Authentication documentation - best practices

[dnmd]

I'm submitting a...

[ ] Regression [ ] Bug report [ ] Feature request [x] Documentation issue or request

What is the motivation / use case for changing the behavior?

I see different, closed, issues regarding built-in authentication. Knowing that authentication is hard to get right, I started looking for best practices and guidance on the topic with regard to Nestjs.

In the official docs on authentication, lines like “for demo purposes”, “hint”, etc. suggests there is not yet one way of doing authentication right.

Loving this library, I really hope to get authentication right, together. I’ve seen similar libraries (feathersjs / loopback) having a mechanism in place providing – an optional – consistent authentication API, that does it right.

So, to get to the question(s)

• are there any / such plans for the future?
• would, more extensive documentation on this topic on how to do authentication right, be something that lie ahead of us?

Resources found: Passport strategies: https://github.com/Abdallah-khalil/NodeJsWithPassport Auth0: https://github.com/cdiaz/nestjs-auth0

[cdiaz]

Hi @dnmd, I wrote the nestjs-auth0 example a few months ago following this seed project from Auth0 and based on nestjs version 2; But this is now deprecated. (My example does not follow the best practices, however I will try to update it)

You can also review this new repository, which approaches the authentication technique published in the official nestjs documentation, using passport strategies in combination with middlewares.

I think the authentication technique is the best way to do it for now, however this depends on your preferences and needs.

Good luck

[kamilmysliwiec]

Hey @dnmd, I'm working on AuthModule, trying to provide something really extensible. Keep fingers crossed 🤞

[dnmd]

@kamilmysliwiec , we will! If you want to keep this issue open to track / report the progress or want to close it for now, feel free to do so. Thanks for the feedback so far.

[cojack]

@kamilmysliwiec I'm missing the except attribute in the routes configuration.

[John0x]

@kamilmysliwiec what is the state of this? Need to decide whether or not to implement it on my own or just wait

[ericzon]

I'm implementing my own auth mechanism to work with oauth2, playing together middleware + guards but I'm missing the possibility to have a built-in method to exclude routes, as mentioned in https://github.com/nestjs/nest/issues/17

[kamilmysliwiec]

I published @nestjs/passport which is only a tip of the iceberg. Once I have a bit more time, I'm gonna expand this module with a bunch of useful features that should substantially reduce a boilerplate.

[lock[bot]]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.