Skip to main content

Recipes

Register an OAuth provider

import { Passport } from '@quik/passport';
import { SecuritySchemeType } from '@quik/authorization';
import { Strategy as GoogleStrategy } from 'passport-google-oauth20';

Passport.Providers.register({
name: 'google',
strategy: GoogleStrategy,
options: {
clientID: process.env.GOOGLE_CLIENT_ID ?? '',
clientSecret: process.env.GOOGLE_CLIENT_SECRET ?? '',
callbackURL: '/auth/google/callback'
},
verify: async (accessToken, refreshToken, profile, done) => {
done(null, { id: profile.id, email: profile.emails?.[0]?.value });
},
securityScheme: {
type: SecuritySchemeType.OAUTH2,
flows: {
authorizationCode: {
authorizationUrl: 'https://accounts.google.com/o/oauth2/v2/auth',
tokenUrl: 'https://oauth2.googleapis.com/token',
scopes: {}
}
}
}
});

Register a passkey provider and protect a route

import { Passport } from '@quik/passport';
import { Decorators, QRoute } from '@quik/http';

Passport.Passkey.setProvider({
async verifyAuthentication(input) {
// Validate the WebAuthn assertion and resolve the user.
return { id: 'u1', email: 'user@example.com' } as any;
},
async verifyRegistration(input) {
// Validate the WebAuthn attestation.
return true;
}
});

@Decorators.Route.Route('/auth/passkey')
export class PasskeyRoute extends QRoute {
@Passport.Decorators.Passkey
@Decorators.Endpoint.POST('/verify')
async verify() {
return { ok: true };
}
}

Custom passkey credential storage

Implement IQPasskeyCredentialStore to back passkey credentials with your own persistence, then register it:

import { Passport } from '@quik/passport';

Passport.Passkey.setCredentialStore(myCredentialStore);

When createAuthenticationOptions({ userId }) is called without allowCredentials, stored credentials for that user are looked up automatically through the registered credential store.

Enable the Scalar passkey helper

Set docs.scalar.passkey.enabled to true so the passkey login flow is registered with @quik/http-express's Scalar API docs UI via ScalarHooks.addConfiguration(() => Passport.Scalar.createPasskeyConfiguration()) — this wiring happens automatically in onAfterInit when the flag is on; you do not need to call it yourself.