Welcome to this lesson on integrating JWT for authentication in your NestJS application. In the previous lesson, we discussed creating users with encrypted passwords using bcrypt, which laid the foundation for secure user authentication. Building upon that, today's lesson will focus on how to implement JWT (JSON Web Tokens) in your NestJS app to facilitate stateless authentication, a powerful technique widely used in modern web applications. JWT offers several advantages, including scalability and ease of management compared to traditional session-based authentication methods.

Before diving into the implementation, it's essential to understand the structure and functionality of JWTs. A JWT consists of three parts:

• Header: This contains the type of token (JWT) and the signing algorithm being used, such as HMAC SHA256.
• Payload: Also known as the claims, this is where you store the user data and other metadata. This part includes registered claims (standard fields like exp for expiration time) and custom claims (custom fields like user roles).
• Signature: This is created by encoding the header, payload, and a secret key with a hashing algorithm. The signature is used to verify the sender's authenticity and ensure that the message wasn't altered.

JWTs are typically used in scenarios where you need to securely transfer information, such as authenticating users in a web application. The token is usually stored client-side, like in a browser's local storage, and sent with each request to the server via a Bearer token in the request header.

Now, let's integrate JWT into your NestJS application. We'll go through the code step-by-step.

1. Configuring JWT Module:

   In the auth.module.ts file, you need to configure the JWT module to handle token creation and validation. Here's how you can do it:

   By registering the JwtModule, you allow your application to create and decode JWTs. The secret is used to sign the tokens, and expiresIn specifies how long the token is valid.

2. Developing AuthService:

   The AuthService handles the business logic for user login. Here's how you can implement these methods:

   In the logIn method, bcrypt is used to verify the password, and a JWT token is generated using JwtService. The token contains a payload with user information, which is signed and returned to the client.

   bcrypt.compare(unhashedPassword, user.password) checks if the unhashed (plain-text) password provided by the user during login matches the hashed password stored in the database for that user. Instead of directly comparing the plain-text password with the hash (since the plain-text password is never stored), bcrypt.compare() runs an algorithm to determine whether the result of hashing the input password matches the stored hash.

3. Setting Up AuthController:

   In the auth.controller.ts, you need endpoints to handle user login:

   The login endpoint processes user credentials and issues a JWT upon successful login or returns an error if the credentials are invalid.

Let's walk through an example to solidify these concepts. Consider a user attempting to log in to your ToDo app:

1. Client Sends Login Request:

2. Server Verifies Credentials:

   • If verification fails, return an unauthorized error.
   • On success, generate and return a JWT:

In this example, the JWT provides a means for the client to authenticate itself with the server for subsequent requests.

For now, we're only creating the JWT Token. In the next lesson, we'll learn how to use the token. In the meantime, we can still test that the token is being received properly:

send_request.ts

The JWT token will be used within future API requests in the header of the request. Here's an example of sending the JWT token as an Authorization header. Our code doesn't do anything with the token for requests yet. Once you master this section, you'll get the chance to use your tokens.

In this lesson, you learned how to integrate JWT Tokens into an authentication system with NestJS. We broke down the process into manageable steps, covering the JWT structure, configuring NestJS with JWT, building the login functionality, and verifying the implementation. Now, you can proceed to the practice exercises, where you'll reinforce these concepts and ensure you understand how JWT can be used to secure your NestJS applications. Congratulations on reaching the end of this course! Your hard work will pay off as you continue to develop secure applications.