Step-by-step guide to secure Rest API build with NestJs using Keycloak.

I am assuming you already have a JS frontend app or at least a HTTP client that perform the authentication against Keycloak and is in possession of a JWT and can pass in the header to your NestJS backend.

If you want to get an idea on how to secure ReactJS front-end using Keycloak and send the authenticated JWT from front-end to back-end, you can checkout my previous article Secure Front end (React.js) and Back end (Node.js/Express Rest API) with Keycloak

Keycloak

Keycloak is an open source Identity and Access Management solution aimed at modern applications and services. It makes it easy to secure applications and services with little to no code. Keycloak uses open protocol standards like Open ID Connect or SAML 2.0, especially in Identity Federation and SSO scenarios.

Authentication with Keycloak brings to the table virtually every feature you might want regarding user authentication and authorization. Some of these include

  • Single sign-on and sign-out, with possible integration with Kerberos (LDAP or Active Directory),
  • Support for OpenID Connect and SAML 2.0,
  • Log in via social media,
  • User account management via both the web console and REST API,
  • Fine-grained authorization for different services.

How does Keycloak work?

Applications are configured to point to and be secured by this server. Browser applications redirect a user’s browser from the application to the Keycloak authentication server where they enter their credentials. This is important because users are completely isolated from applications and applications never see a user’s credentials. Applications instead are given an identity token or assertion that is cryptographically signed. These tokens can have identity information like username, address, email, and other profile data. They can also hold permission data so that applications can make authorization decisions. These tokens can also be used to make secure invocations on REST-based services.

#security #nestjs #typescript

Secure NestJs Rest API with Keycloak
13.70 GEEK