TideCloak Verify SDK
A lightweight utility for server‑side verification of TideCloak‑issued JSON Web Tokens (JWTs).
This package exports a single function,
verifyTideCloakToken, which you can use in your Next.js API routes, Node.js servers, or any backend to verify the authenticity, issuer, audience, and roles of a JWT issued by your TideCloak realm.
---
Installation
``
bash
or
`
Import
`
ts
`
API
$3
config
| object
| Your TideCloak adapter JSON (the Tidecloak client configuration you download from your realm settings). |
token
| string
| The raw JWT (access token) to verify. |
allowedRoles
| string[]
(optional) | Array of Tidecloak realm or client roles. If provided, the user must have at least one of these roles in their token. |
Returns:
Promise
Success: Decoded token payload when all checks pass.
Failure: null if verification fails or the user lacks the required role(s).
verifyTideCloakToken uses the jose library to:
config['auth-server-url'] and config.realm.
config.jwk.keys) or fetch the JWK Set remotely from Tidecloak.
azp (authorized party) against config.resource.
payload.realm_access.roles) and client (payload.resource_access[resource].roles) roles.
allowedRoles is specified.
null.
Examples
$3
ESM / import syntax (add { "type": "module" } in your package.json):
`js
Hello, ${payload.preferred_username} });
`
CommonJS / require syntax (default Node.js):
``js
Hello, ${payload.preferred_username} });
``
$3
`jsx
Welcome, {user}
;
`
$3
`ts
`
$3
`ts
Welcome, ${payload.preferred_username} });
`
TypeScript Definitions
`ts
| null>;
``