Skip to main content

Quickstart

import { Utils } from '@quik/authorization';

const token = Utils.JWT.sign({
payload: { sub: 'user-123' },
expiresIn: '1d'
});

const valid = Utils.JWT.verify(token);
const payload = Utils.JWT.verifyAndDecode<{ sub: string }>(token);

Guarding routes

AuthDecorators provides middleware decorators built on top of @quik/http's MiddlewareUtils:

import { AuthDecorators } from '@quik/authorization';

class UsersController {
@AuthDecorators.CanAccess('users.read')
list() { /* ... */ }

@AuthDecorators.RequiresMfa()
deleteAccount() { /* ... */ }
}

Notes

  • Utils.JWT.verifyAndDecode throws InvalidTokenError when no token is provided or verification fails.
  • AuthDecorators.CanAccess(...keys) throws MustBeAuthenticatedError when event.user is missing, and ForbiddenAccessError when the user lacks the required permission.
  • AuthDecorators.RequireAssuranceLevel/RequireAnyFactor/RequireAllFactors read the fields configured under auth.authorization.fields.* from the user payload.
  • Register HTTP security schemes with SchemesStore.add(name, scheme) before referencing them in OpenAPI security metadata; an unknown scheme name throws UnregisteredAuthorizationStrategyError.