NestJS Authentication: JWTs, Sessions, logins, and more! | NestJS PassportJS Tutorial
Vložit
- čas přidán 9. 07. 2024
- In this video we'll discuss the fundamentals of adding authentication to your NestJS API. We'll talk about utilizing passport to use different types of authentication strategies. Specifically we will try the passport-local strategy as a basic login with username and password example. Next, we'll take a look at potentially using sessions to store user information and persist their login state. Finally we will also take a look at a state-less approach with JSON Web Tokens (JWTs). We'll create our own JWTs and I'll show you how you can use that to protect your API routes!
00:00 - Intro
03:35 - Initial routes
04:41 - UsersService
07:50 - AuthService
10:40 - Implementing passport-local strategy (username/password login)
18:08 - AuthGuards
23:25 - Summary of local login flow
29:02 - Guard to check if user is authenticated
31:41 - Setting up sessions
40:37 - Summary of login with sessions flow
44:25 - Setting up JWT strategy, signing and validating
1:00:25 - Summary of JWT strategy flow
1:04:22 - Conclusion
1:05:20 - Outro
Note: a lot of people are getting the error “request.isAuthenticated is not a function”. Please note that I explicitly mentioned in the video that it will not work until you properly setup sessions. If you run into that error, KEEP watching! The problem will resolve itself once you have the full setup, don’t stop at the point of error. If you watch the rest of the video and still have this problem, double check that you properly configured and registered your strategies and guards exactly as shown in the video.
in main.ts: below fix it for me
app.use(passport.initialize());
app.use(passport.session());
Any chance this can be added as an annotation to the video at that point? I fell into the same trap! Otherwise - awesome video. Keep up the great work!
Not after it’s published sorry
@@mariusespejo Thanks
And maybe something I am missing is some notes about the logout. Currently I am calling .logout() on the request AND calling session.destroy(). Maybe only the last one would be sufficient as it removes the complete session anyways ;-)
A problem I encountered: if you use argument names other than 'username' and 'password' for local strategy, you must specify them as options in local.strategy in super({ usernameField: 'otherName1', passwordField: 'otherName2' }).
If you don't, it won't even throw any errors, you'll just keep getting a 401 Unauthorized error. This drove me insane. Hope this helps others avoid this mistake.
But great tutorial regardless! Content like this makes the internet amazing.
Thank you so much man. You saved my life!!! It drove me insane for 2 hours. Thanks again
You are my savior, digital Jesus, God in CZcams. you saved my 8 hours.
Thank you very much, you saved me so much trouble
Oof. Thanks bro, I thought I was going insane, not seeing any logs or anything.
thank you so much bro holy shit
The best tutorial i watched so far. Author tells the info clearly and without any useless data. So, i want to say that i was here when the num of followers had been 7k
Can't thank you enough for this Marius, excellent content, pitched and paced perfectly.
Thank you! I appreciate the feedback
This tutorial I wanted today, what a coincidence
Thank you! Very useful. I appreciate your descriptions and of Sessions and JWTs! All the best.
Thank you so much for this tutorial, it helped clear up so much of my confusion. All the examples of different Passport strategies are written using ES6 modules, but the documentation for Nest is with classes. Your video helped translate the difference and finally got my code to work. Very clear and well explained --signed a junior developer that only learned ES6 Javascript in my bootcamp XD
I highly appreciate you going throug the code roughly and also briefly explaining the NPM packages which you're using / recommending. It's really fun coding along and learning in this video!
Glad you’re enjoying it!
Best tutorial on NestJs authentication so far. Thanks a lot!
Tks once again! You make this easy with yours explanations.. each of details, make a difference.
Thanks for spending the time explaining each part and drawing the parallels to his we would do it in express.
Really helped me understand how to accomplish session auth. Felt a bit lost when the docs only covered JWT auth and all the tutorials I found were showing me the code to make it work... But not why it worked haha
your nest js contents are soo good. keep it up marius
I love this tutorial. Clear as Spring water 💯
Thankss! very usefull. in the last two days, i got Understand this Framework because of you, thank man🙏
Keep it up
Absolutely awesome tutorial, thank you so much! Your explanation is very clear and to the point, you're a fantastic teacher! :D
thank you 🙂
Such a masterpiece bro♥️ everything is perfect in this video 🏳️🙌
Awesome tutorial thanks, I love that you included regular sessions as well and not ONLY a JWT implementation. Kudos!
Glad you liked it!
These video series are awesome! Thank you Marius :)
You’re welcome!
Great tutorial! Very detail and useful. Keep up the good work
Thank you!
Thank you so much for making this video! I loved it 😍
You’re welcome 😄
This was IMMENSELY helpful. THANK YOU!
You're welcome!
Extremely valuable content, thanks.
Even today i remember how i asked the question below the similar type of video about jwt and you reply back really fast althought your video was already great. As i see you still answers the questions and its impresive.
love your videos dude very clear explanation
this is an excellent video. your explanation is spot on. thank you for taking the time to make these
Appreciate the feedback! Thanks!
Thanks, @Marius! The video is so helpful, I really learnt a lot.
Excellent tutorial and better explanation!
Good job Marius, really appreciate your explanation. As I am transitioning to IT side, I find these videos very helpful.
Awesome, I wish you luck on your transition!
Great video! It helps me a lot, thank you!
Dude, after 4 days struggling you opened my eyes. They should add all of this in their documentation. You are a gold tressure!
@Dev Guy I read the documentation first and in the span of 4 days, probably 100 times :D I actually started the project because I loved the documentation, its just on spot, with a few missing parts :)
Docs are definitely very good but it’s not always intuitive to everyone. Simply saying just read the docs is like telling people don’t go to school just read the text books….
I’m been looking for this. Thank you thank you. Would git repo of this code.
@Dev Guy I looked at and read the documentation from Nest and Passport. The main problem for me with the documentation is Nest is all classes and Passport documentation show you how to configure the different strategies in ES6. This video is literally the only resource I've found (and I searched for over a week) that explains that (a) passport is initiated when it is included in the correct provider array and you do not need passport.use() as explained in the Passport docs and (b) the UseGuard is registering the strategy and there is no need for passport.register(), again, as explained in the Passport docs
Awesome !! 🔥🔥, Thank you very much
This was definitely very useful. Thank you so much 😁
🙌😄
That walkthrough at @23:45, priceless!
So there's actually a guard on the route but you can login with the right body data? neat!!
Thanks for your video, i loved!!!
Really really good fundamental tutorial!!!!
thanks
This was awesome!
Thanks for your content Marius. They are immensely helpful.
I’m glad! thanks for stopping by to comment
@@mariusespejo THANK YOU 😎👍🏾
Great video thank you!
So glad to know that you are following the official NestJs documentation! I also do the same.
Honestly it’s some of the best docs I’ve seen!
Thank you for your effort!
Great vid Marius we expect more 👏👏
thank you!
Awesome, please continue ;)
Another great video Marius!
Glad you think so 😄
Thank you so much for this tutorial
Great one 👌 Thanks
Cool content
Rly helpful
Ty!
thank you very much, your work is clear and it is very easy to follow you through the whole video
Thank you Thomas! Glad you think so!
Thanks for the great video!
You are awesome! You cleared some very problematic issues for me. Thanks
Glad to help!
Thanks, great explanation.
thank you so much for this tutorial!
Great tutorial bro. It's easy undestandable even to a beginner like me. Nice Job!
Thank you!
Hi Marius, thank you very much for your video. I hope your channel will grow more and more. Have a nice day :D
thanks Badinescu! glad you’re finding the channel useful!
Awww yiss another Marius Espejo Nest vid 🔥
😄
I appreciate what you did for community
Clean and clear , great tutorial...
thanks Marko!
Thank you for all these NestJS tutorials they are really helpful!
Appreciate the feedback 🙂
Thanks Marius your explanation was very clear and with details. This help me to add authentication to my project. Your content is awesome and very complete. Thank you so much for this video. I can't even say how much this content help me. thanksssssssss
I’m glad to help 😄 thanks for stopping by to comment!
@@mariusespejo thanks to you for create this video
Great video!
Love your videos, thank you for help.
glad to help Lasek!
Thanks a lot Marius! for Authentication session. Very well crafted beautifully explained.
Just 1 suggestion if you could put this session over git. Would be great to look at the code and get relate it post watching video.
Keep up the good work!!!
All The Best!!
Very useful info. Thank you for the patient and detailed explanation.
You’re welcome!
It`s awesome work! Thx, broo
Very understandable. You helped me, thanks :)
Glad it helped!
Yes, another awesome awesome videos,
00:00 - Intro
03:35 - Initial routes
04:41 - UsersService
07:50 - AuthService
10:40 - Implementing passport-local strategy (username/password login)
18:08 - AuthGuards
23:25 - Summary of local login flow
29:02 - Guard to check if user is authenticated
31:41 - Setting up sessions
40:37 - Summary of login with sessions flow
44:25 - Setting up JWT strategy, signing and validating
1:00:25 - Summary of JWT strategy flow
1:04:22 - Conclusion
1:05:20 - Outro
0
req.isAuthenticated gives error ""request.isAuthenticated is not a function" at 29.02 section.
thank you marius, your are awesome
This is excellent
Amazing , thanks 😀
Very good job , Thanks a lot!
Glad you liked it!
Great video
Thank you!
Your effort is highly appreciated, Marius. Very helpful thanks!
Glad it was helpful!
you are a legend
Awesome !
Excelent!
Thank you very much
Best Nest.js content on YT so far.. Keep up the good work man @Marius
thanks Dev! glad you like the content
You are gonna be famous soon
When
Never lol
I looking for this same but with graphql, good video my friend, it will help me
There are so many classes you have created. It is good for separation of concern as you said. There should be a slide to explain the flow of uses of those classes. Ex: Class A used by Class b and Class b used by Class C. This will make it very easy to understand to the viewers.
Everything in nestjs is a class, don’t over think it, each one has a given purpose which you can usually easily determine by naming conventions, e.g. guard, controller, strategy, service, etc.
over separation of concerns. thanks for the tutorial anyway. I don't know why Nest is making everything complicated, yet people enjoying it, frankly.
Convention over configuration. You learn how to do this stuff once for a nest app, and can probably jump to any other nest app that will mostly be structured the same.
Try making 5 different devs build the same API using express and they likely will come up with their own patterns and conventions because Express is too flexible/minimal. A large express app can easily become spaghetti. Eventually you realize you need conventions and defined architectures, plus you’d also benefit with adding TS… at which point you might as well just use Nest.
Alternatives outside express/nest? Yeah there’s a couple. Try comparing the features and their overall ecosystem and you’re likely to find that it’s not as great. But of course YMMV
Thank you sir
Awesome man
🙏
@@mariusespejo Can you make a Role-based access control video in Nest where we protect APIs using scopes.
Thanks a lot man, that was a super good material for me. Hope u will get the best in this life, good luck!
Thank you! 🙏
Awesome. Your Tutorials about Nest are the best in CZcams, even better than in Udemy
Thank you! Glad you think so 🙏
Marius the Genius....#Legend
Thanks :)
Thank You :) :)
It would be terrifically useful if you would build the client side login flow that connects with the JWT strategy. This tutorial was really clear and concise.
Thanks, will consider it! For the most part the client-side is really just all about managing/storing that jwt somewhere and making sure it’s included in the headers of each request to your API. I’ll try to make a video about it sometime.
Very height quality content! Thanks Marius.
Hi, Marius I got a question, why the method validate that in JwtStrategy return the object coordinates to req.user at 1:02:42?
Thanks 🙏
Thank you so much for your effort making this!
you’re welcome!
Your background image is the hero image of my portfolio lmao
💪
Thanks
Nice would be part 2 with refresh token. Tanks for video. ( I m from Erick )
Thank you
Awesome tutorial like always thank you,
If you can do some new tutorial in vuejs / nestjs it will be awesome
Can you do more of nestjs with graphql like auth and/or microservices. That would be a unique content!
will definitely look into that more, I’m still learning a lot of the best practices with graphql myself
second that
@@mariusespejo Can't wait to learn that combination from a master like you
hey folks, just following up: new video just posted on doing this same auth topic but in graphQL specifically
잘하네요👍
This was soo good! Please post (pun intended) a video where you handle sign up and remove account!!!
With JWT!
Thanks! Will consider a specific video on that topic. Not really much to it though, sign-up is basically almost the same as login, but obviously you’d be adding to a db table of users, and removing is simply deleting that record