Skip to content

Latest commit

 

History

History
109 lines (85 loc) · 2.64 KB

README.md

File metadata and controls

109 lines (85 loc) · 2.64 KB

nest-zitadel

GitHub npm npm npm

Nest.js module that setup authentication with Zitadel for Nest.js application

This library is higly inspired by https://github.com/ehwplus/zitadel-nodejs-nestjs

Installation

npm install --save passport-zitadel nest-zitadel @nestjs/passport

Getting Started

Registering the module:

ZitadelAuthModule.forRoot({
        authority: 'http://localhost:8080',
        authorization: {
        type: 'jwt-profile',
        profile: {
            type: 'application',
            keyId: 'key-id',
            key: 'key',
            appId: 'app-id',
            clientId: 'client-id',
        },
        },
    }),

Registering the module with configuration from ConfigurationService:

ZitadelAuthModule.forRootAsync({
      imports: [ConfigModule],
      inject: [ConfigService],
      useFactory: (configService: ConfigService) => {
        return {
          authority: configService.getOrThrow('ZITADEL_AUTHORITY'),
          authorization: {
            type: 'jwt-profile',
            profile: {
              type: 'application',
              keyId: configService.getOrThrow('ZITADEL_KEY_ID'),
              key: configService.getOrThrow('ZITADEL_KEY'),
              appId: configService.getOrThrow('ZITADEL_APP_ID'),
              clientId: configService.getOrThrow('ZITADEL_CLIENT_ID'),
            },
          },
        };
      },
    }),

Guards

Register any of the guards either globally, or scoped in your controller.

ZitadelAuthGuard

By default, it will throw a 401 unauthorized when it is unable to verify the JWT token or Bearer header is missing.

@Controller('cats')
@UseGuards(ZitadelAuthGuard)
export class CatsController {}

RolesGuard

Check if user has role that is put in @Roles decorator

@Roles('super-user')
@Get('protected/roles')
@UseGuards(ZitadelAuthGuard, RolesGuard)
getProtectedHelloWithRoles(): string {
  this.logger.log('Requesting role protected hello');
  return this.appService.getHello();
}

Decorators

ZitadelAuthGuard

Retrieves the current Zitadel logged-in user.

@Controller('users')
@UseGuards(ZitadelAuthGuard)
export class UsersController {
  @Get()
  getCurrentUser(@AuthenticatedUser() user: ZitadelUser) {
    return user;
  }
}

License

nest-zitadel is released under MIT License.