Troubleshooting
Module not initialized
Make sure @quik/authorization is registered in your bootstrap module and appears after its dependencies.
Token verification always fails
Utils.JWT.verify/verifyWithReason check the token's signature, algorithm, issuer, and audience
against auth.jwt.secret, auth.jwt.algorithm, auth.jwt.issuer, and auth.jwt.audience. A mismatch on any
of these (for example, a token signed with a different auth.jwt.secret) causes verification to fail silently
(verify returns false) or throw InvalidTokenError (verifyAndDecode).
Unknown security scheme
Referencing a security scheme name that was never registered with SchemesStore.add throws
UnregisteredAuthorizationStrategyError. Register the scheme before decorating routes with it.
Common Errors
quik.errors.authorization.invalid-token: no token was provided, or the token failed verification.quik.errors.authorization.must-be-authenticated:AuthDecorators.CanAccesswas used butevent.useris not set.quik.errors.authorization.must-be-unauthenticated:AuthDecorators.Unauthenticatedwas used butevent.useris set.quik.errors.authorization.forbidden-access: the authenticated user lacks the required permission.quik.errors.authorization.assurance-level-too-low: the user's assurance level is below the level required byRequireAssuranceLevel.quik.errors.authorization.missing-required-authentication-factor: none of the required factors were completed.quik.errors.authorization.unregistered-authorization-strategy: an unregistered security scheme name was used in a decorator.quik.errors.authorization.unregistered-basic-auth-callback: basic auth is used without a registered callback.quik.errors.authorization.invalid-http-security-scheme/invalid-api-key-security-scheme/invalid-api-key-location/invalid-openid-security-scheme/invalid-oauth2-security-scheme/invalid-oauth2-flow-definition:SchemesStore.addrejected a malformed scheme definition.quik.errors.authorization.at-least-one-flow-required: an OAuth2 scheme was registered with no flows defined.