Protecting your NestJS API with Keycloak

Protecting your NestJS API with Keycloak

From the Keycloak website, “Keycloak is an open source identity and access management solution”. Today we’ll look at how to protect your HTTP API with Keycloak. ne of the modern ways to protect an HTTP API today is via the “Authorization.

From the Keycloak website, “Keycloak is an open source identity and access management solution”. Today we’ll look at how to protect your HTTP API with Keycloak.

One of the modern ways to protect an HTTP API today is via the “Authorization: Bearer ” HTTP header and with the token being a JWT carrying the identity and the claims (roles, etc.) of the consumer of the API.

We’ll assume you already have a JS frontend app or at least a HTTP client that performed the authentication against Keycloak and is in possession of a JWT and can pass it as a HTTP “Authorization: Bearer ” header to your NestJS backend.

JWTs can be symmetrically signed (same secret to sign and to verify the JWT) or asymmetrically (token signed with private key and verifiable with the corresponding public key). Keycloak uses the later which is great because it allows multiple backends to be able to verify JWTs without disseminating a secret across multiple services. It means that if one of your service is compromised, at least an attacker won’t be able to forge JWTs on its own to attack other services.


Implementation

We need to write a Guard that will decorate the controllers or the individual handlers that we want to protect.

This guard will use an AuthenticationService which will perform (in various ways as you’ll see below) the verification of the JWT.

All the required services will be part of an AuthenticationModule that will export some of them that may be required by the rest of your application.

We’ll provide a working implementation and refine it later to make it more practical to use in production, in E2E tests, etc.

nestjs nodejs software-development tutorial typescript

Bootstrap 5 Complete Course with Examples

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Building a simple Applications with Vue 3

Deno Crash Course: Explore Deno and Create a full REST API with Deno

How to Build a Real-time Chat App with Deno and WebSockets

Convert HTML to Markdown Online

HTML entity encoder decoder Online

Offshore Software Development - Best Practices

To make the most out of the benefits of offshore software development, you should understand the crucial factors that affect offshore development.

Hire NodeJs Developer

Looking to build dynamic, extensively featured, and full-fledged web applications? **[Hire NodeJs Developer](https://hourlydeveloper.io/hire-dedicated-node-js-developer/ "Hire NodeJs Developer")** to create a real-time, faster, and scalable...

5 Core Criteria for Selecting Software Development Company - TopDevelopers.co

Check out these five criteria for the selection of your software vendor, and you will never regret having the wrong quality product made for you.

ERP Software Services, POS Software Services , Application Development

Vinew Technologies focused majorly over ERP Software services and POS Software services, Web & Application development services & Woo commerce and Wordpress easy-to-use, multipurpose social media plugin for WordPress.

Wrestling Betting Software Development | WWE Betting Software Developers

Wrestling betting software development solutions from expert Wrestling betting app and software development company delivers ultimate betting experience. Chat with us.