Recipes
Register an OAuth provider
import { Passport } from '@quik/passport';
import { SecuritySchemeType } from '@quik/authorization';
import { Strategy as GoogleStrategy } from 'passport-google-oauth20';
Passport.Providers.register({
name: 'google',
strategy: GoogleStrategy,
options: {
clientID: process.env.GOOGLE_CLIENT_ID ?? '',
clientSecret: process.env.GOOGLE_CLIENT_SECRET ?? '',
callbackURL: '/auth/google/callback'
},
verify: async (accessToken, refreshToken, profile, done) => {
done(null, { id: profile.id, email: profile.emails?.[0]?.value });
},
securityScheme: {
type: SecuritySchemeType.OAUTH2,
flows: {
authorizationCode: {
authorizationUrl: 'https://accounts.google.com/o/oauth2/v2/auth',
tokenUrl: 'https://oauth2.googleapis.com/token',
scopes: {}
}
}
}
});
Register a passkey provider and protect a route
import { Passport } from '@quik/passport';
import { Decorators, QRoute } from '@quik/http';
Passport.Passkey.setProvider({
async verifyAuthentication(input) {
// Validate the WebAuthn assertion and resolve the user.
return { id: 'u1', email: 'user@example.com' } as any;
},
async verifyRegistration(input) {
// Validate the WebAuthn attestation.
return true;
}
});
@Decorators.Route.Route('/auth/passkey')
export class PasskeyRoute extends QRoute {
@Passport.Decorators.Passkey
@Decorators.Endpoint.POST('/verify')
async verify() {
return { ok: true };
}
}
Custom passkey credential storage
Implement IQPasskeyCredentialStore to back passkey credentials with your own persistence, then register it:
import { Passport } from '@quik/passport';
Passport.Passkey.setCredentialStore(myCredentialStore);
When createAuthenticationOptions({ userId }) is called without allowCredentials, stored credentials for that
user are looked up automatically through the registered credential store.
Enable the Scalar passkey helper
Set docs.scalar.passkey.enabled to true so the passkey login flow is registered with @quik/http-express's
Scalar API docs UI via ScalarHooks.addConfiguration(() => Passport.Scalar.createPasskeyConfiguration()) — this
wiring happens automatically in onAfterInit when the flag is on; you do not need to call it yourself.