...
/Implement Passport Authentication with the JWT Strategy
Implement Passport Authentication with the JWT Strategy
Follow step-by-step instructions to implement the JWT authentication strategy.
In this lesson, we’ll explore how to set up Passport authentication with the JWT strategy in NestJS. It’s a great way to enhance the application’s security and provide a seamless experience for the users.
The JWT strategy
The JWT strategy is an authentication method in Passport that validates users based on JWTs. It allows for stateless authentication because the token contains all necessary information. Stateless refers to the fact that the server doesn’t need to store any information about the user’s session or authentication state on the server itself. All the necessary information to verify the authenticity of the user is contained within the JWT.
We need to install a few dependencies to use Passport and the JWT strategy.
npm install passport passport-jwt @nestjs/passport @nestjs/jwt
Implement JwtStrategy with Passport
We’ll create JwtStrategy, set it up, and apply it to our application.
Create the JWT strategy
First, let’s implement a JWT strategy for authentication using Passport. Create a JwtStrategy class that extends PassportStrategy from passport-jwt. This class defines how to validate and extract user information from JWTs.
// jwt.strategy.ts@Injectable()export class JwtStrategy extends PassportStrategy(Strategy) {constructor(private readonly configService: ConfigService,private readonly userService: UserService,) {super({secretOrKey: configService.get('JWT_SECRET_KEY'),jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),});}async validate(payload: JwtPayload): Promise<UserEntity> {const { username } = payload;const user = await this.userService.getByEmail(username);if (!user) {throw new UnauthorizedException();}return user;}}
Line 3: This defines the
JwtStrategyclass, extendingPassportStrategyand usingStrategyprovided by Passport.Lines 4–12: These lines define a constructor where
configService(for ...