diff --git a/API.md b/API.md
index 6002cf73..56fd04c6 100644
--- a/API.md
+++ b/API.md
@@ -32,7 +32,7 @@ Additional configuration keys that can be passed to `auth()` on initialization:
 - **`handleCallback`** - Function that runs on the callback route, after callback processing but before redirection. Default is [here](lib/hooks/handleCallback.js).
 - **`httpOptions`** - Default options object used for all HTTP calls made by the library ([possible options](https://github.com/sindresorhus/got/tree/v9.6.0#options)). Default is empty.
 - **`idpLogout`** - Boolean value to log the user out from the identity provider on application logout. Requires the issuer to provide a `end_session_endpoint` value. Default is `false`.
-- **`idTokenAlg`** - String value for the ID token algorithm. Default is `RS256`.
+- **`idTokenAlg`** - String value for the expected ID token algorithm. Default is `RS256`.
 - **`identityClaimFilter`** - Array value of claims to remove from the ID token before storing the cookie session. Default is `['aud', 'iss', 'iat', 'exp', 'nonce', 'azp', 'auth_time']`.
 - **`legacySameSiteCookie`** - Set a fallback cookie with no SameSite attribute when `authorizationParams.response_mode` is `form_post`. Default is `true`.
 - **`loginPath`** - Relative path to application login. Default is `/login`.
diff --git a/index.d.ts b/index.d.ts
index 61322fb6..600a8845 100644
--- a/index.d.ts
+++ b/index.d.ts
@@ -1,9 +1,13 @@
 // Type definitions for express-openid-connect
 
 import { AuthorizationParameters, TokenSet, UserinfoResponse } from 'openid-client';
-import { Request, RequestHandler } from 'express';
+import { Request, Response, NextFunction, RequestHandler } from 'express';
 
 interface ConfigParams {
+    appSessionCookie?: SessionCookieConfigParams;
+    appSessionDuration?: number;
+    appSessionName?: string;
+    appSessionSecret: boolean | string | string[];
     auth0Logout?: boolean;
     authorizationParams?: AuthorizationParameters
     baseURL?: string;
@@ -11,10 +15,14 @@ interface ConfigParams {
     clientSecret?: string;
     clockTolerance?: number;
     errorOnRequiredAuth?: boolean;
-    getUser?: (tokenSet: TokenSet) => undefined | UserinfoResponse;
+    getUser?: (req: Request, config: ConfigParams) => undefined | UserinfoResponse;
+    handleCallback?: RequestHandler;
+    httpOptions?: object;
+    identityClaimFilter?: string[];
     idpLogout?: boolean;
     idTokenAlg?: string;
     issuerBaseURL?: string;
+    legacySameSiteCookie?: boolean;
     loginPath?: string;
     logoutPath?: string;
     redirectUriPath?: string;
@@ -22,6 +30,14 @@ interface ConfigParams {
     routes?: boolean;
 }
 
+interface SessionCookieConfigParams {
+    domain?: string;
+    httpOnly?: boolean;
+    path?: string;
+    sameSite?: string;
+    secure?: boolean;
+}
+
 export function auth(params?: ConfigParams): RequestHandler;
 export function requiresAuth(): RequestHandler;
 export function unauthorizedHandler(): RequestHandler;