From 6475f73b157e4ebdc00ad13207f5802b305e325e Mon Sep 17 00:00:00 2001
From: Nick Lucas <me@nicklucas.co.uk>
Date: Sun, 21 Sep 2025 15:12:41 +0100
Subject: [PATCH 1/2] Make expiresAt mandatory since it is validated as
 mandatory at runtime

---
 src/server/auth/middleware/bearerAuth.test.ts | 6 +++++-
 src/server/auth/types.ts                      | 4 ++--
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/server/auth/middleware/bearerAuth.test.ts b/src/server/auth/middleware/bearerAuth.test.ts
index 38639b1de..bfad36bf0 100644
--- a/src/server/auth/middleware/bearerAuth.test.ts
+++ b/src/server/auth/middleware/bearerAuth.test.ts
@@ -95,7 +95,9 @@ describe("requireBearerAuth middleware", () => {
       token: "no-expiration-token",
       clientId: "client-123",
       scopes: ["read", "write"],
-      expiresAt
+
+      // Type does not accept possible undefined so an assertion is required for this test
+      expiresAt: expiresAt as number
     };
     mockVerifyAccessToken.mockResolvedValue(noExpirationAuthInfo);
 
@@ -146,6 +148,7 @@ describe("requireBearerAuth middleware", () => {
       token: "valid-token",
       clientId: "client-123",
       scopes: ["read"],
+      expiresAt: Math.floor(Date.now() / 1000) + 3600,
     };
     mockVerifyAccessToken.mockResolvedValue(authInfo);
 
@@ -418,6 +421,7 @@ describe("requireBearerAuth middleware", () => {
         token: "valid-token",
         clientId: "client-123",
         scopes: ["read"],
+        expiresAt: Math.floor(Date.now() / 1000) + 3600,
       };
       mockVerifyAccessToken.mockResolvedValue(authInfo);
 
diff --git a/src/server/auth/types.ts b/src/server/auth/types.ts
index 0189e9ed8..f8e69fecf 100644
--- a/src/server/auth/types.ts
+++ b/src/server/auth/types.ts
@@ -20,7 +20,7 @@ export interface AuthInfo {
   /**
    * When the token expires (in seconds since epoch).
    */
-  expiresAt?: number;
+  expiresAt: number;
 
   /**
    * The RFC 8707 resource server identifier for which this token is valid.
@@ -33,4 +33,4 @@ export interface AuthInfo {
    * This field should be used for any additional data that needs to be attached to the auth info.
   */
   extra?: Record<string, unknown>;
-}
\ No newline at end of file
+}

From c26f4a84882bf8f3724c3f20266f0933f42bdb7d Mon Sep 17 00:00:00 2001
From: Nick Lucas <me@nicklucas.co.uk>
Date: Sun, 21 Sep 2025 15:18:02 +0100
Subject: [PATCH 2/2] Update readme

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index cee7eb855..b4cdacec6 100644
--- a/README.md
+++ b/README.md
@@ -1183,6 +1183,7 @@ const proxyProvider = new ProxyOAuthServerProvider({
             token,
             clientId: "123",
             scopes: ["openid", "email", "profile"],
+            expiresAt: Math.floor(Date.now() / 1000) + 3600
         }
     },
     getClient: async (client_id) => {