2-how-to-set-up-authentication-in-a-nestjs-application-with-oauth.html

How to Set Up Authentication in a NestJS Application with OAuth

In the modern web development landscape, securing user authentication is paramount. One effective way to manage authentication is through OAuth, a popular and secure protocol used by numerous applications to allow third-party services to exchange information without exposing user credentials. In this article, we will walk through setting up OAuth authentication in a NestJS application, providing detailed insights, code examples, and actionable steps to get you started.

What is OAuth?

OAuth (Open Authorization) is an open standard for access delegation commonly used for token-based authentication and authorization. It allows users to grant access to their resources on one site to another site without sharing their credentials. This is particularly useful for applications that need to access APIs or services on behalf of the user.

Use Cases for OAuth

Social Logins: Allow users to sign in using their Google, Facebook, or GitHub accounts.
API Access: Enable third-party applications to access your API securely.
Single Sign-On (SSO): Provide a seamless authentication experience across multiple applications.

Setting Up NestJS with OAuth

Prerequisites

Before diving into the code, ensure you have the following set up:

Node.js installed on your machine.
A NestJS application created. If you don't have one, you can create it using the Nest CLI: bash npm i -g @nestjs/cli nest new my-nest-app

Step 1: Install Required Packages

To implement OAuth in your NestJS application, you will need a few libraries. The most commonly used package for OAuth2 authentication in NestJS is passport, along with the passport-oauth2 strategy. Install these packages:

npm install @nestjs/passport passport passport-oauth2
npm install @nestjs/jwt passport-jwt

Step 2: Create Your OAuth Strategy

In NestJS, authentication strategies can be defined in a dedicated file. Create a new file named oauth.strategy.ts in your src directory.

// src/oauth.strategy.ts
import { Injectable } from '@nestjs/common';
import { PassportStrategy } from '@nestjs/passport';
import { Strategy } from 'passport-oauth2';

@Injectable()
export class OAuthStrategy extends PassportStrategy(Strategy) {
  constructor() {
    super({
      authorizationURL: 'https://provider.com/oauth2/authorize',
      tokenURL: 'https://provider.com/oauth2/token',
      clientID: 'YOUR_CLIENT_ID',
      clientSecret: 'YOUR_CLIENT_SECRET',
      callbackURL: 'http://localhost:3000/auth/callback',
      scope: 'email profile',
    });
  }

  async validate(accessToken: string, refreshToken: string, params: any, profile: any) {
    // Here you would fetch user information from the OAuth provider
    return { ...profile, accessToken };
  }
}

Step 3: Configure Your Auth Module

Next, you need to create an authentication module to use your OAuth strategy. Create a file named auth.module.ts.

// src/auth.module.ts
import { Module } from '@nestjs/common';
import { AuthService } from './auth.service';
import { OAuthStrategy } from './oauth.strategy';
import { PassportModule } from '@nestjs/passport';

@Module({
  imports: [PassportModule.register({ defaultStrategy: 'oauth2' })],
  providers: [AuthService, OAuthStrategy],
  exports: [AuthService],
})
export class AuthModule {}

Step 4: Implement the Auth Service

The AuthService will handle the logic for user authentication. Create a file named auth.service.ts.

// src/auth.service.ts
import { Injectable } from '@nestjs/common';

@Injectable()
export class AuthService {
  async validateUser(profile: any) {
    // Here you can implement logic to validate or create a user in your database
    return profile; // Return the user profile after validation
  }
}

Step 5: Create an Auth Controller

To handle routes related to authentication, create an auth.controller.ts file.

// src/auth.controller.ts
import { Controller, Get, UseGuards, Req, Res } from '@nestjs/common';
import { AuthGuard } from '@nestjs/passport';

@Controller('auth')
export class AuthController {
  @Get('login')
  @UseGuards(AuthGuard('oauth2'))
  async login() {
    // Initiates the OAuth login process
  }

  @Get('callback')
  @UseGuards(AuthGuard('oauth2'))
  async callback(@Req() req, @Res() res) {
    // Handle the OAuth callback
    const user = req.user;
    // Here you can implement logic to create a session or generate a JWT
    res.redirect('/'); // Redirect to your desired location
  }
}

Step 6: Integrate the Auth Module into Your App

Finally, ensure that your AuthModule is imported into your main application module.

// src/app.module.ts
import { Module } from '@nestjs/common';
import { AuthModule } from './auth.module';
import { AuthController } from './auth.controller';

@Module({
  imports: [AuthModule],
  controllers: [AuthController],
})
export class AppModule {}

Testing Your OAuth Authentication

Start your NestJS application: bash npm run start
Navigate to http://localhost:3000/auth/login to initiate the OAuth login process.
Upon successful authentication, you will be redirected back to your application with user information accessible.

Troubleshooting Tips

Callback URL Issues: Ensure that the callback URL is correctly set in both your OAuth provider settings and your application.
Token Expiry: Be aware of token expiry and implement logic to refresh tokens as needed.
User Validation: Ensure proper validation and error handling in your OAuth strategy to manage user sessions effectively.

Conclusion

Setting up OAuth authentication in a NestJS application is a straightforward process that enhances your app's security and user experience. By following the steps outlined in this guide, you can effectively implement OAuth and enable smooth third-party integrations. As you continue to develop your application, consider exploring other authentication strategies and best practices to further optimize your user security. Happy coding!