Consider a NestJS JWT authentication guard that validates the token and attaches the user to the request. What is the expected behavior when a valid JWT is sent in the Authorization header?
import { Injectable, CanActivate, ExecutionContext } from '@nestjs/common'; import { JwtService } from '@nestjs/jwt'; @Injectable() export class JwtAuthGuard implements CanActivate { constructor(private jwtService: JwtService) {} canActivate(context: ExecutionContext): boolean { const request = context.switchToHttp().getRequest(); const authHeader = request.headers['authorization']; if (!authHeader) return false; const token = authHeader.split(' ')[1]; try { const payload = this.jwtService.verify(token); request.user = payload; return true; } catch { return false; } } }
Think about what the guard does after verifying the token.
When the JWT is valid, the guard verifies it and attaches the decoded payload to request.user. Then it returns true to allow the request to proceed.
In a NestJS guard, you want to extract the JWT token from the Authorization header which looks like 'Bearer <token>'. Which code snippet correctly extracts the token?
Remember the 'Bearer ' prefix is 7 characters including the space.
Splitting the header string by space and taking the second part correctly extracts the token. Other methods may have off-by-one errors.
Given the following guard code, why does it always return false even with a valid token?
import { Injectable, CanActivate, ExecutionContext } from '@nestjs/common'; import { JwtService } from '@nestjs/jwt'; @Injectable() export class JwtAuthGuard implements CanActivate { constructor(private jwtService: JwtService) {} canActivate(context: ExecutionContext): boolean { const request = context.switchToHttp().getRequest(); const authHeader = request.headers['authorization']; if (!authHeader) return false; const token = authHeader.split(' ')[1]; try { this.jwtService.verify(token); return false; } catch { return false; } } }
Look at what the guard returns after successful verification.
The guard calls verify but then returns false regardless, so it never allows requests through.
Assuming the JWT payload is {"sub": "123", "username": "alice"}, what will request.user contain after the guard runs successfully?
const payload = { sub: '123', username: 'alice' };
request.user = payload;The guard sets request.user to the decoded token payload.
The guard assigns the decoded JWT payload directly to request.user, so it matches the payload exactly.
In a NestJS JWT guard, if the Authorization header is missing or does not contain a token, what error or behavior should you expect?
canActivate(context: ExecutionContext): boolean {
const request = context.switchToHttp().getRequest();
const authHeader = request.headers['authorization'];
if (!authHeader) return false;
const token = authHeader.split(' ')[1];
try {
this.jwtService.verify(token);
return true;
} catch {
return false;
}
}Check the guard's behavior when the header is missing.
The guard checks if the header exists and returns false immediately if missing, denying access without throwing.