@orangecheck/auth-core / verifySessionToken
Function: verifySessionToken()
function verifySessionToken(token: string, cfg: VerifyConfig): Promise<SessionPayload | null>;
Defined in: src/index.ts:177
Crypto-only JWT verify. Returns the payload on success, null on
any failure (bad signature, expired, wrong issuer, malformed).
Safe for consumer subdomains — they only need the public JWK. Revocation-aware checks live on the auth host.
Parameters
| Parameter | Type |
|---|---|
token | string |
cfg | VerifyConfig |
Returns
Promise<SessionPayload | null>