generated from bcgov/quickstart-openshift
-
Notifications
You must be signed in to change notification settings - Fork 2
Protecting Controllers in NEST Using Guards
Barrett Falk edited this page Jul 29, 2024
·
1 revision
- The backend routes are protected by the JwtRoleGuard by default, meaning that any request to a route on the backend will require a JWT containing a valid role. The JWT itself is validated using the JWKS pattern. Failure to provide a JWT that contains the appropriate role will result in a Unauthorized exception. To disable this guard, use the @public decorator on the controller.
- The apikeyguard (e.g. @UseGuards(ApiKeyGuard)) should be used in cases where there is no JWT available to protect the backend routes. Routes using the ApiKeyGuard should have the JwtRoleGuard disabled (by using the public decorator on the controller). Note this decorator name should be renamed as its purpose has shifted. Perhaps a name such as "DisableAuthorizationGuard" would be more appropriate.