Installation & Configuration

Step 1: Install the package

npm
yarn
pnpm

npm install @nik2208/node-auth

yarn add @nik2208/node-auth

pnpm add @nik2208/node-auth

TypeScript

node-auth is written in TypeScript and ships with its own type declarations — no @types/ package needed.

Step 2: Configure AuthConfigurator

Create an AuthConfig object and pass it to AuthConfigurator along with your IUserStore implementation:

import { AuthConfigurator, AuthConfig } from '@nik2208/node-auth';
import { MyUserStore } from './my-user-store';

const config: AuthConfig = {
  accessTokenSecret: process.env.ACCESS_TOKEN_SECRET!,
  refreshTokenSecret: process.env.REFRESH_TOKEN_SECRET!,
  accessTokenExpiresIn: '15m',
  refreshTokenExpiresIn: '7d',
};

const auth = new AuthConfigurator(config, new MyUserStore());

AuthConfig Options

Option	Type	Required	Default	Description
`accessTokenSecret`	`string`	✅	—	Secret for signing access tokens
`refreshTokenSecret`	`string`	✅	—	Secret for signing refresh tokens
`accessTokenExpiresIn`	`string`	✅	—	Access token TTL (e.g. `'15m'`)
`refreshTokenExpiresIn`	`string`	✅	—	Refresh token TTL (e.g. `'7d'`)
`buildTokenPayload`	`(user) => object`	❌	—	Inject custom claims into JWT
`csrf.enabled`	`boolean`	❌	`false`	Enable CSRF double-submit cookie
`emailVerification`	`'none'\|'lazy'\|'strict'`	❌	`'none'`	Email verification mode
`require2FA`	`boolean`	❌	`false`	Require 2FA for all logins

Step 3: Mount the router

import express from 'express';
import rateLimit from 'express-rate-limit';

const app = express();
app.use(express.json());

const limiter = rateLimit({ windowMs: 15 * 60 * 1000, max: 20 });

app.use('/auth', auth.router({
  rateLimiter: limiter,
  onRegister: async (data, config) => {
    return userStore.create(data);
  },
}));

app.listen(3000);

Complete Configuration Example

import express from 'express';
import rateLimit from 'express-rate-limit';
import { AuthConfigurator, AuthConfig } from '@nik2208/node-auth';
import { MyUserStore } from './stores/user-store';
import { MySessionStore } from './stores/session-store';
import { MyRbacStore } from './stores/rbac-store';

const app = express();
app.use(express.json());

const config: AuthConfig = {
  accessTokenSecret: process.env.ACCESS_TOKEN_SECRET!,
  refreshTokenSecret: process.env.REFRESH_TOKEN_SECRET!,
  accessTokenExpiresIn: '15m',
  refreshTokenExpiresIn: '7d',
  emailVerification: 'lazy',
  csrf: { enabled: true },
  buildTokenPayload: async (user) => ({
    tenantId: user.tenantId,
    plan: user.plan,
  }),
};

const userStore = new MyUserStore();
const sessionStore = new MySessionStore();
const rbacStore = new MyRbacStore();

const auth = new AuthConfigurator(config, userStore);

const limiter = rateLimit({ windowMs: 15 * 60 * 1000, max: 20 });

app.use('/auth', auth.router({
  rateLimiter: limiter,
  sessionStore,
  rbacStore,
  onRegister: async (data, config) => {
    return userStore.create(data);
  },
}));

app.listen(3000);

Step 1: Install the package​

Step 2: Configure AuthConfigurator​

AuthConfig Options​

Step 3: Mount the router​

Complete Configuration Example​

Step 1: Install the package

Step 2: Configure AuthConfigurator

AuthConfig Options

Step 3: Mount the router

Complete Configuration Example