Quickstart
Set oauth.server.enabled (OAUTH_SERVER_ENABLED) to true, then register a client and run the authorization code flow:
import { ServicesStore } from '@quik/services';
import { QOAuthServerService } from '@quik/oauth-server';
const oauth = ServicesStore.get(QOAuthServerService);
oauth.assertEnabled();
oauth.registerClient({
id: 'web-app',
type: 'public',
redirectUris: ['https://app.example.com/callback'],
allowedGrantTypes: ['authorization_code', 'refresh_token']
});
const authCode = oauth.createAuthorizationCode({
clientId: 'web-app',
userId: 'user-1',
redirectUri: 'https://app.example.com/callback',
scope: ['profile'],
codeChallenge: 'S256_HASH',
codeChallengeMethod: 'S256'
});
const token = await oauth.exchangeAuthorizationCode({
clientId: 'web-app',
code: authCode.code,
redirectUri: 'https://app.example.com/callback',
codeVerifier: 'verifier-value'
});
Notes
oauth.server.pkce.requiredByDefaultistrue— public clients must supply a PKCE code challenge unless the client profile overrides it.@quik/oauth-serverregisters its API endpoints automatically when an HTTP engine is present; no manual route wiring is required.