Node.js SDK for Transactional Auth - Token verification and management API client
npm install transactional-auth-nodeNode.js SDK for Transactional Auth - Token verification and management API client for backend applications.
``bash`
npm install transactional-auth-nodeor
yarn add transactional-auth-nodeor
pnpm add transactional-auth-node
- Token Verification - Verify JWT access tokens from Transactional Auth
- Express Middleware - Ready-to-use middleware for Express.js
- Management API Client - Create, update, and manage users programmatically
- Permission & Role Checks - Built-in middleware for authorization
`ts
import { verifyToken, decodeToken, isTokenExpired } from 'transactional-auth-node';
// Verify and decode a token
const decoded = await verifyToken(token, 'auth.usetransactional.com', {
audience: 'https://api.example.com',
});
console.log('User ID:', decoded.sub);
console.log('Scopes:', decoded.scope);
// Decode without verification (for inspection)
const claims = decodeToken(token);
// Check if expired
if (isTokenExpired(token)) {
console.log('Token is expired');
}
`
`ts
import express from 'express';
import {
createAuthMiddleware,
requirePermissions,
requireRoles,
requireScopes,
optionalAuth,
} from 'transactional-auth-node/express';
const app = express();
// Create the auth middleware
const auth = createAuthMiddleware({
domain: 'auth.usetransactional.com',
audience: 'https://api.example.com',
});
// Protect all /api routes
app.use('/api', auth);
// Access the authenticated user
app.get('/api/profile', (req, res) => {
res.json({
userId: req.auth?.sub,
email: req.auth?.email,
});
});
// Require specific permissions
app.delete('/api/users/:id', requirePermissions('delete:users'), (req, res) => {
// Only users with 'delete:users' permission can reach here
});
// Require specific roles
app.get('/api/admin', requireRoles('admin'), (req, res) => {
// Only admins can reach here
});
// Require specific scopes
app.get('/api/data', requireScopes('read:data'), (req, res) => {
// Only tokens with 'read:data' scope
});
// Optional authentication
app.get('/api/public', optionalAuth({ domain: 'auth.usetransactional.com' }), (req, res) => {
if (req.auth) {
res.json({ message: Hello, ${req.auth.sub} });`
} else {
res.json({ message: 'Hello, anonymous' });
}
});
`ts
import { TransactionalAuthClient } from 'transactional-auth-node';
const auth = new TransactionalAuthClient({
domain: 'auth.usetransactional.com',
clientId: 'your-management-client-id',
clientSecret: 'your-management-client-secret',
});
// List users
const { data: users, meta } = await auth.getUsers({
page: 1,
limit: 20,
search: 'john',
});
// Get a specific user
const user = await auth.getUser('user-id');
// Create a user
const newUser = await auth.createUser({
email: 'user@example.com',
password: 'securepassword',
name: 'John Doe',
emailVerified: false,
});
// Update a user
await auth.updateUser('user-id', {
name: 'Jane Doe',
userMetadata: { preferences: { theme: 'dark' } },
});
// Block/unblock a user
await auth.blockUser('user-id');
await auth.unblockUser('user-id');
// Send verification email
await auth.sendVerificationEmail('user-id');
// Change password
await auth.changePassword('user-id', 'newpassword');
// Delete a user
await auth.deleteUser('user-id');
// Role management
const roles = await auth.getRoles();
await auth.assignRoleToUser('user-id', 'role-id');
await auth.removeRoleFromUser('user-id', 'role-id');
const userRoles = await auth.getUserRoles('user-id');
`
#### verifyToken(token, domain, options?)
Verifies a JWT and returns the decoded payload.
| Parameter | Type | Description |
|-----------|------|-------------|
| token | string | The JWT access token |domain
| | string | Auth domain |options.audience
| | string | Expected audience |options.issuer
| | string | Expected issuer (defaults to domain) |
#### decodeToken(token)
Decodes a JWT without verification (for inspection only).
#### isTokenExpired(token)
Returns true if the token is expired.
#### createAuthMiddleware(options)
Creates Express middleware for JWT authentication.
| Option | Type | Default | Description |
|--------|------|---------|-------------|
| domain | string | Required | Auth domain |audience
| | string | - | Expected audience |algorithms
| | string[] | ['RS256'] | Accepted algorithms |credentialsRequired
| | boolean | true | Fail if token missing |
#### requirePermissions(...permissions)
Middleware to check for required permissions.
#### requireRoles(...roles)
Middleware to check for required roles (any match).
#### requireScopes(...scopes)
Middleware to check for required scopes.
#### optionalAuth(options)
Same as createAuthMiddleware but doesn't fail if token is missing.
#### Constructor
`ts`
new TransactionalAuthClient({
domain: 'auth.usetransactional.com',
clientId: 'your-client-id',
clientSecret: 'your-client-secret',
})
#### Users
- getUsers(params?) - List users with paginationgetUser(userId)
- - Get user by IDgetUserByEmail(email)
- - Get user by emailcreateUser(data)
- - Create a new userupdateUser(userId, data)
- - Update a userdeleteUser(userId)
- - Delete a userblockUser(userId)
- - Block a userunblockUser(userId)
- - Unblock a usersendVerificationEmail(userId)
- - Send verification emailchangePassword(userId, password)
- - Change password
#### Applications
- getApplications() - List applicationsgetApplication(appId)
- - Get application by ID
#### Connections
- getConnections() - List connectionsgetConnection(connectionId)
- - Get connection by ID
#### Roles
- getRoles() - List rolesassignRoleToUser(userId, roleId)
- - Assign role to userremoveRoleFromUser(userId, roleId)
- - Remove role from usergetUserRoles(userId)
- - Get user's roles
Full TypeScript support with exported types:
`ts``
import type {
DecodedToken,
User,
CreateUserData,
UpdateUserData,
ListUsersParams,
PaginatedResponse,
Application,
Connection,
Role,
} from 'transactional-auth-node';
MIT