AgentOps
Back to Skills

nestjs-auth-rbac

Authentication and authorization deep-dive for NestJS covering JWT, sessions, refresh tokens, RBAC, permissions, guards, decorators, OAuth2, multi-tenancy, and security hardening. Use when implementing auth flows, role-based access control, permission systems, or securing NestJS APIs.

nestjsauthjwtrbacpermissionssecuritytypescriptoauth
Version1.0.0
Authoragent-skills
CategoryBackend
Tags8
Install Skill
npx skills add https://github.com/sadamkhan7679/agent-ops --skill nestjs-auth-rbac

NestJS Auth & RBAC

Comprehensive authentication and authorization patterns for NestJS applications. From JWT basics to enterprise multi-tenant RBAC.

When to Apply

Reference these patterns when:

  • >Implementing JWT authentication with refresh tokens
  • >Building role-based access control (RBAC)
  • >Implementing fine-grained permissions
  • >Setting up OAuth2/social login
  • >Securing API endpoints with guards
  • >Building multi-tenant authentication
  • >Hardening auth against common attacks

Guide Categories by Priority

PriorityCategoryImpactPrefix
1JWT AuthenticationCRITICALjwt-
2Guards & DecoratorsCRITICALguards-
3Role-Based Access ControlHIGHrbac-
4Permission SystemHIGHpermissions-
5Refresh TokensHIGHrefresh-
6Session AuthMEDIUMsession-
7OAuth2 & SocialMEDIUMoauth-
8Multi-TenancyMEDIUMtenant-
9Security HardeningMEDIUMsecurity-
10Testing AuthLOW-MEDIUMtesting-

Quick Reference

1. JWT Authentication (CRITICAL)

  • >jwt-strategy - Passport JWT strategy with NestJS
  • >jwt-token-service - Token generation, validation, and rotation
  • >jwt-cookie-transport - Secure HTTP-only cookie transport

2. Guards & Decorators (CRITICAL)

  • >guards-auth - AuthGuard with public route bypass
  • >guards-roles - RolesGuard with @Roles() decorator
  • >guards-composition - Composing multiple guards with AND/OR logic

3. Role-Based Access Control (HIGH)

  • >rbac-schema - Role and permission database schema
  • >rbac-service - RBAC service with role hierarchy
  • >rbac-middleware - Request-level role resolution

4. Permission System (HIGH)

  • >permissions-granular - Fine-grained permissions (create:users, read:orders)
  • >permissions-decorator - @RequirePermissions() decorator and guard
  • >permissions-resource-owner - Resource ownership checks

5. Refresh Tokens (HIGH)

  • >refresh-rotation - Refresh token rotation with family tracking
  • >refresh-revocation - Token revocation and blacklisting

6. Session Auth (MEDIUM)

  • >session-setup - Express session with Redis store
  • >session-serialization - Passport session serialization

7. OAuth2 & Social (MEDIUM)

  • >oauth-google - Google OAuth2 with Passport
  • >oauth-github - GitHub OAuth2 integration
  • >oauth-linking - Account linking for multiple providers

8. Multi-Tenancy (MEDIUM)

  • >tenant-identification - Tenant identification (subdomain, header, JWT claim)
  • >tenant-isolation - Data isolation strategies (row-level, schema-level)

9. Security Hardening (MEDIUM)

  • >security-password - Password hashing with argon2/bcrypt
  • >security-brute-force - Brute force protection and account lockout
  • >security-csrf-cors - CSRF protection and CORS configuration

10. Testing Auth (LOW-MEDIUM)

  • >testing-auth-mocks - Mocking auth guards and strategies in tests
  • >testing-auth-e2e - E2E testing protected endpoints

Full Compiled Document

For the complete guide with all content expanded: AGENTS.md