Manual Verification

Verify a token string directly — useful for WebSockets, message queues, or any flow outside Express middleware.

auther.verify(token)

Accepts a raw token string and returns a typed result object. Use this when you have the token but are not in a standard Express request/response cycle.

typescript

const result = await auther.verify(rawToken);

if (result.ok) {
  console.log(result.user.email);
  console.log(result.user.id);
} else {
  console.error(result.message); // e.g. 'Invalid or expired token'
}

WebSocket example

typescript

import { WebSocketServer } from 'ws';

const wss = new WebSocketServer({ port: 8080 });

wss.on('connection', async (ws, req) => {
  // Token passed as query param: ws://host?token=...
  const token = new URL(req.url!, 'http://x').searchParams.get('token');

  if (!token) { ws.close(1008, 'Unauthorized'); return; }

  const result = await auther.verify(token);
  if (!result.ok) { ws.close(1008, result.message); return; }

  // Authenticated — attach user to socket
  (ws as any).user = result.user;
  ws.send(JSON.stringify({ type: 'connected', userId: result.user.id }));
});

Return type

typescript

type VerifyResult =
  | { ok: true;  user: AutherUser }
  | { ok: false; status: number; message: string };

Same verification, different interface

auther.verify() calls the exact same Auther backend endpoint as auther.protect(). The only difference is that you handle the result yourself instead of the middleware doing it.