# ExpressMiddleware
## ExpressMiddleware{#ExpressMiddleware}
### ServiceAuthorizationMiddleware{#ServiceAuthorizationMiddleware}
ServiceAuthorizationMiddleware
#### new ServiceAuthorizationMiddleware(options)
| Param | Type | Description |
| ------------------------------ | -------- | --------------------------------------------------------- |
| options | `Object` | **Required -** |
| options.serviceTokenSignSecret | `string` | **Required -** Secret to validate token signature against |
### authorize(authParams)
Extract and authorize token using the provided auth params
| Param | Type | Description |
| ---------- | ---------------------------------------------------- | -------------------------------------------------- |
| authParams | `FullAuthorizationParameters` \| `AuthorizationMode` | **Required -** Authorization parameters to pass to |
### errorHandler(\[err], req, res, next)
Error handler for errors thrown by ServiceAuthorizationMiddleware
Will handle telling IMSG to redirect unauthorized requests, but will pass on any other errors to next()
| Param | Type | Description |
| ----- | ---------- | --------------------------- |
| err | `Object` | Express err |
| req | `Object` | **Required -** Express req |
| res | `Object` | **Required -** Express res |
| next | `function` | **Required -** Express next |
The type definition of the full auhtorization object with all parameters.
Passed to the authorize function.
**Properties**
| Name | Type | Description |
| -------------------- | ----------------------------------- | ------------------------------------------------------ |
| onPreAuth | `function` | Function to run before authorize is called |
| org | `string` \| `function` \| `Boolean` | **Required** - Organiztion to authorize against |
| accessRules | `Array.` | Optional access rules to authorize against |
| suppressLoginTrigger | `Boolean` | If true, do not redirect failed authorization to login |
The type definition of the access rule.
Passed to the authorize function within the object as a list of access rules.
All properties are optional, but at least one must exist
**Properties**
| Name | Type | Description |
| ---------- | ---------------------- | ---------------------------------- |
| unit | `string` \| `function` | Unit that should match token |
| permission | `string` \| `function` | Permission that should match token |
| sub | `string` \| `function` | Subject that should match token |
Type defintion of the authorization mode.
SERVICE\_ADMIN\_ENDPOINT - Authorization validates if you are a service admin and have a valid token. Either accessed or thrown out.
OPEN\_ENDPOINT - Authorization validates if you have a valid token and lets you through to the open endpoint. Either accessed or thrown out.
Either SERVICE\_ADMIN\_ENDPOINT or OPEN\_ENDPOINT
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.navigaglobal.com/navigaid/shared-modules/service-authorization-lib/expressmiddleware.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.