> ## Documentation Index
> Fetch the complete documentation index at: https://docs.crossmint.com/llms.txt
> Use this file to discover all available pages before exploring further.

# CrossmintAuth

Defined in: [server/src/auth/CrossmintAuthServer.ts:38](https://github.com/Crossmint/crossmint-sdk/blob/main/packages/server/src/auth/CrossmintAuthServer.ts#L38)

Server-side Crossmint authentication client: validate sessions, verify JWTs, refresh tokens,
fetch users, and manage auth cookies. Works with both Node.js (`IncomingMessage`/`ServerResponse`)
and Fetch API (`Request`/`Response`) request/response objects.

Create an instance with [CrossmintAuthServer.from](./#from).

## Extends

* `CrossmintAuth`

## Methods

### getJwksUri()

> **getJwksUri**(): `string`

Defined in: common/auth/dist/CrossmintAuth.d.ts:14

#### Returns

`string`

#### Inherited from

`CrossmintAuth.getJwksUri`

***

### getSession()

> **getSession**(`options`, `response`?): `Promise`\<`AuthSession`>

Defined in: [server/src/auth/CrossmintAuthServer.ts:59](https://github.com/Crossmint/crossmint-sdk/blob/main/packages/server/src/auth/CrossmintAuthServer.ts#L59)

Validate the user's session and return it, refreshing it if expired.
Accepts either a request object (auth material is read from cookies) or the auth material
itself (`{ jwt, refreshToken }`). If a response object is provided, refreshed auth material
is stored in its cookies.

#### Parameters

| Parameter   | Type                                                                      |
| ----------- | ------------------------------------------------------------------------- |
| `options`   | [`GenericRequest`](../type-aliases/GenericRequest) \| `AuthMaterialBasic` |
| `response`? | [`GenericResponse`](../type-aliases/GenericResponse)                      |

#### Returns

`Promise`\<`AuthSession`>

#### Throws

CrossmintAuthenticationError if no valid session can be established.

***

### getUser()

> **getUser**(`externalUserId`): `Promise`\<`any`>

Defined in: [server/src/auth/CrossmintAuthServer.ts:86](https://github.com/Crossmint/crossmint-sdk/blob/main/packages/server/src/auth/CrossmintAuthServer.ts#L86)

Fetch the Crossmint user associated with the given external user ID.

#### Parameters

| Parameter        | Type     |
| ---------------- | -------- |
| `externalUserId` | `string` |

#### Returns

`Promise`\<`any`>

***

### handleCustomRefresh()

> **handleCustomRefresh**(`request`, `response`?): `Promise`\<[`GenericResponse`](../type-aliases/GenericResponse)>

Defined in: [server/src/auth/CrossmintAuthServer.ts:102](https://github.com/Crossmint/crossmint-sdk/blob/main/packages/server/src/auth/CrossmintAuthServer.ts#L102)

Handle a token refresh request on a custom refresh route. Reads the refresh token from the
request body or cookies, refreshes the session, and returns a response with the new auth
material stored in cookies. Returns a 401 response if the refresh fails.

#### Parameters

| Parameter   | Type                                                 |
| ----------- | ---------------------------------------------------- |
| `request`   | [`GenericRequest`](../type-aliases/GenericRequest)   |
| `response`? | [`GenericResponse`](../type-aliases/GenericResponse) |

#### Returns

`Promise`\<[`GenericResponse`](../type-aliases/GenericResponse)>

***

### logout()

> **logout**(`request`?, `response`?): `Promise`\<[`GenericResponse`](../type-aliases/GenericResponse)>

Defined in: [server/src/auth/CrossmintAuthServer.ts:167](https://github.com/Crossmint/crossmint-sdk/blob/main/packages/server/src/auth/CrossmintAuthServer.ts#L167)

Log the user out: invalidate the refresh token with Crossmint and clear the auth cookies on the response.

#### Parameters

| Parameter   | Type                                                 |
| ----------- | ---------------------------------------------------- |
| `request`?  | [`GenericRequest`](../type-aliases/GenericRequest)   |
| `response`? | [`GenericResponse`](../type-aliases/GenericResponse) |

#### Returns

`Promise`\<[`GenericResponse`](../type-aliases/GenericResponse)>

***

### storeAuthMaterial()

> **storeAuthMaterial**(`response`, `authMaterial`): `void`

Defined in: [server/src/auth/CrossmintAuthServer.ts:162](https://github.com/Crossmint/crossmint-sdk/blob/main/packages/server/src/auth/CrossmintAuthServer.ts#L162)

Store auth material (JWT and refresh token) in the response's cookies.

#### Parameters

| Parameter      | Type                                                 |
| -------------- | ---------------------------------------------------- |
| `response`     | [`GenericResponse`](../type-aliases/GenericResponse) |
| `authMaterial` | `AuthMaterial`                                       |

#### Returns

`void`

***

### verifyCrossmintJwt()

> **verifyCrossmintJwt**(`token`, `jwks`?): `Promise`\<`JWTPayload`>

Defined in: [server/src/auth/CrossmintAuthServer.ts:154](https://github.com/Crossmint/crossmint-sdk/blob/main/packages/server/src/auth/CrossmintAuthServer.ts#L154)

Verify a Crossmint-issued JWT and return its decoded payload. Uses Crossmint's JWKS endpoint unless a key set is provided.

#### Parameters

| Parameter | Type            |
| --------- | --------------- |
| `token`   | `string`        |
| `jwks`?   | `JSONWebKeySet` |

#### Returns

`Promise`\<`JWTPayload`>

***

### defaultApiClient()

> `static` **defaultApiClient**(`crossmint`): `CrossmintApiClient`

Defined in: common/auth/dist/CrossmintAuth.d.ts:19

#### Parameters

| Parameter   | Type        |
| ----------- | ----------- |
| `crossmint` | `Crossmint` |

#### Returns

`CrossmintApiClient`

#### Inherited from

`CrossmintAuth.defaultApiClient`

***

### from()

> `static` **from**(`crossmint`, `options`): `CrossmintAuthServer`

Defined in: [server/src/auth/CrossmintAuthServer.ts:47](https://github.com/Crossmint/crossmint-sdk/blob/main/packages/server/src/auth/CrossmintAuthServer.ts#L47)

Create a `CrossmintAuth` instance from a `Crossmint` object (created with `createCrossmint`).

#### Parameters

| Parameter   | Type                                                                       |
| ----------- | -------------------------------------------------------------------------- |
| `crossmint` | `Crossmint`                                                                |
| `options`   | [`CrossmintAuthServerOptions`](../type-aliases/CrossmintAuthServerOptions) |

#### Returns

`CrossmintAuthServer`

#### Overrides

`CrossmintAuth.from`
