NestJS Authentication: JWTs, Sessions, logins, and more! | NestJS PassportJS Tutorial
In this video we'll discuss the fundamentals of adding authentication to your NestJS API. We'll talk about utilizing passport to use different types of authentication strategies. Specifically we will try the passport-local strategy as a basic login with username and password example. Next, we'll take a look at potentially using sessions to store user information and persist their login state. Finally we will also take a look at a state-less approach with JSON Web Tokens (JWTs). We'll create our own JWTs and I'll show you how you can use that to protect your API routes!
00:00 - Intro
03:35 - Initial routes
04:41 - UsersService
07:50 - AuthService
10:40 - Implementing passport-local strategy (username/password login)
18:08 - AuthGuards
23:25 - Summary of local login flow
29:02 - Guard to check if user is authenticated
31:41 - Setting up sessions
40:37 - Summary of login with sessions flow
44:25 - Setting up JWT strategy, signing and validating
1:00:25 - Summary of JWT strategy flow
1:04:22 - Conclusion
1:05:20 - Outro
Пікірлер: 420
Note: a lot of people are getting the error “request.isAuthenticated is not a function”. Please note that I explicitly mentioned in the video that it will not work until you properly setup sessions. If you run into that error, KEEP watching! The problem will resolve itself once you have the full setup, don’t stop at the point of error. If you watch the rest of the video and still have this problem, double check that you properly configured and registered your strategies and guards exactly as shown in the video.
@David-rz4vc
2 жыл бұрын
in main.ts: below fix it for me app.use(passport.initialize()); app.use(passport.session());
@yummers2001
2 жыл бұрын
Any chance this can be added as an annotation to the video at that point? I fell into the same trap! Otherwise - awesome video. Keep up the great work!
@mariusespejo
2 жыл бұрын
Not after it’s published sorry
@oudom_nohara
2 жыл бұрын
@@mariusespejo Thanks
@tobiasschafer1658
2 жыл бұрын
And maybe something I am missing is some notes about the logout. Currently I am calling .logout() on the request AND calling session.destroy(). Maybe only the last one would be sufficient as it removes the complete session anyways ;-)
A problem I encountered: if you use argument names other than 'username' and 'password' for local strategy, you must specify them as options in local.strategy in super({ usernameField: 'otherName1', passwordField: 'otherName2' }). If you don't, it won't even throw any errors, you'll just keep getting a 401 Unauthorized error. This drove me insane. Hope this helps others avoid this mistake. But great tutorial regardless! Content like this makes the internet amazing.
@rajuc6438
Жыл бұрын
Thank you so much man. You saved my life!!! It drove me insane for 2 hours. Thanks again
@MonkeyHandle001
11 ай бұрын
You are my savior, digital Jesus, God in KZread. you saved my 8 hours.
@zflxw
8 ай бұрын
Thank you very much, you saved me so much trouble
@rumble1925
2 ай бұрын
Oof. Thanks bro, I thought I was going insane, not seeing any logs or anything.
@osarumenizedonmwen3670
23 күн бұрын
thank you so much bro holy shit
The best tutorial i watched so far. Author tells the info clearly and without any useless data. So, i want to say that i was here when the num of followers had been 7k
This tutorial I wanted today, what a coincidence
Can't thank you enough for this Marius, excellent content, pitched and paced perfectly.
@mariusespejo
2 жыл бұрын
Thank you! I appreciate the feedback
Thank you so much for this tutorial, it helped clear up so much of my confusion. All the examples of different Passport strategies are written using ES6 modules, but the documentation for Nest is with classes. Your video helped translate the difference and finally got my code to work. Very clear and well explained --signed a junior developer that only learned ES6 Javascript in my bootcamp XD
Thank you! Very useful. I appreciate your descriptions and of Sessions and JWTs! All the best.
Thanks for spending the time explaining each part and drawing the parallels to his we would do it in express. Really helped me understand how to accomplish session auth. Felt a bit lost when the docs only covered JWT auth and all the tutorials I found were showing me the code to make it work... But not why it worked haha
Best tutorial on NestJs authentication so far. Thanks a lot!
Tks once again! You make this easy with yours explanations.. each of details, make a difference.
I highly appreciate you going throug the code roughly and also briefly explaining the NPM packages which you're using / recommending. It's really fun coding along and learning in this video!
@mariusespejo
2 жыл бұрын
Glad you’re enjoying it!
your nest js contents are soo good. keep it up marius
Thankss! very usefull. in the last two days, i got Understand this Framework because of you, thank man🙏 Keep it up
I love this tutorial. Clear as Spring water 💯
Such a masterpiece bro♥️ everything is perfect in this video 🏳️🙌
Great tutorial! Very detail and useful. Keep up the good work
@mariusespejo
4 ай бұрын
Thank you!
Extremely valuable content, thanks.
Absolutely awesome tutorial, thank you so much! Your explanation is very clear and to the point, you're a fantastic teacher! :D
@mariusespejo
2 жыл бұрын
thank you 🙂
Even today i remember how i asked the question below the similar type of video about jwt and you reply back really fast althought your video was already great. As i see you still answers the questions and its impresive.
So glad to know that you are following the official NestJs documentation! I also do the same.
@mariusespejo
2 жыл бұрын
Honestly it’s some of the best docs I’ve seen!
Good job Marius, really appreciate your explanation. As I am transitioning to IT side, I find these videos very helpful.
@mariusespejo
2 жыл бұрын
Awesome, I wish you luck on your transition!
Awesome tutorial thanks, I love that you included regular sessions as well and not ONLY a JWT implementation. Kudos!
@mariusespejo
2 жыл бұрын
Glad you liked it!
That walkthrough at @23:45, priceless! So there's actually a guard on the route but you can login with the right body data? neat!!
Excellent tutorial and better explanation!
Dude, after 4 days struggling you opened my eyes. They should add all of this in their documentation. You are a gold tressure!
@OetziOfficial
2 жыл бұрын
@Dev Guy I read the documentation first and in the span of 4 days, probably 100 times :D I actually started the project because I loved the documentation, its just on spot, with a few missing parts :)
@mariusespejo
2 жыл бұрын
Docs are definitely very good but it’s not always intuitive to everyone. Simply saying just read the docs is like telling people don’t go to school just read the text books….
@sophektounn6422
2 жыл бұрын
I’m been looking for this. Thank you thank you. Would git repo of this code.
@h.w.b.9503
Жыл бұрын
@Dev Guy I looked at and read the documentation from Nest and Passport. The main problem for me with the documentation is Nest is all classes and Passport documentation show you how to configure the different strategies in ES6. This video is literally the only resource I've found (and I searched for over a week) that explains that (a) passport is initiated when it is included in the correct provider array and you do not need passport.use() as explained in the Passport docs and (b) the UseGuard is registering the strategy and there is no need for passport.register(), again, as explained in the Passport docs
This was IMMENSELY helpful. THANK YOU!
@mariusespejo
3 жыл бұрын
You're welcome!
These video series are awesome! Thank you Marius :)
@mariusespejo
2 жыл бұрын
You’re welcome!
Thanks, @Marius! The video is so helpful, I really learnt a lot.
Thank you so much for making this video! I loved it 😍
@mariusespejo
2 жыл бұрын
You’re welcome 😄
Awesome !! 🔥🔥, Thank you very much
Thanks a lot Marius! for Authentication session. Very well crafted beautifully explained. Just 1 suggestion if you could put this session over git. Would be great to look at the code and get relate it post watching video. Keep up the good work!!! All The Best!!
love your videos dude very clear explanation
Great video! It helps me a lot, thank you!
Great video thank you!
Really really good fundamental tutorial!!!! thanks
Thank you for your effort!
this is an excellent video. your explanation is spot on. thank you for taking the time to make these
@mariusespejo
Жыл бұрын
Appreciate the feedback! Thanks!
You are awesome! You cleared some very problematic issues for me. Thanks
@mariusespejo
2 жыл бұрын
Glad to help!
This was definitely very useful. Thank you so much 😁
@mariusespejo
2 жыл бұрын
🙌😄
Great one 👌 Thanks
I appreciate what you did for community
Thanks for your video, i loved!!!
Thanks for your content Marius. They are immensely helpful.
@mariusespejo
3 жыл бұрын
I’m glad! thanks for stopping by to comment
@ladanski
3 жыл бұрын
@@mariusespejo THANK YOU 😎👍🏾
Thanks, great explanation.
thank you so much for this tutorial!
Cool content Rly helpful Ty!
Thanks for the great video!
Hi Marius, thank you very much for your video. I hope your channel will grow more and more. Have a nice day :D
@mariusespejo
3 жыл бұрын
thanks Badinescu! glad you’re finding the channel useful!
thank you marius, your are awesome
Clean and clear , great tutorial...
@mariusespejo
3 жыл бұрын
thanks Marko!
Thank you so much for this tutorial
Great tutorial bro. It's easy undestandable even to a beginner like me. Nice Job!
@mariusespejo
Жыл бұрын
Thank you!
thank you very much, your work is clear and it is very easy to follow you through the whole video
@mariusespejo
11 ай бұрын
Thank you Thomas! Glad you think so!
Awesome, please continue ;)
Great vid Marius we expect more 👏👏
@mariusespejo
3 жыл бұрын
thank you!
Thanks Marius your explanation was very clear and with details. This help me to add authentication to my project. Your content is awesome and very complete. Thank you so much for this video. I can't even say how much this content help me. thanksssssssss
@mariusespejo
2 жыл бұрын
I’m glad to help 😄 thanks for stopping by to comment!
@milightingdesign3612
2 жыл бұрын
@@mariusespejo thanks to you for create this video
Awww yiss another Marius Espejo Nest vid 🔥
@mariusespejo
3 жыл бұрын
😄
Another great video Marius!
@mariusespejo
2 жыл бұрын
Glad you think so 😄
Very understandable. You helped me, thanks :)
@mariusespejo
2 жыл бұрын
Glad it helped!
Love your videos, thank you for help.
@mariusespejo
3 жыл бұрын
glad to help Lasek!
This was awesome!
Thank you for all these NestJS tutorials they are really helpful!
@mariusespejo
2 жыл бұрын
Appreciate the feedback 🙂
Very good job , Thanks a lot!
@mariusespejo
2 жыл бұрын
Glad you liked it!
This is excellent
It`s awesome work! Thx, broo
You are gonna be famous soon
@Bingo901
Жыл бұрын
When
@mariusespejo
Жыл бұрын
Never lol
00:00 - Intro 03:35 - Initial routes 04:41 - UsersService 07:50 - AuthService 10:40 - Implementing passport-local strategy (username/password login) 18:08 - AuthGuards 23:25 - Summary of local login flow 29:02 - Guard to check if user is authenticated 31:41 - Setting up sessions 40:37 - Summary of login with sessions flow 44:25 - Setting up JWT strategy, signing and validating 1:00:25 - Summary of JWT strategy flow 1:04:22 - Conclusion 1:05:20 - Outro
@adnanhaider4038
2 жыл бұрын
0
@muhammadharis2205
Жыл бұрын
req.isAuthenticated gives error ""request.isAuthenticated is not a function" at 29.02 section.
Amazing , thanks 😀
Very useful info. Thank you for the patient and detailed explanation.
@mariusespejo
2 жыл бұрын
You’re welcome!
Yes, another awesome awesome videos,
Great video!
Your effort is highly appreciated, Marius. Very helpful thanks!
@mariusespejo
2 жыл бұрын
Glad it was helpful!
over separation of concerns. thanks for the tutorial anyway. I don't know why Nest is making everything complicated, yet people enjoying it, frankly.
@mariusespejo
Жыл бұрын
Convention over configuration. You learn how to do this stuff once for a nest app, and can probably jump to any other nest app that will mostly be structured the same. Try making 5 different devs build the same API using express and they likely will come up with their own patterns and conventions because Express is too flexible/minimal. A large express app can easily become spaghetti. Eventually you realize you need conventions and defined architectures, plus you’d also benefit with adding TS… at which point you might as well just use Nest. Alternatives outside express/nest? Yeah there’s a couple. Try comparing the features and their overall ecosystem and you’re likely to find that it’s not as great. But of course YMMV
There are so many classes you have created. It is good for separation of concern as you said. There should be a slide to explain the flow of uses of those classes. Ex: Class A used by Class b and Class b used by Class C. This will make it very easy to understand to the viewers.
@mariusespejo
2 жыл бұрын
Everything in nestjs is a class, don’t over think it, each one has a given purpose which you can usually easily determine by naming conventions, e.g. guard, controller, strategy, service, etc.
I looking for this same but with graphql, good video my friend, it will help me
you are a legend
Excelent!
Thank you very much
Awesome !
Thank you sir
Great video
@mariusespejo
2 жыл бұрын
Thank you!
Best Nest.js content on YT so far.. Keep up the good work man @Marius
@mariusespejo
3 жыл бұрын
thanks Dev! glad you like the content
Awesome. Your Tutorials about Nest are the best in KZread, even better than in Udemy
@mariusespejo
2 жыл бұрын
Thank you! Glad you think so 🙏
Your background image is the hero image of my portfolio lmao
@mariusespejo
2 жыл бұрын
💪
잘하네요👍
Very height quality content! Thanks Marius.
Nice would be part 2 with refresh token. Tanks for video. ( I m from Erick )
Thanks a lot man, that was a super good material for me. Hope u will get the best in this life, good luck!
@mariusespejo
2 жыл бұрын
Thank you! 🙏
Thanks :)
It would be terrifically useful if you would build the client side login flow that connects with the JWT strategy. This tutorial was really clear and concise.
@mariusespejo
2 жыл бұрын
Thanks, will consider it! For the most part the client-side is really just all about managing/storing that jwt somewhere and making sure it’s included in the headers of each request to your API. I’ll try to make a video about it sometime.
Thank you so much for your effort making this!
@mariusespejo
2 жыл бұрын
you’re welcome!
This was soo good! Please post (pun intended) a video where you handle sign up and remove account!!!
@vincent-thomas
2 жыл бұрын
With JWT!
@mariusespejo
2 жыл бұрын
Thanks! Will consider a specific video on that topic. Not really much to it though, sign-up is basically almost the same as login, but obviously you’d be adding to a db table of users, and removing is simply deleting that record
Awesome tutorial like always thank you, If you can do some new tutorial in vuejs / nestjs it will be awesome
Marius the Genius....#Legend
Can you do more of nestjs with graphql like auth and/or microservices. That would be a unique content!
@mariusespejo
3 жыл бұрын
will definitely look into that more, I’m still learning a lot of the best practices with graphql myself
@yazeerahamed763
3 жыл бұрын
second that
@francisabonyi7115
2 жыл бұрын
@@mariusespejo Can't wait to learn that combination from a master like you
@mariusespejo
2 жыл бұрын
hey folks, just following up: new video just posted on doing this same auth topic but in graphQL specifically
Thank You :) :)
Awesome man
@mariusespejo
3 жыл бұрын
🙏
@tastaslim
2 жыл бұрын
@@mariusespejo Can you make a Role-based access control video in Nest where we protect APIs using scopes.
Thanks
Thank you
Great video Marius! You made clear a lot of points around authentication that were a bit confusing to me. Could you possibly make a video about authentication using JWTs with NestJS and GraphQL (code first)? Thanks again!
@mariusespejo
2 жыл бұрын
Thanks Takis! Definitely looking to dive into more graphql stuff
@mariusespejo
2 жыл бұрын
fyi just published a new video specifically on that topic!