Auth SDK

Official @nfyio/auth npm package — sign-in, token refresh, userinfo and JWT verification for your nfyio Auth project (OIDC, realm-per-project).

Auth SDK — @nfyio/auth

nfyio Auth is OIDC (one realm per project). Point the client at your project’s issuerhttps://auth.nfyio.com/realms/<slug> — and your client id, both from the dashboard at Auth → your project.

Install

npm install @nfyio/auth

Sign in a user (client)

import { NfyioAuth } from '@nfyio/auth'

const auth = new NfyioAuth({
  issuer: 'https://auth.nfyio.com/realms/my-project',
  clientId: 'my-app',
})

const session = await auth.signIn({ username: 'a@b.com', password: '••••' })
const user = await auth.getUser(session.accessToken)
const next = await auth.refresh(session.refreshToken)
await auth.signOut(session.refreshToken)

Verify a token (server)

// Verifies signature (realm JWKS), issuer and expiry — throws if invalid.
const { payload } = await auth.verify(bearerToken)
// payload.sub, payload.email, payload.realm_access?.roles ...

Machine-to-machine

const auth = new NfyioAuth({
  issuer: 'https://auth.nfyio.com/realms/my-project',
  clientId: 'my-service',
  clientSecret: process.env.NFYIO_AUTH_CLIENT_SECRET!,
})
const token = await auth.clientCredentials()
MethodDescription
signIn({ username, password, scope? })Password grant → session.
refresh(refreshToken)Refresh → new session.
clientCredentials(scope?)M2M token (needs clientSecret).
getUser(accessToken)OIDC userinfo.
verify(token, { audience? })Verify JWT via realm JWKS.
signOut(refreshToken)Revoke session.