Full NestJS Starter Kit — Part 2 Authentication & Authorization

In this series of articles we’re walking through how to create a NestJS starter kit to use for your cloud applications. In our previous article we walked through bootstrapping our application and adding a set of domain endpoints.

In this article we’ll setup the basis for enforcing Authentication & Authorization for our API.

Security (Authentication & Authorization)

Before we dive into setting up Authentication & Authorization, let’s do a quick definition of terminology.

Authentication ensures anyone calling our system (in this case our REST APIs) is a known actor. For example, only a logged in user can access access the system. The user is authenticated via logging in.

Authorization ensures that whoever is calling our system is allowed to perform the action they’re attempting to perform. For example, a user must be an admin in order to change another users password, or only a user of a given organization can see details about that organization. The user is authorized to perform a given action.

Rarely do we ever build APIs that don’t at least have some level of authentication and most enforce authorization as well. The OAuth 2.0 protocol with JWTs has become the industry standard way…