@splitroute/login-server

SplitRoute's server helper for completing the OAuth authorization-code exchange. It validates incoming codes, fetches tokens from the SplitRoute auth proxy, and verifies JWT claims.

Install

npm install @splitroute/login-server

Quick Start

import express from 'express';
import { SplitRouteLoginServer } from '@splitroute/login-server';

const app = express();
app.use(express.json());

const splitroute = new SplitRouteLoginServer({
  clientId: process.env.CLIENT_ID,
  clientSecret: process.env.CLIENT_SECRET,
  authBaseUrl: process.env.AUTH_BASE_URL || 'https://auth.splitroute.com/'
});

app.post('/api/auth/callback', async (req, res) => {
  const { authorizationCode } = req.body;
  const result = await splitroute.exchangeCode(authorizationCode);

  res.json({
    success: true,
    user: {
      id: result.claims.sub,
      state: result.claims.state
    }
  });
});

exchangeCode automatically targets ${authBaseUrl}callback/, verifies signatures, and returns both the raw token response and decoded claims so you can mint your own session.

Documentation

See the workspace README for end-to-end examples and production readiness guidance.