Authetication process
1. signin
- - find user if not exist " access denesd )
- - match pass
- - create access and refresh token using user details
- - set expire to access token 15min and refresh token 7 days.
- - get refresh token and convert to hash and set in user table
- - give both token to frontend for authentication.
- - return token
2. understand guard and strategy
- - first create strategy then create guard to use anyware
- - this is use for authenticate tokens or tokens is valid or not.
3. at and Rt guards
- - create access token and refresh token guards for authentication.
- - access stategy for normal api
- - refresh strategy for if access token expire we can swap or create new access token.
4. refresh token
- - token expired
- - using decorate find out user id and user refresh token. ( get refresh token in barer token but for this api pass refresh token not a access token )
- - create function and pass this userid and refresh token
- - match hastRT in user table with our finded user details.
- - again we are creating access and refresh token using user details
- - update new refresh token in user table.
5. custom decorator
- - it help to get user detail from authToken and it can give perticular properties like email , id, etc.
process.env = nest js configservice
Post a Comment