Welcome to the NestJS Auth0 OpenFGA Demo project! This project showcases how to integrate Auth0 for authentication and OpenFGA for permissions management within a NestJS application. By following this demo, you'll learn how to build a secure and scalable API with robust fine-grained access control.
- Introduction
- Features
- Technologies Used
- Prerequisites
- Installation
- Configuration
- Running the Application
- API Documentation
- License
In modern web applications, managing user authentication and authorization is crucial for ensuring security and providing appropriate access to resources. This demo project illustrates how to seamlessly integrate Auth0 for handling user authentication and OpenFGA for managing fine-grained permissions within a NestJS framework.
Note: This project serves as supplementary material for the FusionWorks article Fine-grained authorization for APIs with NestJS and OpenFGA, providing practical examples and source code to enhance your understanding of fine-grained authorization in NestJS applications.
- User Authentication: Secure user authentication using Auth0.
- Fine-Grained Authorization (FGA): Define and manage user roles and permissions with OpenFGA.
- API Documentation: Interactive API documentation using Swagger, secured with Auth0 authentication.
- Projects Management: Create and manage projects with roles such as Owner, Admin, and Member.
- Secure Endpoints: Protect API endpoints with JWT authentication and permission guards.
- NestJS: A progressive Node.js framework for building efficient, reliable, and scalable server-side applications.
- Auth0: A flexible authentication and authorization platform.
- OpenFGA: An open-source fine-grained authorization system.
- MongoDB: A NoSQL database for storing project data.
- Swagger: For API documentation and testing.
Before getting started, ensure you have the following installed on your machine:
- Node.js (v14 or higher)
- npm (v6 or higher)
- MongoDB (local or hosted instance)
- Auth0 Account: Sign up here
- Okta FGA Account: Sign up here
-
Clone the Repository
git clone https://github.com/FusionWorks/nestjs-openfga-example.git cd nestjs-openfga-example -
Install Dependencies
cd nestjs-openfga-example npm install
-
Environment Variables
Create a .env file in the root directory of the project and populate it with the following variables:
# Auth0 Configuration AUTH0_DOMAIN=your-auth0-domain AUTH0_AUDIENCE=your-auth0-audience AUTH0_OAUTH_CLIENT_ID=your-auth0-oauth-client-id # OpenFGA Configuration FGA_API_URL=your-openfga-api-url FGA_STORE_ID=your-openfga-store-id FGA_CLIENT_ID=your-openfga-client-id FGA_CLIENT_SECRET=your-openfga-client-secret FGA_API_TOKEN_ISSUER=your-openfga-token-issuer FGA_API_AUDIENCE=your-openfga-audience # MongoDB Configuration MONGODB_URI=your-mongodb-uri # Application Port PORT=3000
Replace the placeholder values with your actual configuration details:
- Auth0: Obtain these from your Auth0 dashboard under your application's settings.
- OpenFGA: Sign up at fga.dev and create an authorization model to get the necessary credentials.
- MongoDB: Provide your MongoDB connection string.
-
Define the Authorization Model
Using fga.dev, design and host your authorization model. For this demo, the model is defined as:
model schema 1.1 type user type project relations define admin: [user] or owner define member: [user] or admin define owner: [user]
Development Mode (with hot-reloading):
npm run start:devProduction Mode:
npm run start:prodThe application will start on the port specified in your .env file (default is 3000).
Interactive API documentation is available via Swagger. To access it:
Ensure the application is running. Navigate to http://localhost:3000/api/ in your browser. Authenticate using Auth0 to access and test the API endpoints.
This project is licensed under the MIT License.