#Accessing Authenticated Users in Your Services

🔐 Hey Discord Community! 🚀

Are you experienced with JWT authentication in NestJS? I could use your guidance! 🙏

I'm working on a NestJS project and have implemented JWT authentication with the standard AuthGuard. Now, I'm trying to figure out how to access the currently authenticated user inside my services using injection. Is there a clean and efficient way to achieve this? 🤔

Your insights and expertise would be greatly appreciated. Thanks in advance for your help! 🛠️🔐👨‍💻 #NestJS #JWTAuthentication

a jwt token is suposed to be stored on the client and send back to the server when a request is made
often this is done in localStorage (not recomended) a bearer token
or what i would suggest

a cookie with the httpOnly attribute enabled

Which method of API are you creating? REST/ GraphQL/other i.e. microservices?

Rest

So, with Rest, your auth-guard should be adding the authenticated user to the request object.
Notice the request['user'] = payload in the example code here: https://docs.nestjs.com/security/authentication#implementing-the-authentication-guard

And, the request object can be "passed down" via your controller to your service, as exemplified with this example code:

  @UseGuards(AuthGuard)
  @Get('profile')
  getProfile(@Request() req) {
    return req.user;
  }

Note: looks like syntax highlighting is broken?

@UseGuards(AuthGuard)
  @Get('profile')
  getProfile(@Request() req) {
    return req.user;
  }

this is the controller , i need it inside of the service

i dont want to pass the user as a param to the service method

i want to inject it somehow

@heavy aurora - Then you'll need to have something like this package implemented.
https://github.com/Papooch/nestjs-cls

will take a look at it thank you !

Standard procedure is to pass down the request object though. You can also make a custom decorator I believe.

altough there is nothing wrong doing that
often people create a decorator that returns the req.user something like @User() user: iUser

i know but my task require to inject it

@Inject(REQUEST) private request: Request

i am trying this : @Inject(REQUEST) private request: Request

with scope : Scope.Request

in my case i have a middleware that just re hydrates the request object with the user

https://medium.com/geekculture/nestjs-user-injection-67882137f5b7 what do you think of that ?

cant really tell since medium's crappy you need to register/login

oh sorry , it sais to makew a provider : export const CustomerProvider: FactoryProvider<Customer> = {
provide: 'CUSTOMER',
useFactory: (req) => req.user,
dependencies: [REQUEST],
}

@Inject('USER') user: User i use this in my service constructor

gues that works, not my style but not wrong either if you ask me

What is easier? Doing that or just passing down the request as a parameter to your service? 🤔

that choice isn't theirs as they mentioned

i beleive this is the optimal solution

but i am required to do it using injection ={

Yeah, who is making the requirements? Is it a school project or something?

no its a real project

i mean they aren't completely wrong either
liked the fact i could access the user in the request object

instead of a param all the time
i just wrote a (global) middleware mainly because i could do some other checks in it as well

I also don't believe there is a dependencies property on a factory provider.

yes that was the idea because we have a lot of services and methods

trueee , i dont know how that dude implemented it

If anything, it would be inject and there is no REQUEST object you can inject.

The reason for breaking it out to a parameter is because if you ever move to a microservice, you can still use the class. If you are injecting or using a decorator or CLS, you have to give up that solution. So, if you don't have plans to have microservices one day, those other methods are still ok.

understood !

are you going to /solve this one or do i do it? 😉

Go for it. 😄

This post has been marked as resolved. :white_check_mark:
Please read through the conversation and resolution if you are having the same issue, and then re-open the post if you are still having trouble, providing as much extra information as possible.