Quickstart
import { Utils } from '@quik/authorization';
const token = Utils.JWT.sign({
payload: { sub: 'user-123' },
expiresIn: '1d'
});
const valid = Utils.JWT.verify(token);
const payload = Utils.JWT.verifyAndDecode<{ sub: string }>(token);
Guarding routes
AuthDecorators provides middleware decorators built on top of @quik/http's MiddlewareUtils:
import { AuthDecorators } from '@quik/authorization';
class UsersController {
@AuthDecorators.CanAccess('users.read')
list() { /* ... */ }
@AuthDecorators.RequiresMfa()
deleteAccount() { /* ... */ }
}
Notes
Utils.JWT.verifyAndDecodethrowsInvalidTokenErrorwhen no token is provided or verification fails.AuthDecorators.CanAccess(...keys)throwsMustBeAuthenticatedErrorwhenevent.useris missing, andForbiddenAccessErrorwhen the user lacks the required permission.AuthDecorators.RequireAssuranceLevel/RequireAnyFactor/RequireAllFactorsread the fields configured underauth.authorization.fields.*from the user payload.- Register HTTP security schemes with
SchemesStore.add(name, scheme)before referencing them in OpenAPI security metadata; an unknown scheme name throwsUnregisteredAuthorizationStrategyError.