@orangecheck/auth-core / getOcSession

Function: getOcSession()

function getOcSession(headers: 
  | SessionRequestHeaders
| Headers, options?: VerifyOcOptions): Promise<SessionPayload | null>;

Defined in: src/index.ts:420

Verify the OC session for a request. Accepts either a plain object with cookie / authorization properties (Express / Next.js / etc.) or a Web Headers object (Hono / edge / Fetch API). Reads the session from the Cookie header first; falls back to a Authorization: Bearer <token> header so cross-domain integrators (different eTLD+1, no .ochk.io cookie) can verify the same way.

Returns null for unauthenticated, missing, or invalid requests. Never throws.

Parameters

Parameter	Type
`headers`	\| `SessionRequestHeaders` \| `Headers`
`options`	`VerifyOcOptions`

Returns

Promise<SessionPayload | null>