Make expiresAt mandatory since it is validated as mandatory at runtime

Nick-Lucas · Nick-Lucas · commit 6475f73b157e · 2025-09-21T15:12:41.000+01:00
diff --git a/src/server/auth/middleware/bearerAuth.test.ts b/src/server/auth/middleware/bearerAuth.test.ts
@@ -95,7 +95,9 @@ describe("requireBearerAuth middleware", () => {
       token: "no-expiration-token",
       clientId: "client-123",
       scopes: ["read", "write"],
-      expiresAt
+
+      // Type does not accept possible undefined so an assertion is required for this test
+      expiresAt: expiresAt as number
     };
     mockVerifyAccessToken.mockResolvedValue(noExpirationAuthInfo);
 
@@ -146,6 +148,7 @@ describe("requireBearerAuth middleware", () => {
       token: "valid-token",
       clientId: "client-123",
       scopes: ["read"],
+      expiresAt: Math.floor(Date.now() / 1000) + 3600,
     };
     mockVerifyAccessToken.mockResolvedValue(authInfo);
 
@@ -418,6 +421,7 @@ describe("requireBearerAuth middleware", () => {
         token: "valid-token",
         clientId: "client-123",
         scopes: ["read"],
+        expiresAt: Math.floor(Date.now() / 1000) + 3600,
       };
       mockVerifyAccessToken.mockResolvedValue(authInfo);
 
diff --git a/src/server/auth/types.ts b/src/server/auth/types.ts
@@ -20,7 +20,7 @@ export interface AuthInfo {
   /**
    * When the token expires (in seconds since epoch).
    */
-  expiresAt?: number;
+  expiresAt: number;
 
   /**
    * The RFC 8707 resource server identifier for which this token is valid.
@@ -33,4 +33,4 @@ export interface AuthInfo {
    * This field should be used for any additional data that needs to be attached to the auth info.
   */
   extra?: Record<string, unknown>;
-}
+}
