Skip to main content

ValidateAccessTokenResponseDTO

Package: @nauth-toolkit/core Type: DTO (Response)

Response DTO for JWT access token validation operations. Returns validation result with decoded payload or error information.

import { ValidateAccessTokenResponseDTO } from '@nauth-toolkit/nestjs';

Properties

PropertyTypeRequiredDescription
errorstringNoError message if validation failed. Examples: "Token expired", "Invalid token signature".
errorType'expired' | 'invalid' | 'malformed' | 'blacklisted'NoError type for programmatic handling. Only present when valid is false.
payloadJwtPayloadNoDecoded JWT payload containing user and session information. Only present when valid is true.
validbooleanYesWhether the token is valid. If true, payload is present. If false, error and errorType are present.

JwtPayload Properties

PropertyTypeRequiredDescription
audstring | string[]NoAudience claim
deviceIdstringNoDevice identifier
emailstringYesUser email address
expnumberYesExpiration timestamp (Unix epoch)
iatnumberYesIssued at timestamp (Unix epoch)
issstringNoIssuer claim
sessionIdstringYesSession identifier
substringYesUser ID (subject)
tokenFamilystringNoToken family ID for rotation detection
type'access' | 'refresh'YesToken type - always 'access' for access tokens

Error Types

Error TypeDescription
expiredToken has expired (exp claim < current time)
invalidToken signature verification failed or invalid format
malformedToken structure is invalid (not a proper JWT)
blacklistedToken has been revoked or blacklisted

Examples

Valid token response:

{
  "valid": true,
  "payload": {
    "sub": "a21b654c-2746-4168-acee-c175083a65cd",
    "email": "user@example.com",
    "type": "access",
    "sessionId": "session-uuid-123",
    "iat": 1704067200,
    "exp": 1704070800,
    "iss": "nauth-toolkit",
    "aud": "my-app"
  }
}

Invalid token response:

{
  "valid": false,
  "error": "Token expired",
  "errorType": "expired"
}

Used By

Last updated on