Implementing OAuth2 Authentication in a NestJS Application

In today's digital landscape, secure authentication methods are essential for protecting your applications and users' data. One such method is OAuth2, a widely adopted authorization framework that allows third-party applications to obtain limited access to an HTTP service. In this article, we will explore how to implement OAuth2 authentication in a NestJS application, providing you with step-by-step instructions, code snippets, and actionable insights.

What is OAuth2?

OAuth2 (Open Authorization 2) is an authorization framework that enables applications to obtain limited access to user accounts on an HTTP service. OAuth2 is often employed for scenarios where users want to grant third-party applications access to their information without sharing their passwords. This is particularly useful in social media integrations, API access, and microservices architectures.

Key Concepts of OAuth2

• Resource Owner: The user who authorizes an application to access their account.
• Client: The application that wants to access the user’s resources.
• Authorization Server: The server that authenticates the user and issues tokens.
• Resource Server: The server that hosts the protected resources.

Use Cases for OAuth2 in NestJS

Implementing OAuth2 in a NestJS application can be beneficial in various scenarios:

• Single Sign-On (SSO): Allow users to log in with existing credentials from providers like Google, Facebook, or GitHub.
• Microservices: Secure communications between services using token-based authentication.
• Third-Party Integrations: Allow external applications to access your APIs securely.

Setting Up a NestJS Application

Before we dive into OAuth2 implementation, let’s create a new NestJS application if you haven’t done so already.

npm i -g @nestjs/cli
nest new oauth2-nest-app
cd oauth2-nest-app
npm install @nestjs/passport passport passport-oauth2

Installing Required Packages

To implement OAuth2, we need to install the following packages:

• @nestjs/passport: A NestJS wrapper for Passport.js, which is a popular authentication middleware for Node.js.
• passport: The core Passport.js library.
• passport-oauth2: The OAuth2 strategy for Passport.js.

Implementing OAuth2 Authentication

Step 1: Creating the OAuth2 Strategy

First, we need to set up a strategy for handling OAuth2 authentication. Create a new file oauth2.strategy.ts in the src/auth directory.

import { Injectable } from '@nestjs/common';
import { PassportStrategy } from '@nestjs/passport';
import { Strategy, VerifyCallback } from 'passport-oauth2';

@Injectable()
export class OAuth2Strategy extends PassportStrategy(Strategy, 'oauth2') {
  constructor() {
    super({
      authorizationURL: 'https://provider.com/oauth2/auth',
      tokenURL: 'https://provider.com/oauth2/token',
      clientID: 'YOUR_CLIENT_ID',
      clientSecret: 'YOUR_CLIENT_SECRET',
      callbackURL: 'http://localhost:3000/auth/callback',
      passReqToCallback: true,
    });
  }

  async validate(
    request: any,
    accessToken: string,
    refreshToken: string,
    profile: any,
    done: VerifyCallback,
  ) {
    // Here you would fetch user data from the provider.
    const user = { id: profile.id, name: profile.displayName };
    done(null, user);
  }
}

Step 2: Configuring the Auth Module

Next, we need to configure the authentication module to use our OAuth2 strategy. Open the auth.module.ts file and add the strategy.

import { Module } from '@nestjs/common';
import { PassportModule } from '@nestjs/passport';
import { OAuth2Strategy } from './oauth2.strategy';

@Module({
  imports: [PassportModule],
  providers: [OAuth2Strategy],
})
export class AuthModule {}

Step 3: Implementing Auth Controller

Now, let’s create a controller that will handle the OAuth2 login and callback routes. Create a new file auth.controller.ts.

import {
  Controller,
  Get,
  UseGuards,
  Req,
  Res,
} from '@nestjs/common';
import { AuthGuard } from '@nestjs/passport';

@Controller('auth')
export class AuthController {
  @Get('login')
  @UseGuards(AuthGuard('oauth2'))
  async login() {
    // Initiates the OAuth2 login process
  }

  @Get('callback')
  @UseGuards(AuthGuard('oauth2'))
  async callback(@Req() req, @Res() res) {
    // Successful authentication
    const user = req.user;
    res.redirect('/profile'); // Redirect to the profile page or your desired route
  }
}

Step 4: Setting Up the Main Module

Finally, integrate your authentication module into the main application module. Open app.module.ts and import the AuthModule.

import { Module } from '@nestjs/common';
import { AuthModule } from './auth/auth.module';
import { AuthController } from './auth/auth.controller';

@Module({
  imports: [AuthModule],
  controllers: [AuthController],
})
export class AppModule {}

Testing Your OAuth2 Implementation

To test your OAuth2 implementation, run your NestJS application:

npm run start

Navigate to http://localhost:3000/auth/login, and you should be redirected to the OAuth2 provider's login page. After successful authentication, you will be redirected back to your application.

Troubleshooting Tips

• Invalid Credentials: Ensure that your clientID and clientSecret are correctly configured.
• Callback URL Issues: Double-check that your callback URL is correctly set up in both your NestJS application and the OAuth2 provider’s settings.
• CORS Issues: If you're testing with a frontend application, ensure that CORS is configured correctly.

Conclusion

Implementing OAuth2 authentication in a NestJS application can significantly enhance security and user convenience. By following the steps outlined in this article, you can easily set up OAuth2 authentication with minimal hassle. Whether for single sign-on features or securing API access, OAuth2 is a powerful tool at your disposal. Happy coding!