TNS
SUBSCRIBE
Join our community of software engineering leaders and aspirational developers. Always stay in-the-know by getting the most important news and exclusive content delivered fresh to your inbox to learn more about at-scale software development.
REQUIRED
 
It seems that you've previously unsubscribed from our newsletter in the past. Click the button below to open the re-subscribe form in a new tab. When you're done, simply close that tab and continue with this form to complete your subscription.
Welcome and thank you for joining The New Stack community!
Please answer a few simple questions to help us deliver the news and resources you are interested in.
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
Great to meet you!
Tell us a bit about your job so we can cover the topics you find most relevant.
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
Welcome!

We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.

What’s next?

Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.

Become a TNS follower on LinkedIn.

Check out the latest featured and trending stories while you wait for your first TNS newsletter.

PREV
of
NEXT
VOXPOP
As a JavaScript developer, what non-React tools do you use most often?
Angular
0%
Astro
0%
Svelte
0%
Vue.js
0%
Other
0%
I only use React
0%
I don't use JavaScript
0%
 
Open Source Cloud Native Ecosystem Containers Edge Computing Microservices Networking Serverless Storage
OpenJS Foundation’s Leader Details the Threats to Open Source
Aug 29th 2024 6:00am, by Heather Joslyn
Valkey Is a Different Kind of Fork
Aug 26th 2024 9:30am, by Steven J. Vaughan-Nichols
A Developer's Guide to ActivityPub and the Fediverse
Aug 25th 2024 7:00am, by Martin SFP Bryant
Building an IDP With Help From the Open Source CNOE Framework
Aug 23rd 2024 9:00am, by Heather Joslyn
Beyond the Walled Garden of Open Source
Aug 22nd 2024 10:00am, by Jonathan Marsh
How Supabase Is Building Its Platform Engineering Strategy
Aug 29th 2024 6:42am, by Todd R. Weiss
Can Grafana Adaptive Metrics Help Slash Observability Costs?
Aug 20th 2024 6:52am, by B. Cameron Gain
Istio 1.23 Drops the Sidecar for a Simpler 'Ambient Mesh'
Aug 19th 2024 12:59pm, by Joab Jackson
Execs Invest in Platform Engineering: Here's Why
Aug 19th 2024 10:22am, by Janet Wi
Cockroach Rescinds Open Core for a Free Enterprise Version
Aug 16th 2024 12:12pm, by Joab Jackson
Docker Joins Movement To Dump Passwords for Security
Aug 21st 2024 1:36pm, by Steven J. Vaughan-Nichols
Chainguard Launches CPU/GPU Containers for AI Frameworks
Aug 19th 2024 12:52pm, by B. Cameron Gain
Runc-Related Leaky Vessels Threaten Container Security
Jul 23rd 2024 10:27am, by Manas Chowdhury
3 Ways To Improve Your Container Build Process
Jul 22nd 2024 10:00am, by Sylvain Kalache
Exploring MicroOS, OpenSUSE's Immutable Container OS
Jul 5th 2024 6:00am, by Jack Wallen
Golang Pub/Sub: Why It’s Better When Combined With GoFr
Aug 28th 2024 6:00am, by Robert Kimani
With eLxr, Wind River Brings Debian Linux to the Edge
Aug 12th 2024 1:30pm, by Joab Jackson
How To Get Started Running Small Language Models at the Edge
Jul 24th 2024 6:00am, by Janakiram MSV
How to Apply Microservice Architecture to Embedded Systems
Jul 16th 2024 10:48am, by Bob Reselman
Why We Chose WebAssembly (Wasm) for Our Edge Runtime
May 28th 2024 6:50am, by Bogdan Kurnosov
Shift Left on a Budget: Cost-Savvy Testing for Microservices
Aug 27th 2024 12:03pm, by Nočnica Mellifera
Remocal Development: The Future of Efficient Kubernetes Workflows
Aug 25th 2024 10:00am, by Anita Ihuman
Why Staging Doesn't Scale for Microservice Testing
Aug 16th 2024 10:13am, by Arjun Iyer
A Developers Guide to NIM, Nvidia’s AI Application Platform
Aug 13th 2024 8:02am, by Janakiram MSV
Setting Microservices Up for Success: Real-World Advice
Aug 1st 2024 6:03am, by Charles Humble
VMware Private Cloud Now Has a Catalog of Advanced Services
Aug 27th 2024 6:01am, by Joab Jackson
Istio 1.23 Drops the Sidecar for a Simpler 'Ambient Mesh'
Aug 19th 2024 12:59pm, by Joab Jackson
Linux: Display and Manage IP Address Settings
Aug 18th 2024 12:00pm, by Damon M. Garn
Linux: Mount Remote Directories With SSHFS
Aug 3rd 2024 6:00am, by Jack Wallen
Client-Side Monitoring Is a Must for Mobile Apps
Jul 19th 2024 11:26am, by Fredric Newberg
Azure Durable Functions: FaaS for Complex Workflows
Aug 15th 2024 8:16am, by Lily Ma and David Justo
Momento: Caching at Scale and More, Without All the Hassle
Jul 22nd 2024 11:23am, by Susan Hall
WebAssembly and Kubernetes Go Better Together: Matt Butcher
May 22nd 2024 2:00pm, by Raghavan "Rags" Srinivas
How to Conquer Cold Starts for Better Performance
Apr 25th 2024 9:17am, by Henry Hamid Safi
Meet DBOS: A Database Alternative to Kubernetes 
Mar 12th 2024 4:00am, by Joab Jackson
Multicloud: Why It's the Best Choice for Data
Aug 23rd 2024 11:57am, by Megan Grant
Onehouse Automates Vector Embedding for Its Data Lakehouse
Aug 22nd 2024 10:30am, by Jelani Harper
Linux: Low-level Data Copying with dd
Aug 17th 2024 6:00am, by Jack Wallen
Momento: Caching at Scale and More, Without All the Hassle
Jul 22nd 2024 11:23am, by Susan Hall
Unfreeze Apache Iceberg to Thaw Your Data Lakehouse
Jul 22nd 2024 7:28am, by Dave Eyler
AI Large Language Models Frontend Development Software Development API Management Python JavaScript TypeScript WebAssembly Cloud Services Data Security
Balancing AI Innovation and Tech Debt in the Cloud
Aug 29th 2024 8:00am, by
Broadcom’s VMware Tanzu Platform 10 Becomes a PaaS
Aug 28th 2024 12:34pm, by
How To Nail Your GenAI Product Data Strategy
Aug 28th 2024 8:52am, by
Red Hat Tool Lets Developers Explore AI Applications Locally
Aug 27th 2024 11:09am, by
Clouds, Codes, and Navigating Top CIO Challenges in 2024
Aug 27th 2024 10:00am, by
Build a RAG App With Nvidia NIM and Milvus Running Locally
Aug 26th 2024 7:21am, by
5 Ways AI Improves Knowledge Management
Aug 23rd 2024 12:00pm, by
Google Serves Up Cloud GPUs With a Side of Open Source LLMs
Aug 21st 2024 8:00am, by
AI Coding Assistants: 12 Do’s and Don’ts
Aug 21st 2024 7:00am, by
Transform Predictive Analytics With Time Series Language Models
Aug 20th 2024 11:00am, by
3 Lessons in Accessible Development From an Expert Tester
Aug 29th 2024 12:00pm, by
Developers Rail Against JavaScript ‘Merchants of Complexity’
Aug 28th 2024 12:00pm, by
Red Hat Tool Lets Developers Explore AI Applications Locally
Aug 27th 2024 11:09am, by
AI Dev Tools Ranked and Astro Adds Support for Large Sites
Aug 24th 2024 7:00am, by
Shreds AI Creates Complex Software in Java and JavaScript
Aug 22nd 2024 9:00am, by
3 Lessons in Accessible Development From an Expert Tester
Aug 29th 2024 12:00pm, by
How Supabase Is Building Its Platform Engineering Strategy
Aug 29th 2024 6:42am, by
Broadcom’s VMware Tanzu Platform 10 Becomes a PaaS
Aug 28th 2024 12:34pm, by
Shift Left on a Budget: Cost-Savvy Testing for Microservices
Aug 27th 2024 12:03pm, by
Red Hat Tool Lets Developers Explore AI Applications Locally
Aug 27th 2024 11:09am, by
Beyond Monitoring: The Urgent Need for Strategic API Consumption Management
Aug 26th 2024 10:15am, by
API Governance and Developer Experience in a Developer Portal
Aug 22nd 2024 1:00pm, by
The Struggle To Test Microservices Before Merging
Aug 21st 2024 12:48pm, by
Unexpected Benefits of Full-Stack API Development
Aug 20th 2024 3:55am, by
Master API Connections in Azure with Bicep
Aug 14th 2024 10:00am, by
Mastering the Fundamentals of Computer Vision With Python
Aug 23rd 2024 8:10am, by
How To Use Inheritance in Python
Aug 13th 2024 5:00pm, by
What Is the Python join() Function and When Should You Use It?
Aug 12th 2024 5:00pm, by
What Is Python's sum() Function and How Do You Use It?
Aug 11th 2024 6:00am, by
What Is the Python Match Case Statement and Why Use It?
Aug 8th 2024 5:00pm, by
OpenJS Foundation’s Leader Details the Threats to Open Source
Aug 29th 2024 6:00am, by
Developers Rail Against JavaScript ‘Merchants of Complexity’
Aug 28th 2024 12:00pm, by
AI Dev Tools Ranked and Astro Adds Support for Large Sites
Aug 24th 2024 7:00am, by
Inside ECMAScript: JavaScript Standard Gets an Extra Stage
Aug 21st 2024 6:00am, by
Angular’s Efforts To Be Easier and Developer Friendly
Aug 20th 2024 10:30am, by
Implementing IAM in NestJS: The Essential Guide
Aug 30th 2024 6:26am, by
TypeScript 5.5: Faster, Smarter and More Powerful
Jun 25th 2024 6:41am, by
UIX: A Full Stack Web Dev Framework Leveraging Deno
Jun 11th 2024 11:30am, by
TanStack Introduces New Meta-Framework Based on Its Router
Jun 5th 2024 11:38am, by
In a TypeScript World, Code Generation Is Key for API SDKs
May 8th 2024 4:00am, by
Golang for WebAssembly Can Now Work Like IT Should
Aug 9th 2024 9:00am, by
How To Run WebAssembly on Kubernetes
Jul 28th 2024 10:00am, by
Chicory: Write to WebAssembly, Overcome JVM Shortcomings 
Jul 19th 2024 12:33pm, by
What’s Next for Flutter After Layoffs Hit Google Team
Jul 17th 2024 9:01am, by
Demos: Deploying LLMs With WasmEdge 
Jul 16th 2024 8:28am, by
Broadcom’s VMware Tanzu Platform 10 Becomes a PaaS
Aug 28th 2024 12:34pm, by
Dynamic Scaling: Why Shifting Right Is the Smart Approach
Aug 21st 2024 11:00am, by
Why Cloud Security Fails: The Posture vs. Runtime Gap
Aug 21st 2024 10:00am, by
Azure Durable Functions: FaaS for Complex Workflows
Aug 15th 2024 8:16am, by and
Google Cloud Adds GenAI, Core Enhancements Across Data Platform
Aug 1st 2024 8:30am, by
Reimagining Observability: The Case for a Disaggregated Stack
Aug 29th 2024 10:00am, by
Rockset Users Stranded by OpenAI Acquisition: Now What?
Aug 28th 2024 10:00am, by
How To Nail Your GenAI Product Data Strategy
Aug 28th 2024 8:52am, by
Multicloud: Why It's the Best Choice for Data
Aug 23rd 2024 11:57am, by
Use Small Language Models To Deploy AI on a Budget
Aug 23rd 2024 10:00am, by
Implementing IAM in NestJS: The Essential Guide
Aug 30th 2024 6:26am, by
Orca Security Launches First K8s Testing/Staging Environment
Aug 29th 2024 9:00am, by
eBPF Security Power and Shortfalls
Aug 28th 2024 8:12am, by
Level Up Your Software Quality With Static Code Analysis
Aug 26th 2024 6:33am, by
Choosing a GRC Tool: A 4-Step Roadmap
Aug 26th 2024 5:00am, by
Platform Engineering Operations CI/CD Tech Careers Tech Culture DevOps Kubernetes Observability Service Mesh
How Supabase Is Building Its Platform Engineering Strategy
Aug 29th 2024 6:42am, by Todd R. Weiss
How To Implement InnerSource With an Internal Developer Portal
Aug 28th 2024 11:00am, by Aidan O'Connor
How Platform Engineering Enables the 10,000-Dev Workforce
Aug 27th 2024 7:50am, by Jennifer Riggins
Broadcom Debuts VMware Tanzu Platform 10 at Explore 2024
Aug 27th 2024 6:00am, by Joab Jackson
Building an IDP With Help From the Open Source CNOE Framework
Aug 23rd 2024 9:00am, by Heather Joslyn
Deploy on Friday? Moratorium Doesn’t Achieve Admirable Goal
Aug 29th 2024 11:00am, by Steve Fenton
How To Implement InnerSource With an Internal Developer Portal
Aug 28th 2024 11:00am, by Aidan O'Connor
Why CI and CD Need to Go Their Separate Ways
Aug 27th 2024 10:30am, by Christian Hernandez
Clouds, Codes, and Navigating Top CIO Challenges in 2024
Aug 27th 2024 10:00am, by Fernando Castanheira
3 Strategies To Turn Incidents Into Learning Opportunities
Aug 27th 2024 6:52am, by Debora Cambe
How To Implement InnerSource With an Internal Developer Portal
Aug 28th 2024 11:00am, by Aidan O'Connor
Let’s Bring H-A-R-M-O-N-Y Back Into Our Tech Tools
Aug 28th 2024 7:15am, by Steve Rodda
Why CI and CD Need to Go Their Separate Ways
Aug 27th 2024 10:30am, by Christian Hernandez
Level Up Your Software Quality With Static Code Analysis
Aug 26th 2024 6:33am, by Robert Curlee
Need To Know Git? Start Here
Aug 24th 2024 6:00am, by Jack Wallen
The Developer Crisis: Mental Health, Burnout, and Retention
Aug 22nd 2024 11:00am, by Craig Smith
What AI Developer Skills Do You Need in 2024?
Aug 22nd 2024 7:00am, by Demola Malomo
What’s the Future for Software Developers?
Aug 22nd 2024 6:00am, by Heather Joslyn
Should Developers Curb Their Enthusiasm for Generative AI?
Aug 20th 2024 5:00am, by Richard Gall
In the Age of AI, What Should We Teach Student Programmers?
Aug 7th 2024 4:00am, by David Cassel
50 Years Later: Remembering How the Future Looked in 1974
Aug 24th 2024 6:00am, by David Cassel
The Developer Crisis: Mental Health, Burnout, and Retention
Aug 22nd 2024 11:00am, by Craig Smith
Dynamic Scaling: Why Shifting Right Is the Smart Approach
Aug 21st 2024 11:00am, by Phil Andrews
Developers: The First Line of Defense in Cybersecurity
Aug 12th 2024 10:00am, by Shrav Mehta
An Algorithm-Produced 'Generative' Film Celebrates Brian Eno
Aug 10th 2024 5:00am, by David Cassel
Deploy on Friday? Moratorium Doesn’t Achieve Admirable Goal
Aug 29th 2024 11:00am, by Steve Fenton
Reimagining Observability: The Case for a Disaggregated Stack
Aug 29th 2024 10:00am, by Neha Pawar
Balancing AI Innovation and Tech Debt in the Cloud
Aug 29th 2024 8:00am, by Ido Neeman
Let’s Bring H-A-R-M-O-N-Y Back Into Our Tech Tools
Aug 28th 2024 7:15am, by Steve Rodda
Why CI and CD Need to Go Their Separate Ways
Aug 27th 2024 10:30am, by Christian Hernandez
Orca Security Launches First K8s Testing/Staging Environment
Aug 29th 2024 9:00am, by Chris J. Preimesberger
eBPF Security Power and Shortfalls
Aug 28th 2024 8:12am, by B. Cameron Gain
Broadcom Debuts VMware Tanzu Platform 10 at Explore 2024
Aug 27th 2024 6:00am, by Joab Jackson
Remocal Development: The Future of Efficient Kubernetes Workflows
Aug 25th 2024 10:00am, by Anita Ihuman
Can Grafana Adaptive Metrics Help Slash Observability Costs?
Aug 20th 2024 6:52am, by B. Cameron Gain
Reimagining Observability: The Case for a Disaggregated Stack
Aug 29th 2024 10:00am, by Neha Pawar
The Hidden Costs of Chasing Five 9s
Aug 24th 2024 10:00am, by Ajinkya Mahadeo Ghadge
Spans: What Are They and Why Should Mobile Engineers Care?
Aug 22nd 2024 7:58am, by Fredric Newberg
ServiceOps: Balancing Speed and Risk in DevOps
Aug 21st 2024 5:02am, by Margaret Lee
Chatting With Data: LLMs Are Transforming AIOps
Aug 20th 2024 10:00am, by Avitan Gefen
Istio 1.23 Drops the Sidecar for a Simpler 'Ambient Mesh'
Aug 19th 2024 12:59pm, by Joab Jackson
Can Cilium Be a Control Plane Beyond Kubernetes?
Jul 28th 2024 6:00am, by Alex Williams
Enhancing Business Security and Compliance with Service Mesh
Apr 1st 2024 10:00am, by Ninad Desai
Some Linkerd Users Must Pay: Fear and Anger Explained
Feb 28th 2024 9:21am, by B. Cameron Gain
Buoyant Revises Release Model for the Linkerd Service Mesh
Feb 21st 2024 9:30am, by Joab Jackson
Security / TypeScript

Implementing IAM in NestJS: The Essential Guide

Set up identity and access management with authentication, authorization, user provisioning and audit logging to protect your NestJS applications.
Aug 30th, 2024 6:26am by
Featued image for: Implementing IAM in NestJS: The Essential Guide
Featured image by Maurice Schalker on Unsplash.

Identity and access management (IAM) is an essential component of application security. It helps ensure that the right individuals can access the right technology resources, like emails, databases, data and applications, while keeping unauthorized users out.

NestJS is a popular Node.js framework for building scalable and efficient server-side applications. Implementing IAM in NestJS can greatly improve security while enhancing your user experience. In this guide, I will explore how to implement IAM in a NestJS application from start to finish.

What Is IAM?

IAM is a framework of technologies and policies that helps manage user identities and control access to user resources. It includes authentication, authorization, user provisioning, role-based access control (RBAC) and audit logging. With IAM, you can:

  • Ensure secure authentication mechanisms.
  • Implement appropriate authorization rules.
  • Maintain user roles and permissions.
  • Monitor and audit access to resources.

OK, I Get IAM … but What Is NestJS?

NestJS is an extensive Node.js framework that helps you build server-side applications. NestJS leverages TypeScript and uses a modular architecture inspired by Angular, making it a strong choice for scalable applications and providing a solid foundation for implementing IAM.

Implement JWT Authentication in NestJS

Authentication is the process of verifying a user’s identity using authentication strategies including JSON Web Tokens (JWT) and OAuth2. Follow these steps to set up JWT authentication in a NestJS application.

First, install the necessary dependencies:


Next, create a module for authentication. This module will handle user login, token generation and token validation.

Create the AuthService to handle authentication logic:

Next, define the JwtStrategy to handle token validation:

Finally, create the AuthController for user login:

The LoginDto defines the expected request body for the login endpoint:

Now you have a basic JWT authentication system in place. Users can log in and receive a JWT token, which they can use to access protected routes.

Implement RBAC Authorization in NestJS

Authorization is the process of determining whether a user has permission to access certain resources. RBAC is a common approach to authorization in NestJS.

To implement RBAC, first, create a RolesGuard that checks if a user has the appropriate role to access a resource:

Define a custom decorator to specify required roles:

With these components, you can create a protected route that requires specific roles:

Enable User Provisioning and Audit Logging

Beyond authentication and authorization, user provisioning and audit logging are crucial components of IAM.

Set Up User Provisioning

User provisioning involves creating, updating and deleting user accounts. You can implement a user service to manage these operations:

Implement Audit Logging

Audit logging helps track user activities, providing insights into who accessed what and when.

Middleware in NestJS provides a centralized way to apply logic to incoming requests before they reach controllers, making it ideal for logging, authentication checks, rate limiting, etc. By placing audit logging in a middleware, you can capture and record relevant information consistently for all or specific endpoints without duplicating logic across controllers.

Here’s an example of how you might implement audit logging as middleware in a NestJS application:

Create Middleware for Audit Logging

Define a middleware that logs relevant information for each request, such as the HTTP method, URL, user identity (if authenticated) and timestamp.

Apply Middleware to the Module

To ensure that the middleware runs for specific routes or globally, register it in the corresponding module(s).

Apply Middleware Globally

To apply the middleware globally, add it to the root module’s configure method:

Apply Middleware to Specific Routes

If you want to apply the middleware only to specific routes, you can specify the routes to which it should apply:

Conclusion

Implementing IAM in a NestJS application involves several key components, including authentication, authorization, user provisioning and audit logging.

This article provided a comprehensive guide with practical examples to help you implement IAM in NestJS. With these components in place, your application will be more secure and better equipped to manage user identities and access to resources.

Are you looking to scale your team with skilled NodeJS specialists like Chesvic? Our guide How to Hire a NodeJS Developer: Finding the Perfect Fit can help you source the right skills for your organization.

TRENDING STORIES
Group Created with Sketch.
Chesvic Hillary is a Senior Back-End Engineer and technologist for Andela, one of the world’s largest private talent marketplaces. Based in Lagos, Nigeria, Chesvic is an experienced technical writer and code instructor who has mentored junior engineers and helped them...
Read more from Chesvic Hillary
SHARE THIS STORY
TRENDING STORIES
TNS owner Insight Partners is an investor in: Enable.
TRENDING STORIES
TNS DAILY NEWSLETTER Receive a free roundup of the most recent TNS articles in your inbox each day.