https://auth.nfyio.com/realms/my-project',
clientId: 'my-service',
clientSecret: process.env.NFYIO_AUTH_CLIENT_SECRET!,
})
const token = await auth.clientCredentials()
| Method | Description |
|---|---|
signIn({ username, password, scope? }) | Password grant → session. |
refresh(refreshToken) | Refresh → new session. |
clientCredentials(scope?) | M2M token (needs clientSecret). |
getUser(accessToken) | OIDC userinfo. |
verify(token, { audience? }) | Verify JWT via realm JWKS. |
signOut(refreshToken) | Revoke session. |