0
0
NestJSframework~10 mins

Local strategy (username/password) in NestJS - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Concept Flow - Local strategy (username/password)
User submits username & password
LocalStrategy validate() called
Check username & password in DB
Return user object
Passport attaches user to request
Request proceeds to controller
User sends credentials, LocalStrategy checks them, returns user if valid, else rejects.
Execution Sample
NestJS
async validate(username: string, password: string) {
  const user = await this.authService.validateUser(username, password);
  if (!user) {
    throw new UnauthorizedException();
  }
  return user;
}
This function checks username and password, returns user if valid, else throws error.
Execution Table
StepActionInputCheck ResultOutcome
1Call validate()username='alice', password='secret'N/AProceed to check user
2Call authService.validateUser()username='alice', password='secret'User found and password matchesReturns user object
3Check if user existsuser objectUser existsReturn user
4Attach user to requestuser objectN/AUser attached, request proceeds
5Call validate() with wrong passwordusername='alice', password='wrong'User not found or password mismatchThrow UnauthorizedException
💡 Execution stops when user is returned or UnauthorizedException is thrown.
Variable Tracker
VariableStartAfter Step 2After Step 3After Step 5
usernameundefined'alice''alice''alice'
passwordundefined'secret' or 'wrong''secret' or 'wrong''wrong'
userundefined{id:1, name:'alice'} or null{id:1, name:'alice'} or nullnull
Key Moments - 2 Insights
Why does validate() throw UnauthorizedException sometimes?
Because authService.validateUser() returned null, meaning username or password was wrong (see execution_table step 5).
What happens if validate() returns a user?
Passport attaches the user to the request object so controllers can access it (see execution_table step 4).
Visual Quiz - 3 Questions
Test your understanding
Look at the execution table, what is the outcome at step 3 when user exists?
AThrow UnauthorizedException
BReturn user object
CCall authService.validateUser() again
DAttach null to request
💡 Hint
Check the 'Outcome' column in execution_table row 3.
At which step does the UnauthorizedException get thrown?
AStep 2
BStep 3
CStep 5
DStep 4
💡 Hint
Look for 'Throw UnauthorizedException' in the 'Outcome' column.
If the password is correct, what variable changes after step 2?
Auser becomes user object
Bpassword becomes undefined
Cusername becomes null
Duser becomes null
💡 Hint
Check variable_tracker for 'user' after step 2.
Concept Snapshot
Local strategy checks username and password.
validate() calls authService.validateUser().
If valid, returns user object.
If invalid, throws UnauthorizedException.
User attached to request for later use.
Full Transcript
In NestJS, the Local strategy uses a validate() method to check username and password. When a user submits credentials, validate() calls authService.validateUser() to verify them. If the user is found and password matches, validate() returns the user object. Passport then attaches this user to the request so controllers can access it. If credentials are wrong, validate() throws an UnauthorizedException, stopping the request. This flow ensures only valid users proceed.