Secure Your Nest.js API Endpoints with Auth0 in ~10 Minutes

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

do you want to protect your nest js api from prying eyes in this video i'm going to walk you through how to set up your first api endpoints with nest.gs and how to create an authentication guide that will check for your valid access token issued by your all zero tenants let's get started [Music] we will not be covering any authentication and how to obtain an access token if you don't already have an application that can fetch access tokens have a look at one of our other videos by clicking on the banner on the top right hand corner to start working with nest.js we first need to install the command line interface this will help us create new controllers services and more if you've already installed the cli there's no need to install it again once the cli is installed globally we can use it to create our nest.js project go to your development folder in your terminal and run nest new nest js alt0 api this might take a while we'll let the cli do its thing and once it finishes we will see it created a folder with a basic nest.js project once we start the development environment with npm run start colon dev we can try out the default hello world endpoint i'm using insomnia to test api endpoints but there are other excellent applications out there like postman for example when we look inside the generated code base we'll see that the nest js cli has created some files for us an app.module file that helps us set up our dependencies an app.service file that can contain our business logic and an app.controller file that will let us define our api endpoints now let's add some more api endpoints one dock and one cat endpoint we'll protect the cat endpoint later as we all know cats are less social creatures compared to dogs we'll add the dog endpoint first and the cat android later both will call a method from the app service so let's add those as well you'll see we now have a dog and a cat api endpoint available and both will return the message from their service method now let's generate a new authorization module and a new authorization guard the card will help us protect certain endpoints for which we'll need a valid access token issued by our alt zero tenants let's first stop our development server for a second and use the nest cli to generate a new module we'll run nest generate module authorization with the no spec flag because we don't want to generate tests for this demo this will generate a new authorization module and import it into the main application module let's do the same but instead of a module we'll generate a new authorization card lastly let's install some npm dependencies that we'll use later on in this demo and restart our development server with npm run start colon dev if we look into our code base we'll see that an authorization module has been added with the authorization.module.ts file an authorization card has also been added let's move the card to the authorization folder the authorization module has also been imported into the app.module file in the authorization guard file we'll see some default code let's clean it up a bit we're not going to use observables in this demo so let's not return an observable now that we've cleaned up the default card we can start adding the logic for the authorization guard let's start by importing some of the dependencies we installed earlier first we'll import express jwt secret from the jwks rsa file next we'll import the promisify utility function we did not install this through npm it's a default module lastly we'll import the jwt express middleware now that we've imported our dependencies let's create a new const check jwt which will return our json web token middleware which we imported from express.jbot and we'll accept a configuration object some details about the secret an audience which we'll leave blank for now an issuer which will also leave blank for now and the algorithms which we are going to use by default alzera uses rs256 to sign its json web tokens here we'll use the express jwt secrets library which we've imported from npm which will also accept a bit of config [Music] we'll set the cache and rate limit to true we'll limit the request for json web keys to 5 per minute and we'll leave the jw ks uri blank for now we now have a check json web token function that uses the express json web token middleware which is an old-school node style callback-based function so let's convert it to a function that returns a promise with the promising fire utility function now that we've got our check json web token function let's use it what we're going to do is every time this card is executed we'll run the check json web token function which will return a promise this means we can await the check with json laptop function in order to await it we have to convert this to an asynchronous function and if that's okay you return through if it's not okay we will throw an unauthorized exception which is a default nest js exception which will return a 401 unauthorized status to our api endpoint and will pass along the error as you can see the check json web token function is still underlined in red that's because it needs two arguments a request and a response we can get both from the context of our [Music] card so let's create a request variable and call context dot get arguments by index and the first one is going to be our request the second one is going to be our response [Music] once we've got this variable we can pass them to the check json map token function lastly since we're working with an asynchronous function it's always going to return a promise so we can remove this boolean here [Music] let's use the alt0 command line interface to create a new api for all zero tenants if you don't have the cli installed click on the banner in the top right hand corner to find out how you can install the cli everything i'm doing through the cli can also be done through our management dashboard at manage.zero.com we'll type alt0 apis create and call our new api in sjs api the identifier is going to be the same in sgs api and we'll leave scopes empty for now the alt zero cli is going to create a new api for my all zero tenant as you can see we've got our identifier available together with my odd0 tenant sandbego.au.org00.com now that we've created our api for odd0 tenant let's use it to do the actual authorization for our api endpoints we'll create a new file and call it dot nf in which we'll add some odd zero configuration variables we'll add the alt0 audience which is the identifier for api we entered through the alt00 cli and our auxiliary domain which is my tenant's domain it's always going to be your tenant name region suffixed with a slash to use these environment variables let's install the nest config library we'll run npm install at nest js config once installed we can import it in our cart file import config service from appnestjs.config in order to make it work we'll also have to inject it through the application module so let's go ahead and import a config module after that we can add configmodule.forroot in the import array which will allow us to inject the configuration into our authorization card if we go back to our authorization guard we can now create a constructor in which we can inject the config service we'll then create a private all zero audience and auth0 domain which will populate in our construction function with the configuration data from our dot n file what we're doing here is using the config service together alt0 audience and domain from our dot n file we can now use the alt0 audience and domain to configure our express json web token middleware first up let's add the audience this dot zero audience and our issuer is going to be our alt0 domain lastly our json web keys uri is going to be exposed by alt0 it is always going to be under the dot well mode slash jwks json url so if we take our alt0 domain and add.well known jwks.json we'll be able to fetch our public keys to validate the json web token's signature if we open insomnia again we can still use our dog endpoint which works fine without an access token because we did not add the authorization card to it but if we ping the cat endpoint we get a 401 unauthorized because we did add the authorization card to this endpoint so now it's requiring us to pass along a valid access token along with each request if we take the same api in point slash cad but then append the bearer token which will add an authorization header to each request with the access token as a barrier token and we pass along a valid access token generated by our odd0 tenant we should get a 200 successful response we only added the authorization card to our slash cat endpoint that's why we could still use the dog endpoint but needed an access token for the cat one that's all for today if you'd like to see more nest.js content in the future please let us know in the comments below and don't forget to subscribe see y'all next time you

Info

Channel: Auth0

Views: 2,693

Rating: 4.8688526 out of 5

Keywords: nestjs tutorial, nestjs api endpoints, auth0 nestjs, secure api endpoints, jwt, json web token, jwt authentication, access tokens, access tokens explained, node nest, web development, identity, security, authorization tutorial, node nestjs, user authentication, auth0 access tokens, nestjs auth guard, api security, node api endpoints, access token validation

Id: JzndSOAb6SQ

Channel Id: undefined

Length: 14min 22sec (862 seconds)

Published: Fri Jun 25 2021