Skip to main content

Recipes

Register a bearer HTTP security scheme

import { SchemesStore, SecuritySchemeType } from '@quik/authorization';

SchemesStore.add('bearer', { type: SecuritySchemeType.HTTP, scheme: 'bearer' });

Registering an invalid scheme (missing scheme for HTTP, missing name/in for API key, missing flows for OAuth2, etc.) throws the matching validation error, e.g. InvalidHTTPSecuritySchemeError or AtLeastOneFlowRequiredError.

Require a minimum assurance level

import { AuthDecorators } from '@quik/authorization';

class BillingController {
@AuthDecorators.RequireAssuranceLevel(2)
refund() { /* ... */ }
}

Throws AssuranceLevelTooLowError when the user's auth.authorization.fields.assuranceLevel field is below the required level.

Require completed authentication factors

import { AuthDecorators } from '@quik/authorization';

class SettingsController {
@AuthDecorators.RequireAnyFactor('totp', 'webauthn')
updateSecurity() { /* ... */ }
}

Throws MissingRequiredAuthenticationFactorError when none of the requested factors are present in the auth.authorization.fields.authenticationMethods/completedFactors fields on the user payload.

Block authenticated users from a route

import { AuthDecorators } from '@quik/authorization';

class LoginController {
@AuthDecorators.Unauthenticated()
login() { /* ... */ }
}

Throws MustBeUnauthenticatedError when event.user is already set.

Decode a token without verifying it

import { Utils } from '@quik/authorization';

const decoded = Utils.JWT.decode(token);

Use this for inspection only; prefer Utils.JWT.verifyAndDecode when the token must be trusted.