@kolaylogin/express

Dedicated Express middleware. Attaches a typed req.auth, responds 401 on unauthorized calls, and supports both enforcing and opportunistic modes.

Install

npm install @kolaylogin/express @kolaylogin/backend

Protect a route

import express from 'express';
import { requireAuth } from '@kolaylogin/express';

const app = express();

app.use('/api/private', requireAuth({ // baseUrl defaults to https://api.kolaylogin.com }));

app.get('/api/private/me', (req: any, res) => {
  res.json({ userId: req.auth.userId, orgId: req.auth.orgId });
});

app.listen(4000);

Opportunistic auth

Want a single handler that serves both anon and signed-in traffic? Use withAuth instead — it attaches req.authwhen present but never 401s on its own.

import { withAuth } from '@kolaylogin/express';

app.use(withAuth({ // baseUrl defaults to https://api.kolaylogin.com }));

app.get('/api/hello', (req: any, res) => {
  res.json({ greeting: req.auth ? 'Welcome back' : 'Hello, stranger' });
});

Types

req.auth.userId, sessionId, environmentId
req.auth.orgId, orgRole (nullable)
req.auth.getToken() — raw JWT, forward to upstream services.
req.auth.claims — verified full payload.

← Previous

@kolaylogin/backend

@kolaylogin/fastify