@orangecheck/auth-core / verifyStepUpClaim
Function: verifyStepUpClaim()
function verifyStepUpClaim(payload: SessionPayload, opts: {
max_age_secs: number;
}): boolean;
Defined in: index.ts:189
Returns true when the JWT carries a fresh step_up_at claim —
i.e. the user successfully completed a WebAuthn assertion within
the supplied freshness window (in seconds). Returns false for
tokens that lack the claim entirely, that carry a stale value,
that carry a value somehow in the future, or where the freshness
window is non-positive.
Consumers gating sensitive actions read this in two places:
- Client side · before calling the action, to decide whether to
trigger
useStepUpAuth(). Skip the prompt if already fresh. - Server side · in the route handler, AFTER verifying the JWT, to enforce the policy regardless of what the client did.
The freshness window is consumer-chosen — typical default is 300s (5 min); higher-value spends might use 60s.
Parameters
| Parameter | Type |
|---|---|
payload | SessionPayload |
opts | { max_age_secs: number; } |
opts.max_age_secs | number |
Returns
boolean