[{"data":1,"prerenderedAt":159},["ShallowReactive",2],{"navigation_docs":3,"landing":68},[4,34,51],{"title":5,"path":6,"stem":7,"children":8,"page":33},"Api","\u002Fdocs\u002Fapi","docs\u002Fapi",[9,13,17,21,25,29],{"title":10,"path":11,"stem":12},"OidcConfigManager","\u002Fdocs\u002Fapi\u002Foidc-config-manager","docs\u002Fapi\u002F1.oidc-config-manager",{"title":14,"path":15,"stem":16},"OidcHttpMiddleware","\u002Fdocs\u002Fapi\u002Fhttp-middleware","docs\u002Fapi\u002F2.http-middleware",{"title":18,"path":19,"stem":20},"OidcSocketMiddleware","\u002Fdocs\u002Fapi\u002Fsocket-middleware","docs\u002Fapi\u002F3.socket-middleware",{"title":22,"path":23,"stem":24},"OidcSocketAdminMiddleware","\u002Fdocs\u002Fapi\u002Fadmin-middleware","docs\u002Fapi\u002F4.admin-middleware",{"title":26,"path":27,"stem":28},"verifyOidcToken","\u002Fdocs\u002Fapi\u002Fverify-token","docs\u002Fapi\u002F5.verify-token",{"title":30,"path":31,"stem":32},"Types & Interfaces","\u002Fdocs\u002Fapi\u002Ftypes","docs\u002Fapi\u002F6.types",false,{"title":35,"path":36,"stem":37,"children":38,"page":33},"Getting Started","\u002Fdocs\u002Fgetting-started","docs\u002Fgetting-started",[39,43,47],{"title":40,"path":41,"stem":42},"Introduction","\u002Fdocs\u002Fgetting-started\u002Fintroduction","docs\u002Fgetting-started\u002F1.introduction",{"title":44,"path":45,"stem":46},"Installation","\u002Fdocs\u002Fgetting-started\u002Finstallation","docs\u002Fgetting-started\u002F2.installation",{"title":48,"path":49,"stem":50},"Quick Start","\u002Fdocs\u002Fgetting-started\u002Fquick-start","docs\u002Fgetting-started\u002F3.quick-start",{"title":52,"path":53,"stem":54,"children":55,"page":33},"Guides","\u002Fdocs\u002Fguides","docs\u002Fguides",[56,60,64],{"title":57,"path":58,"stem":59},"Protecting Routes and Namespaces","\u002Fdocs\u002Fguides\u002Fprotecting-routes","docs\u002Fguides\u002F1.protecting-routes",{"title":61,"path":62,"stem":63},"User Provisioning","\u002Fdocs\u002Fguides\u002Fuser-provisioning","docs\u002Fguides\u002F2.user-provisioning",{"title":65,"path":66,"stem":67},"Error Handling & Security","\u002Fdocs\u002Fguides\u002Ferror-handling","docs\u002Fguides\u002F3.error-handling",{"id":69,"title":70,"body":71,"description":70,"extension":150,"meta":151,"navigation":152,"path":153,"seo":154,"stem":157,"__hash__":158},"landing\u002Findex.md","",{"type":72,"value":73,"toc":147},"minimark",[74,108],[75,76,77,81,92],"u-page-hero",{},[78,79,80],"template",{"v-slot:title":70},"IOServer OIDC",[78,82,83,84,91],{"v-slot:description":70},"Drop-in OIDC\u002FOAuth2 JWT authentication for ",[85,86,90],"a",{"href":87,"rel":88},"https:\u002F\u002Fdocs.circle-cyber.com\u002Fioserver\u002F",[89],"nofollow","IOServer"," applications. Protects HTTP routes and Socket.IO namespaces by verifying tokens issued by your auth-service via remote JWKS — no secrets to store, no key rotation to manage.",[78,93,94,101],{"v-slot:links":70},[95,96,100],"u-button",{"color":97,"size":98,"to":41,"trailing-icon":99},"neutral","xl","i-lucide-arrow-right","Get started",[95,102,107],{"color":97,"size":98,"to":103,"icon":104,"target":105,"variant":106},"https:\u002F\u002Fgithub.com\u002Fx42en\u002Fioserver-oidc","i-simple-icons-github","_blank","outline","GitHub",[109,110,111,114],"u-page-section",{},[78,112,113],{"v-slot:title":70},"What it does",[78,115,116,122,127,132,137,142],{"v-slot:features":70},[117,118],"u-page-feature",{"description":119,"icon":120,"title":121},"RS256\u002FES256 tokens are verified against your auth-service's public key set. Keys are fetched once and cached in-process; rotation is handled automatically by jose.","i-lucide-shield-check","JWT verification via JWKS",[117,123],{"description":124,"icon":125,"title":126},"OidcHttpMiddleware guards Fastify routes. OidcSocketMiddleware guards Socket.IO namespaces. Both follow the exact same token flow and inject the same user context.","i-lucide-zap","HTTP and WebSocket in one package",[117,128],{"description":129,"icon":130,"title":131},"On first access, the middleware calls appHandle.users.findOrCreate() to create a local user record from the OIDC subject. Disabled accounts are rejected with 403.","i-lucide-user-check","User auto-provisioning",[117,133],{"description":134,"icon":135,"title":136},"OidcSocketAdminMiddleware provides a ready-to-use admin guard. Chain it after OidcSocketMiddleware to restrict a Socket.IO namespace to admin users only.","i-lucide-lock","Role-based access control",[117,138],{"description":139,"icon":140,"title":141},"Access tokens are verified in-memory on every request using the cached JWKS. No token is stored on disk or in a database on the application side.","i-lucide-package","Zero secret storage",[117,143],{"description":144,"icon":145,"title":146},"Ships with declaration files for OidcConfig, OidcUserContext, and OidcFeatures. ESM-only distribution; strict mode compatible.","i-lucide-code","Full TypeScript support",{"title":70,"searchDepth":148,"depth":148,"links":149},2,[],"md",{},true,"\u002F",{"title":155,"description":156},"IOServer OIDC — OIDC\u002FOAuth2 middleware for IOServer","Drop-in OIDC\u002FOAuth2 JWT middleware set for IOServer. Protects Fastify HTTP routes and Socket.IO namespaces via remote JWKS — no secret storage on the application side.","index","WYV7hEZp9O1XwDUZU9WG7VcXXMJCNmw-c2MA1En8npQ",1775918685665]