Note: a lot of people are getting the error “request.isAuthenticated is not a function”. Please note that I explicitly mentioned in the video that it will not work until you properly setup sessions. If you run into that error, KEEP watching! The problem will resolve itself once you have the full setup, don’t stop at the point of error. If you watch the rest of the video and still have this problem, double check that you properly configured and registered your strategies and guards exactly as shown in the video.
Any chance this can be added as an annotation to the video at that point? I fell into the same trap! Otherwise - awesome video. Keep up the great work!
And maybe something I am missing is some notes about the logout. Currently I am calling .logout() on the request AND calling session.destroy(). Maybe only the last one would be sufficient as it removes the complete session anyways ;-)
A problem I encountered: if you use argument names other than 'username' and 'password' for local strategy, you must specify them as options in local.strategy in super({ usernameField: 'otherName1', passwordField: 'otherName2' }). If you don't, it won't even throw any errors, you'll just keep getting a 401 Unauthorized error. This drove me insane. Hope this helps others avoid this mistake. But great tutorial regardless! Content like this makes the internet amazing.
Hey Marius, thank you for the clear explanation brother. I've watched this tutorial maybe a 2 or 3 years ago (and instantly subbed of course) when I first wanted to get into NestJS, and now I'm attempting it once again few years later. I followed the docs on authentication and ended up with bunch of files without properly understanding the flow of the authentication. This is exactly what I was looking for in a tutorial: to explain the flow, and you did it perfectly. Appreciate you taking it a few steps further than other UA-camrs and explaining the intention behind the code. I wish your channel success brother.
The best tutorial i watched so far. Author tells the info clearly and without any useless data. So, i want to say that i was here when the num of followers had been 7k
Hey Marius, just passing by to thank you, your video format is awesome. I love how you explain everything while showing the documentation. It really adds to us as developers, so that we know like "oh, so the information was here all the time!". It particularly helped me a lot. Keep up the good work!
Even today i remember how i asked the question below the similar type of video about jwt and you reply back really fast althought your video was already great. As i see you still answers the questions and its impresive.
@@RajinderYadav I read the documentation first and in the span of 4 days, probably 100 times :D I actually started the project because I loved the documentation, its just on spot, with a few missing parts :)
Docs are definitely very good but it’s not always intuitive to everyone. Simply saying just read the docs is like telling people don’t go to school just read the text books….
@@RajinderYadav I looked at and read the documentation from Nest and Passport. The main problem for me with the documentation is Nest is all classes and Passport documentation show you how to configure the different strategies in ES6. This video is literally the only resource I've found (and I searched for over a week) that explains that (a) passport is initiated when it is included in the correct provider array and you do not need passport.use() as explained in the Passport docs and (b) the UseGuard is registering the strategy and there is no need for passport.register(), again, as explained in the Passport docs
I highly appreciate you going throug the code roughly and also briefly explaining the NPM packages which you're using / recommending. It's really fun coding along and learning in this video!
Thanks for this tutorial, I went through the NestJS docs a few times and tried to set this up myself but there was always something wrong. Your vid helped me finally get it all working!
Thanks for spending the time explaining each part and drawing the parallels to his we would do it in express. Really helped me understand how to accomplish session auth. Felt a bit lost when the docs only covered JWT auth and all the tutorials I found were showing me the code to make it work... But not why it worked haha
Thank you so much for this tutorial, it helped clear up so much of my confusion. All the examples of different Passport strategies are written using ES6 modules, but the documentation for Nest is with classes. Your video helped translate the difference and finally got my code to work. Very clear and well explained --signed a junior developer that only learned ES6 Javascript in my bootcamp XD
Convention over configuration. You learn how to do this stuff once for a nest app, and can probably jump to any other nest app that will mostly be structured the same. Try making 5 different devs build the same API using express and they likely will come up with their own patterns and conventions because Express is too flexible/minimal. A large express app can easily become spaghetti. Eventually you realize you need conventions and defined architectures, plus you’d also benefit with adding TS… at which point you might as well just use Nest. Alternatives outside express/nest? Yeah there’s a couple. Try comparing the features and their overall ecosystem and you’re likely to find that it’s not as great. But of course YMMV
Thanks a lot Marius! for Authentication session. Very well crafted beautifully explained. Just 1 suggestion if you could put this session over git. Would be great to look at the code and get relate it post watching video. Keep up the good work!!! All The Best!!
Thanks Marius your explanation was very clear and with details. This help me to add authentication to my project. Your content is awesome and very complete. Thank you so much for this video. I can't even say how much this content help me. thanksssssssss
It would be terrifically useful if you would build the client side login flow that connects with the JWT strategy. This tutorial was really clear and concise.
Thanks, will consider it! For the most part the client-side is really just all about managing/storing that jwt somewhere and making sure it’s included in the headers of each request to your API. I’ll try to make a video about it sometime.
There are so many classes you have created. It is good for separation of concern as you said. There should be a slide to explain the flow of uses of those classes. Ex: Class A used by Class b and Class b used by Class C. This will make it very easy to understand to the viewers.
Everything in nestjs is a class, don’t over think it, each one has a given purpose which you can usually easily determine by naming conventions, e.g. guard, controller, strategy, service, etc.
Thanks! Will consider a specific video on that topic. Not really much to it though, sign-up is basically almost the same as login, but obviously you’d be adding to a db table of users, and removing is simply deleting that record
That’s a bit of a loaded question that is not simple to answer in a comment. First of all there are several strategies that depends a lot on your infrastructure, your identity provider, etc. Next the “how” again will depend on the strategy. I suggest spending some time reading about it
Hello, I have covered the first 30 minutes of the video, I keep getting this when using postman TypeError: Cannot read properties of undefined (reading 'validateUser'). I do not find the error, I have checked the documentation
Please double check that you have the LocalAuthGuard written properly as shown in 18:37 In general that method specifically comes from passport, so if it can’t see that it exists you’re not wiring up passport or the guards correctly
Hi guys, i am stuck in the chapter guard to check if user is logged in. It is an error said "request.isAuthenticated()" is not a function. I console log the keys of request object and realize that the object dont have the isAuthenticated isUnauthenticated ,user. Any suggestion guys ?
@@mariusespejo i have checked every step very clearly but can not figure out which step that i missed. Googling for days and have no hope man. The local strategy work as the video. But the authenticatedGuard implements CanActive not working. Do you have any idea for it ?
Did you actually setup sessions? Please note that in the video I explicitly said the guard won’t work until you actually have the sessions in place. That along with actually having the full passport local strategy working and correctly registered is what’s needed. Make sure to watch the rest of the video and don’t just stop at the point of error
@@mariusespejo My bad.that is the missing piece . i have finished following your tutorial. that really helpful . thanks for your answer and making such a good video. have a nice day
Why people are using sessions? In both approaches the client side must securely save the “cookie” or the “jwt token”. The main difference is that in case of the JWT approach the server does not need to maintain a DB of sessionId for lookup
It’s a matter of where you want to store the session…. In a store or in jwt… note that if you have a lot of data for your user session having all of that in a jwt/cookies would be impractical, that’s just extra data you’re sending over the wire. So it depends on the use case. Also server-side sessions are significantly more secure in my opinion, you don’t have to worry about tokens being intercepted (which again will have some user data on it)
Im not sure that the name matters as long as it is extending PassportSerializer and that you’re registering it as a provider, Nest automatically calls it by convention when you’re using sessions with passport
@@mariusespejo thanks for this video Marius i'm studying jwt Login authentication with nest.js, react too. complete authentication tutorial(refresh token, logout ...stuffs) will be very helpful for me I want you to refer to making a video for this. Thanks!
Hi! Just a question, in 6:45 you are returning an object not a promise even though you especified that in the method signature. Is that syntactically valid?
The method itself is async so anything it returns is implicitly wrapped in a promise. I recommend reading about async/await if you’re not familiar. Also note that since we’re using typescript here if the return types don’t match it should let you know
![Lp. Сердце Вселенной #60 РОЖДЕНИЕ ЛОЛОЛОШКИ [Финал] • Майнкрафт](http://i.ytimg.com/vi/YoR0pAV9FVQ/mqdefault.jpg)
Note: a lot of people are getting the error “request.isAuthenticated is not a function”. Please note that I explicitly mentioned in the video that it will not work until you properly setup sessions. If you run into that error, KEEP watching! The problem will resolve itself once you have the full setup, don’t stop at the point of error. If you watch the rest of the video and still have this problem, double check that you properly configured and registered your strategies and guards exactly as shown in the video.
in main.ts: below fix it for me
app.use(passport.initialize());
app.use(passport.session());
Any chance this can be added as an annotation to the video at that point? I fell into the same trap! Otherwise - awesome video. Keep up the great work!
Not after it’s published sorry
@@mariusespejo Thanks
And maybe something I am missing is some notes about the logout. Currently I am calling .logout() on the request AND calling session.destroy(). Maybe only the last one would be sufficient as it removes the complete session anyways ;-)
A problem I encountered: if you use argument names other than 'username' and 'password' for local strategy, you must specify them as options in local.strategy in super({ usernameField: 'otherName1', passwordField: 'otherName2' }).
If you don't, it won't even throw any errors, you'll just keep getting a 401 Unauthorized error. This drove me insane. Hope this helps others avoid this mistake.
But great tutorial regardless! Content like this makes the internet amazing.
Thank you so much man. You saved my life!!! It drove me insane for 2 hours. Thanks again
You are my savior, digital Jesus, God in UA-cam. you saved my 8 hours.
Thank you very much, you saved me so much trouble
Oof. Thanks bro, I thought I was going insane, not seeing any logs or anything.
thank you so much bro holy shit
Hey Marius, thank you for the clear explanation brother. I've watched this tutorial maybe a 2 or 3 years ago (and instantly subbed of course) when I first wanted to get into NestJS, and now I'm attempting it once again few years later. I followed the docs on authentication and ended up with bunch of files without properly understanding the flow of the authentication. This is exactly what I was looking for in a tutorial: to explain the flow, and you did it perfectly. Appreciate you taking it a few steps further than other UA-camrs and explaining the intention behind the code. I wish your channel success brother.
The best tutorial i watched so far. Author tells the info clearly and without any useless data. So, i want to say that i was here when the num of followers had been 7k
Hey Marius, just passing by to thank you, your video format is awesome.
I love how you explain everything while showing the documentation. It really adds to us as developers, so that we know like "oh, so the information was here all the time!". It particularly helped me a lot.
Keep up the good work!
Thanks man! Glad you found it useful 🙏
00:00 - Intro
03:35 - Initial routes
04:41 - UsersService
07:50 - AuthService
10:40 - Implementing passport-local strategy (username/password login)
18:08 - AuthGuards
23:25 - Summary of local login flow
29:02 - Guard to check if user is authenticated
31:41 - Setting up sessions
40:37 - Summary of login with sessions flow
44:25 - Setting up JWT strategy, signing and validating
1:00:25 - Summary of JWT strategy flow
1:04:22 - Conclusion
1:05:20 - Outro
0
req.isAuthenticated gives error ""request.isAuthenticated is not a function" at 29.02 section.
Even today i remember how i asked the question below the similar type of video about jwt and you reply back really fast althought your video was already great. As i see you still answers the questions and its impresive.
That walkthrough at @23:45, priceless!
So there's actually a guard on the route but you can login with the right body data? neat!!
Dude, after 4 days struggling you opened my eyes. They should add all of this in their documentation. You are a gold tressure!
It is in their documentation, maybe learn to use the docs? look under security!
@@RajinderYadav I read the documentation first and in the span of 4 days, probably 100 times :D I actually started the project because I loved the documentation, its just on spot, with a few missing parts :)
Docs are definitely very good but it’s not always intuitive to everyone. Simply saying just read the docs is like telling people don’t go to school just read the text books….
I’m been looking for this. Thank you thank you. Would git repo of this code.
@@RajinderYadav I looked at and read the documentation from Nest and Passport. The main problem for me with the documentation is Nest is all classes and Passport documentation show you how to configure the different strategies in ES6. This video is literally the only resource I've found (and I searched for over a week) that explains that (a) passport is initiated when it is included in the correct provider array and you do not need passport.use() as explained in the Passport docs and (b) the UseGuard is registering the strategy and there is no need for passport.register(), again, as explained in the Passport docs
This tutorial I wanted today, what a coincidence
I highly appreciate you going throug the code roughly and also briefly explaining the NPM packages which you're using / recommending. It's really fun coding along and learning in this video!
Glad you’re enjoying it!
your nest js contents are soo good. keep it up marius
Thanks for this tutorial, I went through the NestJS docs a few times and tried to set this up myself but there was always something wrong. Your vid helped me finally get it all working!
Can't thank you enough for this Marius, excellent content, pitched and paced perfectly.
Thank you! I appreciate the feedback
You are gonna be famous soon
When
Never lol
So glad to know that you are following the official NestJs documentation! I also do the same.
Honestly it’s some of the best docs I’ve seen!
Thanks for spending the time explaining each part and drawing the parallels to his we would do it in express.
Really helped me understand how to accomplish session auth. Felt a bit lost when the docs only covered JWT auth and all the tutorials I found were showing me the code to make it work... But not why it worked haha
Thank you so much for this tutorial, it helped clear up so much of my confusion. All the examples of different Passport strategies are written using ES6 modules, but the documentation for Nest is with classes. Your video helped translate the difference and finally got my code to work. Very clear and well explained --signed a junior developer that only learned ES6 Javascript in my bootcamp XD
Great tutorial! Very detail and useful. Keep up the good work
Thank you!
I love this tutorial. Clear as Spring water 💯
over separation of concerns. thanks for the tutorial anyway. I don't know why Nest is making everything complicated, yet people enjoying it, frankly.
Convention over configuration. You learn how to do this stuff once for a nest app, and can probably jump to any other nest app that will mostly be structured the same.
Try making 5 different devs build the same API using express and they likely will come up with their own patterns and conventions because Express is too flexible/minimal. A large express app can easily become spaghetti. Eventually you realize you need conventions and defined architectures, plus you’d also benefit with adding TS… at which point you might as well just use Nest.
Alternatives outside express/nest? Yeah there’s a couple. Try comparing the features and their overall ecosystem and you’re likely to find that it’s not as great. But of course YMMV
Best tutorial on NestJs authentication so far. Thanks a lot!
Awesome tutorial thanks, I love that you included regular sessions as well and not ONLY a JWT implementation. Kudos!
Glad you liked it!
Thanks a lot Marius! for Authentication session. Very well crafted beautifully explained.
Just 1 suggestion if you could put this session over git. Would be great to look at the code and get relate it post watching video.
Keep up the good work!!!
All The Best!!
Thankss! very usefull. in the last two days, i got Understand this Framework because of you, thank man🙏
Keep it up
Such a masterpiece bro♥️ everything is perfect in this video 🏳️🙌
Great tutorial bro. It's easy undestandable even to a beginner like me. Nice Job!
Thank you!
Good job Marius, really appreciate your explanation. As I am transitioning to IT side, I find these videos very helpful.
Awesome, I wish you luck on your transition!
Thank you! Very useful. I appreciate your descriptions and of Sessions and JWTs! All the best.
Extremely valuable content, thanks.
thank you very much, your work is clear and it is very easy to follow you through the whole video
Thank you Thomas! Glad you think so!
Absolutely awesome tutorial, thank you so much! Your explanation is very clear and to the point, you're a fantastic teacher! :D
thank you 🙂
Awesome. Your Tutorials about Nest are the best in UA-cam, even better than in Udemy
Thank you! Glad you think so 🙏
Tks once again! You make this easy with yours explanations.. each of details, make a difference.
Thanks Marius your explanation was very clear and with details. This help me to add authentication to my project. Your content is awesome and very complete. Thank you so much for this video. I can't even say how much this content help me. thanksssssssss
I’m glad to help 😄 thanks for stopping by to comment!
@@mariusespejo thanks to you for create this video
Best Nest.js content on YT so far.. Keep up the good work man @Marius
thanks Dev! glad you like the content
this is an excellent video. your explanation is spot on. thank you for taking the time to make these
Appreciate the feedback! Thanks!
These video series are awesome! Thank you Marius :)
You’re welcome!
Another great video Marius!
Glad you think so 😄
love your videos dude very clear explanation
Hi Marius, thank you very much for your video. I hope your channel will grow more and more. Have a nice day :D
thanks Badinescu! glad you’re finding the channel useful!
Great video! It helps me a lot, thank you!
Thank you for all these NestJS tutorials they are really helpful!
Appreciate the feedback 🙂
Very useful info. Thank you for the patient and detailed explanation.
You’re welcome!
VERY VERY HELPFUL VIDEO
I appreciate what you did for community
Can you do more of nestjs with graphql like auth and/or microservices. That would be a unique content!
will definitely look into that more, I’m still learning a lot of the best practices with graphql myself
second that
@@mariusespejo Can't wait to learn that combination from a master like you
hey folks, just following up: new video just posted on doing this same auth topic but in graphQL specifically
It would be terrifically useful if you would build the client side login flow that connects with the JWT strategy. This tutorial was really clear and concise.
Thanks, will consider it! For the most part the client-side is really just all about managing/storing that jwt somewhere and making sure it’s included in the headers of each request to your API. I’ll try to make a video about it sometime.
You are awesome! You cleared some very problematic issues for me. Thanks
Glad to help!
There are so many classes you have created. It is good for separation of concern as you said. There should be a slide to explain the flow of uses of those classes. Ex: Class A used by Class b and Class b used by Class C. This will make it very easy to understand to the viewers.
Everything in nestjs is a class, don’t over think it, each one has a given purpose which you can usually easily determine by naming conventions, e.g. guard, controller, strategy, service, etc.
Your effort is highly appreciated, Marius. Very helpful thanks!
Glad it was helpful!
Awww yiss another Marius Espejo Nest vid 🔥
😄
Thanks for your content Marius. They are immensely helpful.
I’m glad! thanks for stopping by to comment
@@mariusespejo THANK YOU 😎👍🏾
Thanks, @Marius! The video is so helpful, I really learnt a lot.
Excellent tutorial and better explanation!
This was IMMENSELY helpful. THANK YOU!
You're welcome!
Thanks a lot man, that was a super good material for me. Hope u will get the best in this life, good luck!
Thank you! 🙏
Really really good fundamental tutorial!!!!
thanks
Great vid Marius we expect more 👏👏
thank you!
This was soo good! Please post (pun intended) a video where you handle sign up and remove account!!!
With JWT!
Thanks! Will consider a specific video on that topic. Not really much to it though, sign-up is basically almost the same as login, but obviously you’d be adding to a db table of users, and removing is simply deleting that record
Thank you so much for making this video! I loved it 😍
You’re welcome 😄
This was awesome!
Very height quality content! Thanks Marius.
Awesome, please continue ;)
Your background image is the hero image of my portfolio lmao
💪
Clean and clear , great tutorial...
thanks Marko!
This was definitely very useful. Thank you so much 😁
🙌😄
thank you so much for this tutorial!
why do not provide guards in the auth module? are they provided internally by nest?
Thank you so much for this tutorial
Very understandable. You helped me, thanks :)
Glad it helped!
Thank you for your effort!
Great video thank you!
I looking for this same but with graphql, good video my friend, it will help me
Cool content
Rly helpful
Ty!
Yes, another awesome awesome videos,
thank you marius, your are awesome
you did amazing job. plz tell one thing. how to implement authentication on microservice based architecture
That’s a bit of a loaded question that is not simple to answer in a comment. First of all there are several strategies that depends a lot on your infrastructure, your identity provider, etc. Next the “how” again will depend on the strategy. I suggest spending some time reading about it
Hi, Marius I got a question, why the method validate that in JwtStrategy return the object coordinates to req.user at 1:02:42?
Thanks 🙏
Thanks for the great video!
Thanks for your video, i loved!!!
Hello, I have covered the first 30 minutes of the video, I keep getting this when using postman TypeError: Cannot read properties of undefined (reading 'validateUser'). I do not find the error, I have checked the documentation
That’s implemented in the AuthService around 7:50. Did you actually implement validateUser? Is it in the correct service?
Great one 👌 Thanks
Marius the Genius....#Legend
Thanks, great explanation.
hi marius, in AuthenticatedGuard file i get error which is "request.isAuthenticated is not a function". may i know why i get that ?
You likely didn’t setup the local strategy and its guard correctly
Thank you, I faced some issues with the session method, I got an internal server error response and the app crushed, am not sure how to fix it.
I would recommend looking at express-session docs make sure you didn’t misconfigure
Very good job , Thanks a lot!
Glad you liked it!
30:38 I have error: "request.isAuthenticated is not a function", how can I handle that?
Did you fully setup sessions?, make sure to follow what comes after that timestamp
@@mariusespejo yep, I followed you and installed full setup you had installed
@@mariusespejo Same Error, Please Explain
Please double check that you have the LocalAuthGuard written properly as shown in 18:37
In general that method specifically comes from passport, so if it can’t see that it exists you’re not wiring up passport or the guards correctly
Hi guys, i am stuck in the chapter guard to check if user is logged in. It is an error said "request.isAuthenticated()" is not a function. I console log the keys of request object and realize that the object dont have the isAuthenticated isUnauthenticated ,user. Any suggestion guys ?
It likely means either the guard or the strategy were not registered or configured correctly
@@mariusespejo i have checked every step very clearly but can not figure out which step that i missed. Googling for days and have no hope man. The local strategy work as the video. But the authenticatedGuard implements CanActive not working. Do you have any idea for it ?
Are you sure you registered your strategies as providers in the module?
Did you actually setup sessions? Please note that in the video I explicitly said the guard won’t work until you actually have the sessions in place. That along with actually having the full passport local strategy working and correctly registered is what’s needed. Make sure to watch the rest of the video and don’t just stop at the point of error
@@mariusespejo My bad.that is the missing piece . i have finished following your tutorial. that really helpful . thanks for your answer and making such a good video. have a nice day
Why people are using sessions? In both approaches the client side must securely save the “cookie” or the “jwt token”. The main difference is that in case of the JWT approach the server does not need to maintain a DB of sessionId for lookup
It’s a matter of where you want to store the session…. In a store or in jwt… note that if you have a lot of data for your user session having all of that in a jwt/cookies would be impractical, that’s just extra data you’re sending over the wire. So it depends on the use case. Also server-side sessions are significantly more secure in my opinion, you don’t have to worry about tokens being intercepted (which again will have some user data on it)
req.isAuthenticated gives error ""request.isAuthenticated is not a function" at 29.02 section.
What are the reasons you chose React over Angular? knowing nestjs is literally angular but backend ?
pick tools based on what you believe is best for the task, not based on similarities.
Love your videos, thank you for help.
glad to help Lasek!
you are a legend
can i change the serializer service anme to CookieSerializer ? how passport know where to look for this functions of serial/deserial ?
Im not sure that the name matters as long as it is extending PassportSerializer and that you’re registering it as a provider, Nest automatically calls it by convention when you’re using sessions with passport
Can you please make a complete authentication tutorial with nestjs and react? Love the nest videos.
will definitely consider it!
@@mariusespejo thanks for this video Marius
i'm studying jwt Login authentication with nest.js, react too.
complete authentication tutorial(refresh token, logout ...stuffs) will be very helpful for me
I want you to refer to making a video for this.
Thanks!
@@mariusespejo Love your tutorials, man.
Thank you so much for your effort making this!
you’re welcome!
Hi! Just a question, in 6:45 you are returning an object not a promise even though you especified that in the method signature. Is that syntactically valid?
The method itself is async so anything it returns is implicitly wrapped in a promise. I recommend reading about async/await if you’re not familiar. Also note that since we’re using typescript here if the return types don’t match it should let you know
@@mariusespejo Oh Thank you so much! BTW I like the way you explain, even for a newbie like me is easy to follow xD!
Thank you glad to hear 😄
Nice would be part 2 with refresh token. Tanks for video. ( I m from Erick )