@nestjs-cognito/auth
HTTP authentication guards and decorators for NestJS applications.
Installation
npm install @nestjs-cognito/auth @nestjs-cognito/core
Module
CognitoAuthModule
Main module for HTTP authentication.
Methods:
register(options: CognitoModuleOptions): DynamicModuleregisterAsync(options: CognitoModuleAsyncOptions): DynamicModule
Decorators
Guards
@Authentication()
Apply JWT authentication to controllers or routes.
@Authentication()
export class UsersController {}
@Authorization(groups: string[])
Require specific Cognito groups.
@Authorization(['admin', 'manager'])
async adminAction() {}
@PublicRoute()
Bypass authentication for specific routes.
@PublicRoute()
@Get('public')
public() {}
Parameter Decorators
@CognitoUser(property?: string)
Extract authenticated user from request.
getProfile(@CognitoUser() user: CognitoJwtPayload) {}
getProfile(@CognitoUser('sub') userId: string) {}
@CognitoIdUser(property?: string)
Extract ID token payload (validates token type).
getProfile(@CognitoIdUser() user: CognitoIdTokenPayload) {}
@CognitoAccessUser(property?: string)
Extract access token payload (validates token type).
getScopes(@CognitoAccessUser('scope') scope: string) {}
Configuration
CognitoModuleOptions
interface CognitoModuleOptions {
jwtVerifier: CognitoJwtVerifierOptions | CognitoJwtVerifierOptions[];
jwtRsaVerifier?: JwtRsaVerifierOptions | JwtRsaVerifierOptions[];
jwtExtractor?: CognitoJwtExtractor;
identityProvider?: CognitoIdentityProviderOptions;
}
CognitoJwtVerifierOptions
interface CognitoJwtVerifierOptions {
userPoolId: string;
clientId: string | null;
tokenUse: 'access' | 'id' | null;
groups?: string[];
}
Exports
Classes:
CognitoAuthModule
Decorators:
@Authentication()@Authorization(groups: string[])@PublicRoute()@CognitoUser(property?: string)@CognitoIdUser(property?: string)@CognitoAccessUser(property?: string)
Guards:
CognitoAuthGuardCognitoGroupGuard
Constants:
PUBLIC_ROUTE_METADATA
Guides
- Authentication - Protect your routes
- Authorization - Role-based access control
- Public Routes - Configure public endpoints
- User Information - Access user data
- Token Extraction - Custom token extraction