NestJSframework~30 mins

Refresh token pattern in NestJS - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Perf

Implementing Refresh Token Pattern in NestJS

📖 Scenario: You are building a secure authentication system for a web app using NestJS. To keep users logged in without asking for their password repeatedly, you will implement a refresh token pattern. This means the app issues a short-lived access token and a longer-lived refresh token. When the access token expires, the refresh token can get a new access token without logging in again.

🎯 Goal: Build a simple NestJS service that stores a refresh token for a user, validates it, and issues a new access token when requested.

📋 What You'll Learn

Create a service with a dictionary to store refresh tokens by user ID

Add a configuration variable for refresh token expiration time

Implement a method to validate a refresh token and generate a new access token

Complete the service by adding a method to save a refresh token for a user

💡 Why This Matters

🌍 Real World

Refresh tokens are used in real web apps to keep users logged in securely without asking for passwords repeatedly.

💼 Career

Understanding refresh token patterns is essential for backend developers working on authentication and security in modern web applications.

Progress0 / 4 steps

Create refresh token storage

Create a NestJS service class called AuthService with a private dictionary called refreshTokens that maps string user IDs to string refresh tokens. Initialize refreshTokens as an empty object.

NestJS

export class AuthService {
  // Your code here
}

Need a hint?

Use private refreshTokens: Record<string, string> = {}; inside the class.

Add refresh token expiration config

Inside the AuthService class, add a private readonly variable called refreshTokenExpiry and set it to 7 * 24 * 60 * 60 (seconds in 7 days).

NestJS

export class AuthService {
  private refreshTokens: Record = {};
  // Your code here
}

Need a hint?

This variable holds the refresh token expiration time in seconds.

Implement refresh token validation and access token generation

Add a method called refreshAccessToken in AuthService that takes userId: string and refreshToken: string. Inside, check if this.refreshTokens[userId] equals the given refreshToken. If not, return null. If valid, return a new access token string in the format `access-token-for-${userId}`.

NestJS

export class AuthService {
  private refreshTokens: Record = {};
  private readonly refreshTokenExpiry = 7 * 24 * 60 * 60;

  // Your code here
}

Need a hint?

Check the stored token matches the input, then return a new access token string.

Add method to save refresh token

Add a method called saveRefreshToken in AuthService that takes userId: string and refreshToken: string. It should store the refresh token in this.refreshTokens using the user ID as the key.

NestJS

export class AuthService {
  private refreshTokens: Record = {};
  private readonly refreshTokenExpiry = 7 * 24 * 60 * 60;

  refreshAccessToken(userId: string, refreshToken: string): string | null {
    if (this.refreshTokens[userId] !== refreshToken) {
      return null;
    }
    return `access-token-for-${userId}`;
  }

  // Your code here
}

Need a hint?

Store the refresh token in the dictionary using the user ID as key.