Nest.js module that setup authentication with Zitadel for Nest.js application
This library is higly inspired by https://github.com/ehwplus/zitadel-nodejs-nestjs
npm install --save passport-zitadel nest-zitadel @nestjs/passportRegistering the module:
ZitadelAuthModule.forRoot({
authority: 'http://localhost:8080',
authorization: {
type: 'jwt-profile',
profile: {
type: 'application',
keyId: 'key-id',
key: 'key',
appId: 'app-id',
clientId: 'client-id',
},
},
}),Registering the module with configuration from ConfigurationService:
ZitadelAuthModule.forRootAsync({
imports: [ConfigModule],
inject: [ConfigService],
useFactory: (configService: ConfigService) => {
return {
authority: configService.getOrThrow('ZITADEL_AUTHORITY'),
authorization: {
type: 'jwt-profile',
profile: {
type: 'application',
keyId: configService.getOrThrow('ZITADEL_KEY_ID'),
key: configService.getOrThrow('ZITADEL_KEY'),
appId: configService.getOrThrow('ZITADEL_APP_ID'),
clientId: configService.getOrThrow('ZITADEL_CLIENT_ID'),
},
},
};
},
}),Register any of the guards either globally, or scoped in your controller.
By default, it will throw a 401 unauthorized when it is unable to verify the JWT token or Bearer header is missing.
@Controller('cats')
@UseGuards(ZitadelAuthGuard)
export class CatsController {}Check if user has role that is put in @Roles decorator
@Roles('super-user')
@Get('protected/roles')
@UseGuards(ZitadelAuthGuard, RolesGuard)
getProtectedHelloWithRoles(): string {
this.logger.log('Requesting role protected hello');
return this.appService.getHello();
}Retrieves the current Zitadel logged-in user.
@Controller('users')
@UseGuards(ZitadelAuthGuard)
export class UsersController {
@Get()
getCurrentUser(@AuthenticatedUser() user: ZitadelUser) {
return user;
}
}nest-zitadel is released under MIT License.