By Syed Rizwan

2-how-to-create-a-secure-api-with-nestjs-and-oauth2-authentication.html

How to Create a Secure API with NestJS and OAuth2 Authentication

In today's digital landscape, securing your application’s API is not just an option; it’s a necessity. With the rise of data breaches and cyber-attacks, implementing robust authentication mechanisms is crucial for protecting sensitive data. In this article, we will delve into creating a secure API using NestJS and OAuth2 authentication. We’ll cover everything from definitions to practical coding examples, ensuring you have a comprehensive understanding of the process.

What is NestJS?

NestJS is a progressive Node.js framework designed for building efficient and scalable server-side applications. It leverages TypeScript and incorporates elements from Object-Oriented Programming, Functional Programming, and Reactive Programming. NestJS is particularly useful for creating APIs due to its modular architecture, which promotes code reusability and maintainability.

What is OAuth2?

OAuth2 is an authorization framework that enables third-party applications to obtain limited access to user accounts on an HTTP service. By employing OAuth2, developers can securely delegate access to resources without exposing user credentials. The framework supports various flows to accommodate different types of applications, including web apps, mobile apps, and server-to-server communications.

Use Cases for OAuth2

  • Third-Party Integrations: Allowing users to log in using their existing accounts from services like Google or Facebook.
  • Mobile Applications: Enabling secure API access without hardcoding sensitive credentials.
  • Microservices Architecture: Managing permissions across multiple services while maintaining a centralized authentication mechanism.

Setting Up Your NestJS Project

Before diving into the implementation of OAuth2, let’s set up a basic NestJS project.

Step 1: Install NestJS CLI

First, ensure you have Node.js installed. Then, globally install the NestJS CLI:

npm install -g @nestjs/cli

Step 2: Create a New Project

Generate a new NestJS project using the CLI:

nest new secure-api
cd secure-api

Step 3: Install Required Dependencies

For OAuth2 implementation, we need a few additional packages:

npm install @nestjs/passport passport passport-oauth2
npm install @nestjs/jwt jsonwebtoken

Implementing OAuth2 Authentication

Step 1: Configure the Passport Strategy

Create a new directory called auth and generate an auth.module.ts and auth.service.ts:

mkdir src/auth
touch src/auth/auth.module.ts src/auth/auth.service.ts

In auth.module.ts, set up the module:

import { Module } from '@nestjs/common';
import { AuthService } from './auth.service';
import { PassportModule } from '@nestjs/passport';
import { OAuth2Strategy } from 'passport-oauth2';

@Module({
  imports: [PassportModule],
  providers: [AuthService],
})
export class AuthModule {}

Step 2: Implement the Auth Service

In auth.service.ts, we will configure the OAuth2 strategy. Here’s a sample implementation:

import { Injectable } from '@nestjs/common';
import { PassportStrategy } from '@nestjs/passport';
import { Strategy, VerifyCallback } from 'passport-oauth2';

@Injectable()
export class AuthService extends PassportStrategy(Strategy) {
  constructor() {
    super({
      authorizationURL: 'https://authorization-server.com/auth',
      tokenURL: 'https://authorization-server.com/token',
      clientID: 'YOUR_CLIENT_ID',
      clientSecret: 'YOUR_CLIENT_SECRET',
      callbackURL: 'http://localhost:3000/auth/callback',
    });
  }

  async validate(accessToken: string, refreshToken: string, profile: any, done: VerifyCallback) {
    // Here you can save the user information in your database
    done(null, profile);
  }
}

Step 3: Create the Auth Controller

Next, create an auth.controller.ts file to handle authentication requests:

touch src/auth/auth.controller.ts

In auth.controller.ts, implement the routes:

import { Controller, Get, Req, Res } from '@nestjs/common';
import { AuthService } from './auth.service';

@Controller('auth')
export class AuthController {
  constructor(private readonly authService: AuthService) {}

  @Get('login')
  login(@Req() req, @Res() res) {
    // Redirect to the OAuth2 provider's authorization page
    res.redirect('https://authorization-server.com/auth');
  }

  @Get('callback')
  async callback(@Req() req, @Res() res) {
    // Handle the callback and obtain the access token
    const user = await this.authService.validate(req.user);
    res.send(user);
  }
}

Step 4: Integrate with the Main Application

Finally, integrate the authentication module into your main application module:

import { Module } from '@nestjs/common';
import { AuthModule } from './auth/auth.module';

@Module({
  imports: [AuthModule],
})
export class AppModule {}

Testing Your Secure API

  1. Run Your Application: Start your NestJS application:

bash npm run start

  1. Authenticate: Navigate to http://localhost:3000/auth/login to initiate the OAuth2 flow.

  2. Callback Handling: After successful authentication, your callback endpoint will handle the response and display the user information.

Troubleshooting Common Issues

  • Invalid Credentials: Ensure your clientID and clientSecret are correct.
  • Redirect URI Mismatch: The callback URL must match the one registered with your OAuth2 provider.
  • CORS Issues: Configure CORS settings in your NestJS application if you encounter cross-origin issues.

Conclusion

Creating a secure API with NestJS and OAuth2 authentication is a powerful way to protect your application and user data. By following the steps outlined in this guide, you can implement a robust authentication system that enhances your API’s security. Whether you’re building a simple application or a complex microservices architecture, mastering OAuth2 will be invaluable in today’s security-conscious environment. Happy coding!

SR
Syed
Rizwan

About the Author

Syed Rizwan is a Machine Learning Engineer with 5 years of experience in AI, IoT, and Industrial Automation.