0
0
NestjsHow-ToBeginner ยท 4 min read

How to Implement Authentication in NestJS: Simple Guide

To implement authentication in NestJS, use the @nestjs/passport package with strategies like JWT. Set up a guard with AuthGuard to protect routes and use services to validate users and generate tokens.
๐Ÿ“

Syntax

Authentication in NestJS typically involves these parts:

  • AuthModule: Imports and configures Passport and JWT modules.
  • AuthService: Handles user validation and token creation.
  • Strategy: Defines how to validate tokens or credentials (e.g., JWT strategy).
  • AuthGuard: Protects routes by checking authentication.
typescript
import { Module } from '@nestjs/common';
import { JwtModule } from '@nestjs/jwt';
import { PassportModule } from '@nestjs/passport';
import { AuthService } from './auth.service';
import { JwtStrategy } from './jwt.strategy';

@Module({
  imports: [
    PassportModule.register({ defaultStrategy: 'jwt' }),
    JwtModule.register({
      secret: 'yourSecretKey',
      signOptions: { expiresIn: '60m' },
    }),
  ],
  providers: [AuthService, JwtStrategy],
  exports: [AuthService],
})
export class AuthModule {}

// AuthGuard usage example
import { Controller, Get, UseGuards } from '@nestjs/common';
import { AuthGuard } from '@nestjs/passport';

@Controller('profile')
export class ProfileController {
  @UseGuards(AuthGuard('jwt'))
  @Get()
  getProfile() {
    return { message: 'This is a protected route' };
  }
}
๐Ÿ’ป

Example

This example shows a simple JWT authentication setup in NestJS. It includes user validation, token generation, and a protected route.

typescript
import { Injectable } from '@nestjs/common';
import { JwtService } from '@nestjs/jwt';
import { PassportStrategy } from '@nestjs/passport';
import { ExtractJwt, Strategy } from 'passport-jwt';

@Injectable()
export class AuthService {
  private users = [{ id: 1, username: 'user', password: 'pass' }];

  constructor(private jwtService: JwtService) {}

  async validateUser(username: string, pass: string) {
    const user = this.users.find(u => u.username === username && u.password === pass);
    if (user) {
      const { password, ...result } = user;
      return result;
    }
    return null;
  }

  async login(user: any) {
    const payload = { username: user.username, sub: user.id };
    return {
      access_token: this.jwtService.sign(payload),
    };
  }
}

@Injectable()
export class JwtStrategy extends PassportStrategy(Strategy) {
  constructor() {
    super({
      jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
      ignoreExpiration: false,
      secretOrKey: 'yourSecretKey',
    });
  }

  async validate(payload: any) {
    return { userId: payload.sub, username: payload.username };
  }
}

import { Controller, Post, Request, UseGuards, Get } from '@nestjs/common';
import { AuthGuard } from '@nestjs/passport';

@Controller()
export class AppController {
  constructor(private authService: AuthService) {}

  @Post('login')
  async login(@Request() req) {
    const user = await this.authService.validateUser(req.body.username, req.body.password);
    if (!user) {
      return { message: 'Invalid credentials' };
    }
    return this.authService.login(user);
  }

  @UseGuards(AuthGuard('jwt'))
  @Get('protected')
  getProtected() {
    return { message: 'You accessed a protected route' };
  }
}
Output
{ "access_token": "<jwt_token_here>" } { "message": "You accessed a protected route" }
โš ๏ธ

Common Pitfalls

Common mistakes when implementing auth in NestJS include:

  • Not setting the JWT secret consistently in JwtModule and JwtStrategy.
  • Forgetting to add @UseGuards(AuthGuard('jwt')) on protected routes.
  • Not validating user credentials properly before issuing tokens.
  • Using synchronous code where async is expected, causing unexpected behavior.
typescript
/* Wrong: Missing @UseGuards on protected route */
@Controller('data')
export class DataController {
  @Get()
  getData() {
    return { secret: 'data' };
  }
}

/* Right: Protect route with AuthGuard */
@Controller('data')
export class DataController {
  @UseGuards(AuthGuard('jwt'))
  @Get()
  getData() {
    return { secret: 'data' };
  }
}
๐Ÿ“Š

Quick Reference

Remember these key points for NestJS auth:

  • Use @nestjs/passport and @nestjs/jwt packages.
  • Configure JwtModule with a secret and expiration.
  • Create a JwtStrategy to validate tokens.
  • Protect routes with @UseGuards(AuthGuard('jwt')).
  • Validate users before issuing JWT tokens.
โœ…

Key Takeaways

Use Passport and JWT modules to implement authentication in NestJS.
Protect routes with AuthGuard using the 'jwt' strategy.
Always validate user credentials before issuing JWT tokens.
Keep your JWT secret consistent across modules and strategies.
Use async methods properly to avoid authentication errors.

Related by keyword

How to Create Controller in NestJS: Simple GuideModules Controllers ProvidersHow to Create a Module in NestJS: Simple GuideModules Controllers ProvidersHow to Create a Service in NestJS: Simple GuideModules Controllers ProvidersHow to Export Provider from Module in NestJS: Simple GuideModules Controllers ProvidersHow to Import Module in NestJS: Simple GuideModules Controllers Providers

Up next

What is Middleware in NestJS: Simple Explanation and ExampleWhat is Pipe in NestJS: Explanation and ExampleHow to Connect to Database in NestJS: Simple GuideHow to Create Entity in TypeORM with NestJS: Simple Guide

More in Authentication

How to Implement Refresh Token in NestJS SecurelyHow to Implement Role Based Access Control in NestJSHow to Use AuthGuard in NestJS for Route ProtectionHow to Use bcrypt in NestJS for Password Hashing