The NestJS Authentication Boilerplate is a robust and flexible solution for implementing user authentication in your NestJS projects. Empowering you with a rich feature set, it simplifies the process of managing user sign-up, sign-in, email OTP verification, password recovery, and more.
Feature | Description | API Type | JWT Token Protection |
---|---|---|---|
Sign-Up & Login APIs | Streamline user onboarding with a smooth and intuitive registration and login experience. | REST | No |
Email Verification API | Boost security and prevent unauthorized access through email OTP verification. | REST | No |
OTP Resend API | Never let users get stuck! Offer convenient OTP resend options for seamless account activation. | REST | No |
Forget Password API | Forget passwords? No problem! Our secure recovery process helps users regain access quickly. | REST | No |
Change Password API | Take control of your account security with effortless password changes. | REST | Yes |
Refresh token API | Allowing clients to securely refresh access token. | REST | Yes |
OAuth | Allowing clients to sign-in with Google, Facebook. (Note: configure your OAuth console to get credentials) | REST | No |
Get & Update User | Efficiently retrieve and update user information using GraphQL queries and mutations. | GraphQL | Yes |
Below are the key authentication API endpoints for this project:
{{url}}/auth/signup
- Sign up user{{url}}/auth/signin
- Sign in user{{url}}/auth/verify
- Verify OTP{{url}}/auth/resend
- Resend OTP email{{url}}/auth/forget-password
- Forget password OTP email send{{url}}/auth/change-password
- Change user password{{url}}/auth/refresh-token
- Refresh access token{{url}}/auth/google
- Start Google OAuth flow{{url}}/auth/google/callback
- Google OAuth callback{{url}}/auth/facebook
- Start Facebook OAuth flow{{url}}/auth/facebook/callback
- Facebook OAuth callbackhttp://localhost:3000/user
GraphQL Queries and Mutations
query GetUser {
getUser {
id
email
firstName
lastName
}
}
mutation UpdateUser {
updateUser(data: { firstName: "Tarikul", lastName: "Juel" }) {
id
email
firstName
lastName
}
}
For more information about postman setup for GraphQL please go to the project root directory then documents/postman/user_graphql
Replace {{url}}
with the appropriate base URL of your API.
Clone the Repository:
Create Environment File:
.env
file based on .env.example
..env
according to your configuration.Install Dependencies:
yarn install
or npm install
to install project dependencies.Setup Docker:
docker-compose up -d
to start the PostgreSQL DB container.Generate Prisma Client:
npx prisma generate
to generate the Prisma client.Migrate Database:
npx prisma migrate deploy
to apply database migrations.Import Postman Collection:
nestJs_Authentication.postman_collection.json
in documents/postman/
.Run the Project:
npm start
or yarn start
or yarn start:dev
in the terminal.Access Swagger Documentation:
http://localhost:3000/api
in your web browser to view the Swagger documentation.To configure the environment variables for this project, create a .env
file in the root directory of your project and
add the following variables according to your data:
# Database Configuration
DATABASE_HOST=localhost
DATABASE_USER=juel
DATABASE_PASSWORD=123
DATABASE_PORT=5432
DATABASE_NAME=nest
DATABASE_URL=postgresql://${DATABASE_USER}:${DATABASE_PASSWORD}@${DATABASE_HOST}:${DATABASE_PORT}/${DATABASE_NAME}?schema=public
# DOCKER
CONTAINER_NAME=nest-Auth-DB
# JWT Secret Keys
JWT_ACCESS_TOKEN_SECRET=bababababababababababababababab
JWT_REFRESH_TOKEN_SECRET=abababababababababababababababa
# OTP Security Configuration
OTP_SENDER_MAIL_HOST=smtp.office365.com
OTP_SENDER_MAIL="[email protected]"
OTP_SENDER_MAIL_PASSWORD="12345"
# Google OAuth Configuration
GOOGLE_CLIENT_ID=170710067200-7l65778saggjugtfufv3pgp6d4u00j466.apps.googleusercontent.com
GOOGLE_CLIENT_SECRET=GaCaa-flK5CKsqQ1DEd1o3144PZtur5-O0
GOOGLE_CALLBACK_URL=http://localhost:3000/auth/google/callback
# Facebook OAuth Configuration
FACEBOOK_CLIENT_ID=474444614456484
FACEBOOK_CLIENT_SECRET=f5df32576af581129567b62dfd854c8d
FACEBOOK_CALLBACK_URL=http://localhost:3000/auth/facebook/callback
# Bcrypt Configuration
BCRYPT_SALT_ROUNDS=14
# OTP Expiry Time (in minutes)
OTP_EXPIRE_TIME=5
# JWT Token Expiration Time
JWT_ACCESS_TOKEN_EXPIRATION=300s
JWT_REFRESH_TOKEN_EXPIRATION=30d
To sign up a new user, send a POST request to the signup endpoint with the required payload.
Endpoint: {{url}}/auth/signup
Payload:
{
"email": "[email protected]",
"password": "12345",
"firstName": "tarikul",
"lastName": "juel"
}
Response (Success):
{
"success": true,
"message": "Signup successful and please Verify your user",
"data": {
"id": 1,
"email": "[email protected]",
"firstName": "tarikul",
"lastName": "juel"
}
}
After successful signup, an OTP will be sent to the user's email for verification.
To verify the user's email, send a POST request to the verification endpoint with the email and OTP.
Endpoint: {{url}}/auth/verify
Payload:
{
"email": "[email protected]",
"otp": "503384"
}
Response (Success):
{
"success": true,
"message": "OTP authorised",
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwiZW1haWwiOiJtZC50YXJpa3VsaXNsYW1qdWVsQGdtYWlsLmNvbSIsImZpcnN0TmFtZSI6InRhcmlrdWwiLCJsYXN0TmFtZSI6Imp1ZWwiLCJ2ZXJpZmllZCI6ZmFsc2UsImlzRm9yZ2V0UGFzc3dvcmQiOmZhbHNlLCJpYXQiOjE3MTc3Mzg3MTQsImV4cCI6MTcxNzczOTAxNH0.a6QyYCrB6DwV44USECNVpuQsSCyndt04gLyMlVB0vHI",
"refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwiZW1haWwiOiJtZC50YXJpa3VsaXNsYW1qdWVsQGdtYWlsLmNvbSIsImZpcnN0TmFtZSI6InRhcmlrdWwiLCJsYXN0TmFtZSI6Imp1ZWwiLCJ2ZXJpZmllZCI6ZmFsc2UsImlzRm9yZ2V0UGFzc3dvcmQiOmZhbHNlLCJpYXQiOjE3MTc3Mzg3MTQsImV4cCI6MTcyMDMzMDcxNH0.FJpya_QRP8lc1YrNpkm9biwQCdLacJ5gt1O3_ewrV0Q",
"data": {
"id": 1,
"email": "[email protected]",
"firstName": "tarikul",
"lastName": "juel"
}
}
Notes:
To sign in a user, send a POST request to the signin endpoint with the required payload.
Endpoint: {{url}}/auth/signin
Payload:
{
"email": "[email protected]",
"password": "12345"
}
Response (Success):
{
"success": true,
"message": "Signin successful",
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MiwiZW1haWwiOiJtZC50YXJpa3VsaXNsYW1qdWVsQGdtYWlsLmNvbSIsImZpcnN0TmFtZSI6InRhcmlrdWwiLCJsYXN0TmFtZSI6Imp1ZWwiLCJ2ZXJpZmllZCI6dHJ1ZSwiaXNGb3JnZXRQYXNzd29yZCI6ZmFsc2UsImlhdCI6MTcxNzc0MDUzOSwiZXhwIjoxNzE3NzQwODM5fQ.5a6-DNGrWzepdnxYPuUR_rnEHZadoGBudOjQJwedeVQ",
"refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MiwiZW1haWwiOiJtZC50YXJpa3VsaXNsYW1qdWVsQGdtYWlsLmNvbSIsImZpcnN0TmFtZSI6InRhcmlrdWwiLCJsYXN0TmFtZSI6Imp1ZWwiLCJ2ZXJpZmllZCI6dHJ1ZSwiaXNGb3JnZXRQYXNzd29yZCI6ZmFsc2UsImlhdCI6MTcxNzc0MDUzOSwiZXhwIjoxNzIwMzMyNTM5fQ.8NxRnRQEwDh43dNiWcowxwGm0g0b9cx5LGPoNp4KImk",
"data": {
"id": 2,
"email": "[email protected]",
"firstName": "tarikul",
"lastName": "juel"
}
}
Notes:
If the OTP has expired, you can resend it by sending a POST request to the resend endpoint with the user's email.
Endpoint: {{url}}/auth/resend
Payload:
{
"email": "[email protected]"
}
Response (Success):
{
"success": true,
"message": "OTP email send"
}
Notes:
To change a user's password, send a POST request to the change password endpoint with the old and new passwords. This route is protected by the JWT Access token.
Endpoint: {{url}}/auth/change-password
Payload:
{
"oldPassword": "12345",
"newPassword": "12345@abcde"
}
Response (Success):
{
"success": true,
"message": "Your password.service.ts has been updated"
}
Notes:
If a user forgets their password, they can initiate a password recovery process. This process involves multiple steps, starting with requesting an OTP for verification, followed by resetting the password using the provided tokens after verification.
To initiate password recovery, send a POST request to the forget-password endpoint with the user's email.
Endpoint: {{url}}/auth/forget-password
Payload:
{
"email": "[email protected]"
}
Response (Success):
{
"success": true,
"message": "OTP sent to your email for verification"
}
This will trigger an OTP to be sent to the provided email.
To verify OTP follow Email Verification step and you will get accessToken.
After OTP verification you already received an accessToken. Using this accessToken now follow **Change Password Process ** and the request body will be
{
"newPassword": "12345"
}
here you dont need to use oldPassword field.
For detailed instructions on how to Dockerize your NestJS application for production, refer to this comprehensive guide:
check it out: Building and Deploying a NestJS Application with Docker Compose, PostgreSQL, and Prisma
For any inquiries or further assistance, feel free to reach out: