Options for protecting APIs.
Omit<ValidateAccessTokenOptions, "clientCertificate">| Property | Type | Description |
|---|---|---|
groups? | string[] | List of group names or identifiers that must be present in the token's groups claim. |
scopes? | string[] | List of scopes that must all be present in the token's scope claim. |
validateCertificateBinding? | boolean | When true, validates certificate binding for certificate-bound access tokens. |