Quik Framework :: Passport
- Codename: Berlin
- Version: 0.2.0-beta.76
- License: Check license here
@quik/passport integrates Passport.js with Quik authorization and HTTP modules.
It supports built-in Basic and Bearer strategies, custom OAuth providers, and passkey flows.
For ready-to-use passkey HTTP endpoints, load @quik/passport-passkey.
Scalar passkey helper support is built into @quik/passport.
Installation
pnpm add @quik/passport
What The Module Does
- Loads module locales for passkey-related errors.
- Registers Passport runtime middleware into the Express engine.
- Registers built-in strategies (
basic,bearer,passkey). - Registers OAuth providers from the providers store.
Configuration
Passkey support uses Quik config keys under auth.passkey:
auth.passkey.challenge.timeToLiveMsdefault300000.auth.passkey.relyingParty.iddefaultlocalhost.auth.passkey.relyingParty.namedefaultQuik.
relyingParty.id means the domain identity for your app in WebAuthn
(for example example.com). relyingParty.name is the user-facing app name
shown by passkey clients and authenticators.
These keys can be provided in your app defaults/environment pipeline.
Scalar helper support uses docs.scalar.passkey.*:
docs.scalar.passkey.enableddocs.scalar.passkey.titledocs.scalar.passkey.descriptiondocs.scalar.passkey.begin.urldocs.scalar.passkey.begin.methoddocs.scalar.passkey.verify.urldocs.scalar.passkey.verify.methoddocs.scalar.passkey.authorization.headerNamedocs.scalar.passkey.authorization.schemedocs.scalar.passkey.authorization.tokenPathdocs.scalar.passkey.includeCredentials
Basic Endpoint Protection
import { Passport } from '@quik/passport';
import { Decorators, QRoute } from '@quik/http';
@Decorators.Route.Route('/me')
export class MeRoute extends QRoute {
@Passport.Decorators.Bearer
@Decorators.Endpoint.GET('/')
async get() {
return { ok: true };
}
}
OAuth Provider Registration
import { Passport } from '@quik/passport';
import { SecuritySchemeType } from '@quik/authorization';
import { Strategy as GoogleStrategy } from 'passport-google-oauth20';
Passport.Providers.register({
name: 'google',
strategy: GoogleStrategy,
options: {
clientID: process.env.GOOGLE_CLIENT_ID ?? '',
clientSecret: process.env.GOOGLE_CLIENT_SECRET ?? '',
callbackURL: '/auth/google/callback'
},
verify: async (accessToken, refreshToken, profile, done) => {
done(null, { id: profile.id, email: profile.emails?.[0]?.value });
},
securityScheme: {
type: SecuritySchemeType.OAUTH2,
flows: {
authorizationCode: {
authorizationUrl: 'https://accounts.google.com/o/oauth2/v2/auth',
tokenUrl: 'https://oauth2.googleapis.com/token',
scopes: {}
}
}
}
});
Passkey API
The package exports Passport.Passkey helpers:
createRegistrationOptions(input).verifyRegistration(challengeId, response, request?).createAuthenticationOptions(input?).verifyAuthentication(challengeId, response, request?).cleanupChallenges(now?).setProvider(provider, name?),getProvider(name?),clearProviders().setChallengeStore(store),getChallengeStore().setCredentialStore(store),getCredentialStore().
Minimal Provider Example
import { Passport } from '@quik/passport';
Passport.Passkey.setProvider({
async verifyAuthentication(input) {
// Validate WebAuthn assertion and resolve user.
return { id: 'u1', email: 'user@example.com' } as any;
},
async verifyRegistration(input) {
// Validate WebAuthn attestation.
return true;
}
});
Use The Passkey Strategy On Endpoints
import { Passport } from '@quik/passport';
import { Decorators, QRoute } from '@quik/http';
@Decorators.Route.Route('/auth/passkey')
export class PasskeyRoute extends QRoute {
@Passport.Decorators.Passkey
@Decorators.Endpoint.POST('/verify')
async verify() {
return { ok: true };
}
}
Credential Store Contract
Passkey credentials can be backed by your own persistence by implementing
IQPasskeyCredentialStore and registering it with:
import { Passport } from '@quik/passport';
Passport.Passkey.setCredentialStore(myCredentialStore);
When createAuthenticationOptions({ userId }) is called without
allowCredentials, stored credentials for that user are used automatically.
API Reference
Generated API documentation is available in the passport API section.