This sample NestJS app is one of the kind you get with nest new, but with the addition of Passport to

• authenticate a user by identity token issued from GitHub as an Identity Provider,
• manage authenticated state (by issuing a JSON Web Token, JWT),
• attach information about the authenticated user to the Request object for further use in route handlers.

It is easy to add another strategy or replace GitHub with Google or Facebook for instance.

The code has many comments that make everything very clear and understandable.

First you have to register a new OAuth application in GitHub:

Then copy file .env.sample and name it .env. Open .env and fill the values of GITHUB_OAUTH_CLIENT_ID and GITHUB_OAUTH_CLIENT_SECRET according to the application just created in GitHub. Also set an arbitrary value for JWT_SECRET.

Then you can start the app with

$ npm run dev

In your browser, open http://localhost:5000 or http://localhost:5000/profile. You will get HTTP status 401 "Unauthorized" because these are protected routes that are accessible only to requests that contain a valid JWT.

So open http://localhost:5000/auth/github. This route allows users to authenticate via GitHub, returning a JWT for use in subsequent calls to protected API endpoints. The JWT is included in the response body and as a cookie named jwt. Because of the cookie, you are now able to visit http://localhost:5000 and http://localhost:5000/profile.

Protection is realized by annotating the routes with @UseGuards(JwtAuthGuard): When such a route is hit, the Guard will automatically invoke our passport-jwt custom configured logic, validating the JWT, and assigning the user property to the Request object. Clients can send the JWT either

• as a bearer token in an authorization header ("Authorization: Bearer eyJhbGciO…") or
• in a cookie (name "jwt", its value is the token).