Post/Code

HomeAboutUsesNow

Miscellaneous Thoughts on JWT and Nest.js.

  • When pasting your JWT token here. Remember to enter your 'secretKey' in the provided blue input in the "Verify Signature" block (bottom right). If you don't do this, you will get an "Invalid Signature" validation error which may lead you down a rabbit hole, only to find, there was nothing wrong with your token, you just did not see the input field!

  • Read the documentation and provided examples covering Guards and Authentication very carefully. There are several details that are easy to miss if you are not paying attention! For example:

  • When using @UseGuards decorator, you can comma-separate several guards within one decorator. Doing this, gives your guards somewhat magical access to the user object. My mistake, but I listed my guards within separate decorators which lead me on a roundabout that took a while to get back from. I say magical because, the example uses request.user to access roles, but this element is not defined. However, within one decorator, it just works... which is weird, and I am not sure I understand why...

  • Sometimes the documentation assumes or shortcuts implementations for the sake of brevity, but at the loss of clarity - this can sometimes lead one to thinking that a complete example is incomplete, or that an incomplete example is complete - leading to confusion and more roundabouts when doing your own implementation.

  • Read the explanations and examples very carefully and work them through step-by-step, Nest.js, like Angular, does a lot for you behind the scenes, so sometimes, it can be quite confusing when things do not (or do) work.

Overall, I really like Nest.js! It makes a lot of sense to me and I like that it handles so many common use-cases in Node.js development. Writing Nest.js is succinct onces you understand the conventions and patterns.

That being said, at times, if you are not quite up-to-speed with Nest.js, it can get a little confusing when you run into areas you don't quite understand. To some extent, I feel that while writing plain-old-Node.js might be more verbose and take longer up front, the fact that it is more 'DIY' makes it easier to read and reason about when you come back to it later.