JWT Authentication
Passport.js, JWT strategy, guards, bcrypt, refresh tokens, token expiration
1What is a JWT (JSON Web Token)?
What is a JWT (JSON Web Token)?
回答
A JWT is an open standard (RFC 7519) that defines a compact and secure format for transmitting information between parties as a JSON object. It is digitally signed to ensure its integrity and can be encrypted. JWTs are commonly used for stateless authentication in REST APIs because they contain all necessary information without requiring server-side sessions.
2What is the structure of a JWT?
What is the structure of a JWT?
回答
A JWT consists of three parts separated by dots: Header (signature algorithm and type), Payload (claims/data), and Signature (integrity verification). Each part is Base64URL encoded. Example: eyJhbGc.eyJzdWI.SflKxwRJ. This structure allows transporting data while ensuring it hasn't been tampered with.
3Which NestJS package is used to handle JWTs?
Which NestJS package is used to handle JWTs?
回答
@nestjs/jwt provides an abstraction around the jsonwebtoken package to facilitate JWT token generation and verification in NestJS. It integrates with the NestJS module system via JwtModule and exposes the JwtService with methods like sign(), signAsync(), verify() and verifyAsync(). It should be combined with @nestjs/passport for complete authentication.
What is the role of the JwtService.sign() method?
What is the role of the JwtService.verify() method?
+22 面接問題