Such a good tutorial. Took me a while to understand why the Strategy is after the AuthGuard and other important elements on how does Authentication works but overall great job at explaining and keeping it simple. Received a subscriber!
Brilliant my man. Very clear and descriptive instructional video on NestJs JWT auth. I would advise any developer who intends to use NestJs as their backend to watch this video for a clear understanding of how you can authenticate users from any front end application.
Very well structured video. Very nice explained. A wish from my side would be a Role Base Login now on top of this JWT Login. So an admin will redirect to another place then the regular user in the frontend bases on the login response
okay, so i keep getting unauthorized when using the local guard. i decided to check and found out that the local strategy was not hit during the request
sir anson it's seems like refresh token is missing? how we can implement two token? access token for short lifespan and refresh token for long lifespan that we are storing it on database
@@ansonthedev it's the same procedure sir to create the refresh token? but on the auth.module.ts we set the "JwtModule" with expiration, how can I handle a two expiration for accessToken and refreshToken?
You can use the JwtService and call .sign() or .signAsync() and manually set the expiresIn property. That will override the setting you configured in JwtModule. e.g: this.jwtService.sign(user, { secret: '123', expiresIn: '123' })
Thank you so much for this amazing video! Btw I have one question regarding the font or extension you're using in your VS code setup, what exactly is responsible to create different font in some of the code for example at 4:26 in the function validateUser the parameter authPayloadDto have different font.
That's just how VS code often does it, I believe. The fonts are different because one of the names is the method name, and the other is a method argument. The font name is Operator Mono and the theme is Horizon.
theres only one thing i couldn't understand about the guards and strategies, how do the guards know exactly which strategy we're using, since inside their code we dont refer to any specific strategy?
you can see that the AuthGuard we imported is from @nest/passport, they have written some clever codes behind the scenes. The moment we say LocalStrategy extends PassportStrategy(Strategy[which means local]) they have saved it. So once we said AuthGuard(local), they directly go for the LocalStrategy
Thanks for this, but I am having an error here, I am using email instead of username, when I test the login endpoint in and pass the correct email and password I still get the Unauthorised error coming from the local strategy, please is there any solution to this or is it that we can only use username to authenticate? Thanks once again
In the LocalStrategy file, where you are calling super(), you want to pass options and set "usernameField" to the field name. So for example, if the field name is "email" then the options would look like this: { usernameField: 'email' }
hey, so I got to the jwt guard part, and I keep getting the same Unauthorized message even after using the correct JWT Code, since I am using email instead of username? is there anything I need to pass super() ? Thanks
I follow your video but I encountered the problem "property 'user' doesn't exists on type 'Request'" when I call req.user. Can you help me fix this bug.
You need to make sure you have both Local and Auth guard. Check the code repository here and make sure you didn't miss anything: github.com/stuyy/nestjs-passport-jwt-example/
Thanks for the great tut! I have a question: if someone requests twice (or multiple times) for the login endpoint and it is successful, then there are two tokens that both are valid! What happens in this scenario? Is it okay or we should handle that too?
How is the guard and strategy mapping happening is it because of the value in Authguard and it checks for that value strategy file name or is it because of passport import? also can I have 2 local strategies?
The guard invokes the Strategy, basically the string argument you pass into the AuthGuard() decorator lets NestJS know which Strategy to call. For example, if you use Google, you'd pass "google" into the AuthGuard decorator like this: AuthGuard("google"). Then NestJS will check if there is a Google Strategy registered, if not it will throw a "strategy not found" error or something similar indicating the strategy does not exist. Not sure what you mean by "2 local strategies", but you can have the standard way of authenticating, using username/email and password. If using JWT, you'd need JWT and Local strategies. Anything else would be 3rd party such as OAuth2 using something like Google or Discord to authenticate.
Thanks for uploading this video. Could you please make one for adding and getting user specific data. Like user can only see the data they add to the server. Been struggling with that lately. Thank ❤
Good info but this video doesn't have that "Anson soul" that we have known and loved, and which makes your videos very special. I think you are too conscious about not talking too fast. And don't cut, it makes you lose the rhytm. Rest is great though. JB
Thank you for your video, but I referred to the official documents and saw similar writing methods. I think the order of decorators should be that post should be executed first. It would be more intuitive, but in theory, calling rest will execute all the decorators of function. , for your reference @UseGuards(LocalAuthGuard) @Post('login') login(@Req() req: Request) { return req.user; }
an absolute GOAT video on this topic. The clarity I gained after implementing everything in this video is just so immense. Thanks a ton @Anson !
Such a good tutorial.
Took me a while to understand why the Strategy is after the AuthGuard and other important elements on how does Authentication works but overall great job at explaining and keeping it simple. Received a subscriber!
Brilliant my man. Very clear and descriptive instructional video on NestJs JWT auth. I would advise any developer who intends to use NestJs as their backend to watch this video for a clear understanding of how you can authenticate users from any front end application.
Very well structured video. Very nice explained. A wish from my side would be a Role Base Login now on top of this JWT Login. So an admin will redirect to another place then the regular user in the frontend bases on the login response
Amazing video...never have the concept been more clear to me
I like your videos about nest, they're unique and really informative!
A very comprehensible video ever about the topic. Thanks man
Your videos are absolutely amazing and very informative, just keep up the great work.
Awesome tutorial, really helped me out! (Um salve do Brasil pra todo mundo que estiver lendo!)
Amazing explanation, keep up the good work
Can't wait to see the next episodes
Tutorial very good man! Thank you so much!
Another brazilian (🇧🇷) here?
Thank you. :D
Hello sir, can i request a future playlist for nest with redis?
good content! Thanks for nice explanation
Awesome
I'm excited about next golang video
This is great! I would love to see session auth implementation and websocket securing
I think he made one already
link please? @@newquery685
Very good video.
Question, what themes do you use in vscode?
okay, so i keep getting unauthorized when using the local guard. i decided to check and found out that the local strategy was not hit during the request
Make sure the strategy file is being registered by passing it as a provider in the module
okay, i figured out the issue. had to modify the request in the local auth guard to match columns i use for validation
I can see the authservice class highlighted with red color due to error. Then, How are you getting the result ?
Very well explained. thanks
in thunder client, you can alse add the jwt in the auth section, no need in the headers section
sir anson it's seems like refresh token is missing? how we can implement two token? access token for short lifespan and refresh token for long lifespan that we are storing it on database
You just create a second JWT that lasts longer than the access token, and use that to "refresh" the access token.
@@ansonthedev it's the same procedure sir to create the refresh token? but on the auth.module.ts we set the "JwtModule" with expiration, how can I handle a two expiration for accessToken and refreshToken?
You can use the JwtService and call .sign() or .signAsync() and manually set the expiresIn property. That will override the setting you configured in JwtModule.
e.g: this.jwtService.sign(user, { secret: '123', expiresIn: '123' })
Quite informative, nice job!
Hello, nice video. Why at 7:40 do you install @nestjs/passport and passport alone? I didn't understand that...:(
@@gempf because both of them are required to work with JWT
Thank you so much for this amazing video!
Btw I have one question regarding the font or extension you're using in your VS code setup, what exactly is responsible to create different font in some of the code for example at 4:26 in the function validateUser the parameter authPayloadDto have different font.
That's just how VS code often does it, I believe. The fonts are different because one of the names is the method name, and the other is a method argument. The font name is Operator Mono and the theme is Horizon.
tnx so much, man this video is awesome! U help me alot, dude, I hope u ll make more video, u a best on it
theres only one thing i couldn't understand about the guards and strategies, how do the guards know exactly which strategy we're using, since inside their code we dont refer to any specific strategy?
you can see that the AuthGuard we imported is from @nest/passport, they have written some clever codes behind the scenes. The moment we say LocalStrategy extends PassportStrategy(Strategy[which means local]) they have saved it. So once we said AuthGuard(local), they directly go for the LocalStrategy
Thank you so frickin much! Needed this for smth I'm working on 👀
Same
You're welcome
why are you handling errors in the controller and not the service ?
Great video....can bun increase Nestjs speed?
Great explanation!
thanks man its very helpul for me
Well explained, thank you!!
You're welcome
Thanks Anson.
Could you make one about the refresh token
Please make one.
i just want to know how to throw an HttpException instead of return null,
this is a god tier video
And how can I blacklist the token or something like that to handle the logout of the users?
Beautifull!!!
The king anson is back!!!
Thanks for this, but I am having an error here, I am using email instead of username, when I test the login endpoint in and pass the correct email and password I still get the Unauthorised error coming from the local strategy, please is there any solution to this or is it that we can only use username to authenticate?
Thanks once again
In the LocalStrategy file, where you are calling super(), you want to pass options and set "usernameField" to the field name. So for example, if the field name is "email" then the options would look like this:
{ usernameField: 'email' }
@@ansonthedev okay thanks, let me try it
hey, so I got to the jwt guard part, and I keep getting the same Unauthorized message even after using the correct JWT Code, since I am using email instead of username? is there anything I need to pass super() ?
Thanks
I got the same problem. Decided to followup on another tutorial. After wasting hours, I've moved on to another tutorial lol.
I follow your video but I encountered the problem "property 'user' doesn't exists on type 'Request'" when I call req.user. Can you help me fix this bug.
You need to make sure you have both Local and Auth guard. Check the code repository here and make sure you didn't miss anything: github.com/stuyy/nestjs-passport-jwt-example/
Thanks for the great tut! I have a question: if someone requests twice (or multiple times) for the login endpoint and it is successful, then there are two tokens that both are valid! What happens in this scenario? Is it okay or we should handle that too?
You can probably check if there's an existing JWT for the user before issuing another one.
the DB is?
Awesome 🎉
Thank you!
How is the guard and strategy mapping happening is it because of the value in Authguard and it checks for that value strategy file name or is it because of passport import? also can I have 2 local strategies?
The guard invokes the Strategy, basically the string argument you pass into the AuthGuard() decorator lets NestJS know which Strategy to call. For example, if you use Google, you'd pass "google" into the AuthGuard decorator like this: AuthGuard("google"). Then NestJS will check if there is a Google Strategy registered, if not it will throw a "strategy not found" error or something similar indicating the strategy does not exist.
Not sure what you mean by "2 local strategies", but you can have the standard way of authenticating, using username/email and password. If using JWT, you'd need JWT and Local strategies. Anything else would be 3rd party such as OAuth2 using something like Google or Discord to authenticate.
@@ansonthedev Got it thanks!
so difficult for me, too much steps to keep in mind, maybe i shoud rewatch video
sorry bro did you figure it out?
@ hah, thank you for your concern, actually I moved away from nest js and switched to react native
@@SashaYursa ?? NestJS is a server-side framework while RN is for UI 🙂
@@biscuitdelicious5410 yep, now i’m frontend dev:(
Thanks for uploading this video.
Could you please make one for adding and getting user specific data. Like user can only see the data they add to the server. Been struggling with that lately.
Thank ❤
Good info but this video doesn't have that "Anson soul" that we have known and loved, and which makes your videos very special. I think you are too conscious about not talking too fast. And don't cut, it makes you lose the rhytm. Rest is great though. JB
Legend
goat
booo..lean 24:26
Hello, why the `return super.CanActivate(context)` from jwt.guard.ts doesn't work?
Thank you for your video, but I referred to the official documents and saw similar writing methods. I think the order of decorators should be that post should be executed first. It would be more intuitive, but in theory, calling rest will execute all the decorators of function. , for your reference
@UseGuards(LocalAuthGuard)
@Post('login')
login(@Req() req: Request) {
return req.user;
}