Authentication in Nest.js: JWT Protected APIs and Refresh Token

`${process.env.jwt_secret}` is incorrect solution because it cause empty string as secret ;)

Hello Sir, for /refresh API I can not pass the token via body it's asking for the user name what is the issue. @UseGuards(RefreshJwtAuthGuard)
@Post("/refresh")
async refreshToken(@Request() req: any) {
//console.log(req.user);
return await this.authService.refreshToken(req.user);
}

I really like how you teach these series ! Please build more authenticate and authorization NestJS app with key cloak 💥💥

Greetings from Brazil, amazing tutorial, helped me a lot!

thnks dude! such a great video! i've learning so much w/ this!. Greetings from Brazil!

It would be great if you upload a video on integrating microservice with Nest.js using Kafka. Thanks!

I saw refresh token and access token have same payload, I think refresh token can be access main jwt authguard too? referesh token was too waste. i've googling referesh token concept but nothing. you can create token and refresh token with same payload but the secret key must be different

Thank you for this video! It was of great help for me.

where and how we can store logged in user imformation like email, user_id, and role for further uses

You created JwtStrategy class and defined that in auth provider and you don't used from that. why?

Thank you very much!!!

Thank you for this! I m looking forward to the TypeORM tutorials for NestJS. :D

Congratulations Excellent Tutorial Thanks Sakura

I am stuck here. My refresh token is always coming without the payload encoded. I noticed that the the user passed to the refreshToken function seems to be empty. But when I use console.log(user), I can see the data. But when I try to use the data to populate the payload, the payload is always empty as if it cannot read any of the user properties. What is going on? Please note that I also checked the newly generated AccessToken that you produced, and it seems it is having the same issue

good

Could you complete this by adding simple roles?

where does passport compare that payload is correct?, i mean if you decode jwt from bearer header, you should see if payload is correct.

Everyone writes guides about jwt token so cool, but no one wrote down what to do if an attacker stole a refreshToken

Can you prepare a dockerize tutorial that simulates dev and prod environment? Thames 👌