@mcp-z/oauth
    Preparing search index...

    Class SessionUserAuth

    Session-based user authentication provider

    Verifies signed session cookies and extracts user IDs. Use for multi-tenant deployments where users authenticate via web sessions.

    // Multi-tenant server setup with session-based user authentication
    const userAuth = new SessionUserAuth({
      sessionSecret: process.env.SESSION_SECRET!,
      cookieName: 'app_session',
    });

    // Create OAuth adapters with session-based user identification
    const oauthAdapters = await createOAuthAdapters(
      config.transport,
      {
        service: 'gmail',
        clientId: process.env.GOOGLE_CLIENT_ID!,
        clientSecret: process.env.GOOGLE_CLIENT_SECRET,
        scope: GOOGLE_SCOPE,
        auth: 'loopback-oauth',
        headless: false,
        redirectUri: undefined,
      },
      {
        logger,
        tokenStore,
        userAuth, // Session-based user identification for multi-tenant deployments
      }
    );

    // Use auth middleware with tools
    const { middleware: authMiddleware } = oauthAdapters;
    const tools = toolFactories.map(f => f()).map(authMiddleware.withToolAuth);

    Implements

    Index

    Constructors

    constructor

    Methods

    createSessionCookie getUserId

    Constructors

    Methods

    • Helper for creating session cookies (for testing/integration)

      Parameters

      • userId: string

        User ID to encode in session

      • OptionalexpiresInMs: number

        Optional expiration time in milliseconds from now

      Returns string

      Signed session cookie value

    • Extract and verify user ID from session cookie

      Parameters

      • req: unknown

        HTTP request object with cookie header

      Returns Promise<string>

      User ID from verified session

      Error if session missing, invalid, or expired

    Settings

    Member Visibility

    On This Page

    Constructors
    Methods