Node.js SDK
Use the vaultaris-sdk package to integrate Vaultaris into your Node.js or TypeScript applications. Includes transparent DPoP support.
vaultaris-sdk for Node.js is a native addon built with Neon — Rust core compiled to a native Node.js module. Includes transparent DPoP (RFC 9449) support via the Web Crypto API in browser environments.
Status: Active development. Core auth flows and CRUD operations are available. Some advanced features may require direct HTTP calls to the API in the meantime.
Open SDKs. The SDKs are developed in the open at github.com/Vaultaris/sdk — issues, PRs and feedback welcome.
Installation
npm install vaultaris-sdk
# or
pnpm add vaultaris-sdk
Setup
import { VaultarisClient } from 'vaultaris-sdk';
const vaultaris = new VaultarisClient({
baseUrl: 'https://auth.example.com',
clientId: 'my-app',
clientSecret: process.env.VAULTARIS_CLIENT_SECRET,
tenantId: process.env.VAULTARIS_TENANT_ID,
});
DPoP — Sender-Constrained Tokens
import { VaultarisClient, generateDpopKeyPair } from 'vaultaris-sdk';
// Generate a P-256 key pair (stored in memory, or pass your own CryptoKeyPair)
const dpopKeys = await generateDpopKeyPair();
const vaultaris = new VaultarisClient({
baseUrl: 'https://auth.example.com',
clientId: 'my-app',
clientSecret: process.env.VAULTARIS_CLIENT_SECRET,
tenantId: process.env.VAULTARIS_TENANT_ID,
dpopKeys, // SDK handles proof generation on every request
});
Browser / Web Crypto
The sdk-web package uses the browser's built-in SubtleCrypto — no Node.js dependencies:
import { VaultarisWebClient } from 'vaultaris-sdk/web';
const client = new VaultarisWebClient({
baseUrl: 'https://auth.example.com',
clientId: 'my-spa',
// DPoP keys generated in-browser via WebCrypto, non-exportable
});
Authentication
// Client credentials grant
const token = await vaultaris.authenticate();
// { accessToken, tokenType, expiresIn, scope }
// The client auto-refreshes before expiry
Middleware integration
Express
import { VaultarisMiddleware } from 'vaultaris-sdk/middleware';
app.use(VaultarisMiddleware({ client: vaultaris }));
app.get('/protected', (req, res) => {
// req.user is the decoded, validated token payload
res.json({ userId: req.user.sub });
});
Fastify
import { vaultarisPlugin } from 'vaultaris-sdk/fastify';
await fastify.register(vaultarisPlugin, { client: vaultaris });
fastify.get('/protected', { preHandler: fastify.authenticate }, async (request) => {
// request.user is available
});
User management
// List users
const { data, meta } = await vaultaris.users.list({ page: 1, perPage: 50 });
// Create user
const user = await vaultaris.users.create({
email: 'alice@example.com',
password: 'strong-pass',
firstName: 'Alice',
});
// Assign role
await vaultaris.users.assignRole(user.id, roleId);
Session validation
const result = await vaultaris.sessions.validateGlobal(token, 'app2.example.com');
if (result.valid) {
console.log('userId:', result.userId);
}
Audit log
const entries = await vaultaris.audit.list({ page: 1, perPage: 20, action: 'user.login' });
Next.js integration
// app/api/auth/[...vaultaris]/route.ts
import { handleOAuth } from 'vaultaris-sdk/next';
export const { GET, POST } = handleOAuth({
baseUrl: process.env.VAULTARIS_URL!,
clientId: process.env.VAULTARIS_CLIENT_ID!,
clientSecret: process.env.VAULTARIS_CLIENT_SECRET!,
redirectUri: process.env.VAULTARIS_REDIRECT_URI!,
});
TypeScript types
import type {
User, Role, Group, Session, AuditEntry,
TokenResponse, OAuthClient, IdentityProvider,
ApiKey, AbacPolicy,
} from 'vaultaris-sdk/types';