Graphorin API reference v0.7.0
Graphorin API reference / @graphorin/security / / CreateOAuthClientOptions
Interface: CreateOAuthClientOptions
Defined in: packages/security/src/oauth/types.ts:76
Configuration options for createOAuthClient(...).
Stable
Properties
| Property | Modifier | Type | Description | Defined in |
|---|---|---|---|---|
logger? | readonly | (level, message, fields?) => void | Optional logger. | packages/security/src/oauth/types.ts:105 |
metadata? | readonly | DiscoveredMetadata | Optional pre-discovered metadata (skip the network round-trip). | packages/security/src/oauth/types.ts:103 |
refreshAheadMs? | readonly | number | Refresh-ahead window in ms. On the client itself this only colours status() labels ('expiring-soon'); the proactive refresh that uses the window lives in the MCP bridge's authorization provider (createOAuthAuthorizationProvider), which refreshes when the persisted expiry is within its own refreshAheadMs (SPL-12). | packages/security/src/oauth/types.ts:101 |
registration? | readonly | OAuthRegistration | Stored / persistent registration metadata. | packages/security/src/oauth/types.ts:82 |
secretsStore? | readonly | SecretsStore | Secrets store the actual tokens are persisted into (SPL-1). When supplied, persistSession writes the access / refresh / id tokens under the oauth:<serverId>:<kind> keys the record's refs point at, and refresh / revoke / status resolve them back - so sessions survive process restarts. Without it, tokens live only in process memory (the pre-SPL-1 behavior, documented). | packages/security/src/oauth/types.ts:93 |
serverId | readonly | string | Stable identifier; persisted into the OAuthServerStore. | packages/security/src/oauth/types.ts:78 |
serverUrl | readonly | string | Base URL of the OAuth-protected resource server. | packages/security/src/oauth/types.ts:80 |
storage | readonly | OAuthServerStore | Persistent storage for the registration + token-ref metadata. | packages/security/src/oauth/types.ts:84 |