Skip to main content

Interface: ConfigureAuthProxyRuntimeOptions

Runtime options for configureAuthProxyRuntime (upstream proxy mode).

Fields:

  • localBasePath: Path where Robo exposes auth endpoints locally.
  • targetBasePath?: Path on the upstream server (defaults to localBasePath).
  • baseUrl: Upstream Robo/Auth.js URL (must include protocol + domain).
  • cookieName?: Session cookie name (defaults to authjs.session-token).
  • secret?: Optional JWT secret for local decoding (reduces upstream calls; without it every getToken call hits upstream).
  • sessionStrategy: 'jwt' | 'database' matching the upstream server.
  • headers?: Extra headers forwarded to upstream (e.g., X-API-Key).
  • fetch?: Custom fetch implementation (testing, retries, special agents).

⚠️ Security:

  • baseUrl should use HTTPS to protect session cookies in transit.
  • Additional headers may carry secrets; ensure the upstream server validates them.
  • Provide secret when possible so JWT decoding happens locally instead of forwarding tokens.

Performance:

  • Supplying secret enables local JWT decoding, cutting proxy traffic roughly in half.
  • Custom fetch can implement retries, keep-alive, or caching.

Edge cases:

  • targetBasePath defaults to localBasePath. Set explicitly if they differ.
  • cookieName must match upstream; mismatches prevent session lookups.
  • sessionStrategy mismatch leads to getToken/getServerSession failures.

See

configureAuthProxyRuntime

Properties

baseUrl

baseUrl: string;

cookieName?

optional cookieName: string;

fetch?

optional fetch: FetchLike;

headers?

optional headers: Record<string, string>;

localBasePath

localBasePath: string;

secret?

optional secret: string;

sessionStrategy

sessionStrategy: "jwt" | "database";

targetBasePath?

optional targetBasePath: string;