Build Your First NestJS Application
Learn how to build a basic application using NestJS.
Charlie Laabs
In http.strategy.ts, that done(error, ‘The token is not valid’); function actually doesn’t properly handle errors from the verifyAccessToken function. Situations like an expired token will 500 rather than 401 like a missing token will trigger.
I found to make both situations return identical error messages, the catch block should instead be:
// TODO: Log error
// UnauthorizedException looks different from the other auth error responses, so we create this one
throw new HttpException(‘Unauthorized’, 401);
Matthew Shirey
This instruction, near the beginning, under “Create Your NestJs Application”, makes absolutely no sense:
"Now you can create a new folder in your root directory called .env. Add the following values to it."
Could someone please clarify? Does this literally mean to create a folder called “.env”, if so… then what files go into it to hold the values listed? If not, do we just create a FILE called “.env” and add the values to it?
Second question: Is there a repo with the code for all of this? If there was, it would definitely clear up any issues with the instructions.
Matthew Shirey
This is a good start, but what about group/role based authorization? This basically just says they are authenticated, but nothing more. I’m having an extremely difficult time finding information on applying role based authorization to NestJS routes using Okta groups. Do you have anything you could add on that? Thanks!
Here is an article I wrote about setting up Okta Authentication with Nest.js and Authorising users based on role permissions.