0
0
NestJSframework~10 mins

Token generation and validation in NestJS - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Concept Flow - Token generation and validation
Start Request
Generate Token
Send Token to Client
Client Sends Token Back
Validate Token
Allow Access
End
This flow shows how a token is created, sent to the client, then validated on future requests to allow or deny access.
Execution Sample
NestJS
const token = this.jwtService.sign(payload);
// send token
const decoded = this.jwtService.verify(token);
if (decoded) {
  // access granted
}
This code generates a token from a payload, then verifies it to check if access should be granted.
Execution Table
StepActionInputOutputNotes
1Generate token{ userId: 1 }eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...Token created from payload
2Send tokenToken stringToken sent to clientClient stores token
3Client sends token backToken stringToken received by serverServer prepares to validate
4Validate tokenToken string{ userId: 1, iat: 1680000000 }Token decoded successfully
5Check validityDecoded payloadAccess grantedToken is valid, user allowed
6Validate tokenInvalid token stringError thrownToken invalid or expired
7Check validityErrorAccess deniedUser denied access due to invalid token
💡 Execution stops when token is either validated successfully or rejected due to invalidity.
Variable Tracker
VariableStartAfter Step 1After Step 4After Step 6
payload{ userId: 1 }{ userId: 1 }{ userId: 1 }{ userId: 1 }
tokenundefinedeyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...invalid_token_string
decodedundefinedundefined{ userId: 1, iat: 1680000000 }Error thrown
Key Moments - 3 Insights
Why does the token look like a long random string?
The token is a signed string that encodes the payload securely. See execution_table step 1 where the payload is converted into the token string.
What happens if the token is expired or tampered with?
At step 6 in the execution_table, the validation fails and an error is thrown, leading to access denial at step 7.
Why do we check the decoded payload after verifying the token?
Because verifying the token returns the original payload if valid, which we use to confirm user identity and permissions (step 5).
Visual Quiz - 3 Questions
Test your understanding
Look at the execution_table, what is the output at step 4 when validating a valid token?
AError thrown
B{ userId: 1, iat: 1680000000 }
CAccess denied
DToken sent to client
💡 Hint
Check the 'Output' column for step 4 in the execution_table.
At which step does the server deny access due to an invalid token?
AStep 3
BStep 5
CStep 7
DStep 1
💡 Hint
Look for 'Access denied' in the 'Output' column of the execution_table.
If the payload changes, how does it affect the token in variable_tracker after step 1?
AToken string changes to reflect new payload
BToken remains the same
CDecoded payload changes but token stays same
DPayload does not affect token
💡 Hint
Refer to variable_tracker showing token value after step 1 depends on payload.
Concept Snapshot
Token generation and validation in NestJS:
- Use jwtService.sign(payload) to create a token.
- Send token to client for future requests.
- Use jwtService.verify(token) to decode and validate.
- If valid, allow access; if invalid, deny access.
- Tokens secure user identity and session info.
Full Transcript
This visual execution shows how NestJS generates and validates tokens. First, a payload like { userId: 1 } is signed into a token string. This token is sent to the client, who stores it. When the client makes requests, it sends the token back. The server verifies the token. If valid, it decodes the payload and grants access. If invalid or expired, it denies access. Variables like payload, token, and decoded data change step-by-step as shown. Key moments include understanding the token format, handling invalid tokens, and why decoding is needed after verification.