Recipes
Register a bearer HTTP security scheme
import { SchemesStore, SecuritySchemeType } from '@quik/authorization';
SchemesStore.add('bearer', { type: SecuritySchemeType.HTTP, scheme: 'bearer' });
Registering an invalid scheme (missing scheme for HTTP, missing name/in for API key, missing flows for
OAuth2, etc.) throws the matching validation error, e.g. InvalidHTTPSecuritySchemeError or
AtLeastOneFlowRequiredError.
Require a minimum assurance level
import { AuthDecorators } from '@quik/authorization';
class BillingController {
@AuthDecorators.RequireAssuranceLevel(2)
refund() { /* ... */ }
}
Throws AssuranceLevelTooLowError when the user's auth.authorization.fields.assuranceLevel field is below
the required level.
Require completed authentication factors
import { AuthDecorators } from '@quik/authorization';
class SettingsController {
@AuthDecorators.RequireAnyFactor('totp', 'webauthn')
updateSecurity() { /* ... */ }
}
Throws MissingRequiredAuthenticationFactorError when none of the requested factors are present in the
auth.authorization.fields.authenticationMethods/completedFactors fields on the user payload.
Block authenticated users from a route
import { AuthDecorators } from '@quik/authorization';
class LoginController {
@AuthDecorators.Unauthenticated()
login() { /* ... */ }
}
Throws MustBeUnauthenticatedError when event.user is already set.
Decode a token without verifying it
import { Utils } from '@quik/authorization';
const decoded = Utils.JWT.decode(token);
Use this for inspection only; prefer Utils.JWT.verifyAndDecode when the token must be trusted.