Easy Nest.js Authentication With Passport.js | (GraphQL + Rest API)
Vložit
- čas přidán 17. 01. 2021
- Starting Repo: github.com/mguay22/nestjs-gra...
Finishing Repo: github.com/mguay22/nestjs-gra...
Passport.js: www.passportjs.org/
Nest.js Auth Docs: docs.nestjs.com/security/auth...
Get my highly-rated Udemy courses at a discount here: michaelguay.dev/udemy/ - Věda a technologie
Get my highly-rated Udemy courses at a discount here: michaelguay.dev/udemy/
Great tutorial, extremely helpful. Thanks a lot for your hard work Michael, much appreciated!
Man I did a terrible integration of auth in my project back 1 month ago, now this is way more clear than mine, you did it pretty easily I may implemented it like this now
Dude this is a life saver, thanks! Saved me so much time.
Simply awesome & straight to the point mate , thanks
great information, very nicely explained. thank you so much!
Great explanation. please do one more tutorial on this about refresh token implementation.
This video is very valuable. Thank you my friend
useful video for some things but after hearing you say "in a real application I would do something else" about 10 times, I realized this wasn't what I was looking for. I am actually writing real apps not faking all the tough parts. I know you were trying to keep it short but the basic stuff is pretty straightforward. Thanks
Thank. you for the feedback. Do you have any specific examples of parts you would like to see in more detail? I can go into more depth in my next video.
Thanks, and subscribed! :)
So clear.
Nice video Michael, I have an idea for next videos. Can you do a tutorial of a full login, register functionality, adding github, google and jwt auth?.
hey is it possible to use more than one strategy (google + twitter) and create one custom guard with user.role check? i will try to achieve this because that would be lovely.
Hey Michael, what database would be good to connect with graphql,
Also if i wanna create a client folder, should i connect them in proxy same as mern stack ?
Awesome
Bit confused as to why you write a verify method for the AuthService class? I thought it may be used in the JwtStrategy validate method, but it looks like passport does some magic behind the scenes for us to verify the token in the header?
Hey Joshua - you are right, it is a bit misleading. Passport already does this work for us in the validate method of JwtStrategy. I.e, we try to get the user by email (with information from the decoded token) and if the user is returned, it is added to the Request object for later use.
I included the extra verify method because sometimes you have scenarios in your app where you need to verify/get a user from a token outside of this normal flow, and this is how I would go about doing it. Let me know if that doesn't make sense.
@@mguay That makes total sense. Great video by the way!
When I try to run with the original code, it gives me error: src/users/users.service.ts:30:9 - error TS2322: Type 'User | undefined' is not assignable to type 'User'.
i have made almost the same way but any of Strategy are not works (i have tested without them just with Guards) and cant wind reason why
Using @CurrentUser decorator is smart, but still it requires sending it to every service method. Is it possible to have this.currentUser right inside the every method of a service without that?
I wonder, why are you mixing variable naming conventions? In one place it is underscore case access_token and in another it's camel-case passwordIsValid.
Why use post request in login? Why not just use mutation since the tutorial is about graphql?
Nice Video. Something i miss. I read to prevent Cross site scripting you have to add a csrf token. Could you create a video where you implement this in NestJS? The docs of NestJS refers to a manual at expressjs but i find it hard to implement this in NestJS with typescript.
Thank you, I will look into this.
I try two different tutorials and in both, includes your I have statusCode: 401, and if I comment @useGuard decorator req.user === undefined. I can't understand where is problem?
omg, I forgot to change Content-Type for body from Text to Json in Postman.
@@softwaredeveloper121 Glad you figured it out. I have made this same mistake before as well.
Are you storing passwords in plaintext?
do i must use auth.controller? is it impossible to write mutation or somthing, to have the login() in graphql, insted of a normal request?
Yes, you can absolutely implement the same flow using GraphQL. I choose REST because that is the standard protocol for this kind of authentication flow. GraphQL is best when you are mutating/querying data - in this case, we just want to exchange credentials for an access token.
@@mguay so we can mix rest + graphql on our server right? but how would you add user to context if you used rest? so many questions. i need to try this xd
everything is awesome but please change your vscode theme 😄
Also, even for a simple example, comparing plain passwords is like, better not to teach anyone this way. After all this tutorial is dedicated for authentication and password check is essential part of it
how to connect to an frontend pls
Good idea for my next video :)
@@mguay yeah and how to login from there