DEV Community: Oluwadamilola Babalola The latest articles on DEV Community by Oluwadamilola Babalola (@thedammyking). https://dev.to/thedammyking https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F294880%2Fbe6d66ed-ca0f-4052-81f3-72a0dcb8b391.jpg DEV Community: Oluwadamilola Babalola https://dev.to/thedammyking en Authentication with Clerk in NestJS Server Application Oluwadamilola Babalola Sat, 04 Jan 2025 22:45:15 +0000 https://dev.to/thedammyking/authentication-with-clerk-in-nestjs-server-application-gpm https://dev.to/thedammyking/authentication-with-clerk-in-nestjs-server-application-gpm <h2> Introduction </h2> <p>This article provides a comprehensive, step-by-step guide to implementing authentication and authorization in a NestJS backend application with Clerk.</p> <h3> What is Clerk? </h3> <p>Clerk is a comprehensive platform offering embeddable user interfaces, flexible APIs, and an intuitive and robust dashboard for seamless user authentication and management. It covers everything from session management and multi-factor authentication to social sign-ons, magic links, email or SMS one-time passcodes and <a href="https://clerk.com" rel="noopener noreferrer">more</a>.</p> <h3> Why use Clerk? </h3> <p>Authentication and security requirements, trends, and best practices are always evolving because data protection and privacy are increasingly important. By offloading these responsibilities to a specialized service provider, you can focus on building the core features of your application and ship faster.</p> <p>Platforms like Clerk exist to take on these security tasks for you.</p> <h3> Prerequisites </h3> <ul> <li>Basic knowledge of Typescript</li> <li>Familiarity with NestJS Fundamentals</li> <li>Understanding of authentication concept on the backend</li> <li>Running Node 18 or latest</li> </ul> <h2> Project setup </h2> <p>This project requires a new or existing NestJS project, a Clerk account and application, and libraries like Passport, Passport Strategy and Clerk backend SDK. </p> <h3> Creating a NestJS project </h3> <p>You can easily set up a new NestJS project using the Nest CLI. With any package manager you prefer, run the following commands to create a new Nest application:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>pnpm add <span class="nt">-g</span> @nestjs/cli <span class="nv">$ </span>nest new clerk-auth </code></pre> </div> <p>Checkout the <a href="https://docs.nestjs.com/" rel="noopener noreferrer">NestJS documentation</a> for more details.</p> <h3> Setting up your Clerk account and application </h3> <p>If you don’t already have one, create a Clerk account and set up a new application in the Clerk dashboard. You can get started on <a href="https://clerk.com" rel="noopener noreferrer">Clerk website</a>. </p> <h3> Installing required libraries </h3> <p>The required libraries for this project can be installed with this command:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>pnpm add @clerk/backend @nestjs/config @nestjs/passport passport passport-custom </code></pre> </div> <h3> Environment configuration </h3> <p>Create a <code>.env</code> file in the root directory of your project to manage variables for different environments, <code>production</code>, <code>development</code> or <code>staging</code>.</p> <p>Add the following variables, replacing the placeholders with the actual keys obtained from your Clerk account dashboard.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># .env CLERK_PUBLISHABLE_KEY=YOUR_PUBLISHABLE_KEY CLERK_SECRET_KEY=YOUR_SECRET_KEY </code></pre> </div> <p>To access environment variables throughout the application using the <code>ConfigService</code>, import the <code>ConfigModule</code> into the root <code>AppModule</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// src/app.module.ts</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Module</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@nestjs/common</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">ConfigModule</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@nestjs/config</span><span class="dl">'</span><span class="p">;</span> <span class="p">@</span><span class="nd">Module</span><span class="p">({</span> <span class="na">imports</span><span class="p">:</span> <span class="p">[</span> <span class="nx">ConfigModule</span><span class="p">.</span><span class="nf">forRoot</span><span class="p">({</span> <span class="na">isGlobal</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">}),</span> <span class="p">],</span> <span class="p">})</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">AppModule</span> <span class="p">{}</span> </code></pre> </div> <h2> Integrating Clerk in NestJS </h2> <p>This section explains how to integrate and utilize the Clerk backend SDK in your NestJS project.</p> <h3> Creating a Clerk client provider </h3> <p>Registering the Clerk client as a provider makes it injectable into classes using a decorator, allowing it to be used wherever needed throughout the codebase, as demonstrated in the upcoming sections.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// src/providers/clerk-client.provider.ts</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">createClerkClient</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@clerk/backend</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">ConfigService</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@nestjs/config</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">ClerkClientProvider</span> <span class="o">=</span> <span class="p">{</span> <span class="na">provide</span><span class="p">:</span> <span class="dl">'</span><span class="s1">ClerkClient</span><span class="dl">'</span><span class="p">,</span> <span class="na">useFactory</span><span class="p">:</span> <span class="p">(</span><span class="na">configService</span><span class="p">:</span> <span class="nx">ConfigService</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">createClerkClient</span><span class="p">({</span> <span class="na">publishableKey</span><span class="p">:</span> <span class="nx">configService</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">CLERK_PUBLISHABLE_KEY</span><span class="dl">'</span><span class="p">),</span> <span class="na">secretKey</span><span class="p">:</span> <span class="nx">configService</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">CLERK_SECRET_KEY</span><span class="dl">'</span><span class="p">),</span> <span class="p">});</span> <span class="p">},</span> <span class="na">inject</span><span class="p">:</span> <span class="p">[</span><span class="nx">ConfigService</span><span class="p">],</span> <span class="p">};</span> </code></pre> </div> <h3> Registering the ClerkClientProvider in AppModule </h3> <p>Next, you need to register the provider with Nest to enable dependency injection.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// src/app.module.ts</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Module</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@nestjs/common</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">ConfigModule</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@nestjs/config</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">ClerkClientProvider</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">src/providers/clerk-client.provider</span><span class="dl">'</span><span class="p">;</span> <span class="p">@</span><span class="nd">Module</span><span class="p">({</span> <span class="na">imports</span><span class="p">:</span> <span class="p">[</span> <span class="nx">ConfigModule</span><span class="p">.</span><span class="nf">forRoot</span><span class="p">({</span> <span class="na">isGlobal</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">}),</span> <span class="p">],</span> <span class="na">providers</span><span class="p">:</span> <span class="p">[</span><span class="nx">ClerkClientProvider</span><span class="p">],</span> <span class="p">})</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">AppModule</span> <span class="p">{}</span> </code></pre> </div> <h2> Using Passport with Clerk-Issued JWT </h2> <p>Clerk issues a JWT token when a user signs up or logs in through Clerk’s hosted pages or a frontend app. This token is then sent as a <a href="https://datatracker.ietf.org/doc/html/rfc6750" rel="noopener noreferrer">bearer token in the <code>Authorization</code> header</a> of requests made to the NestJS backend application.</p> <h3> Creating a Clerk Strategy </h3> <p>In NestJS, <code>Passport</code> is the recommended way to implement authentication strategies. You’ll create a custom Clerk strategy that verifies tokens with Clerk client.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// src/auth/clerk.strategy.ts</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">User</span><span class="p">,</span> <span class="nx">verifyToken</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@clerk/backend</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Injectable</span><span class="p">,</span> <span class="nx">Injectable</span><span class="p">,</span> <span class="nx">UnauthorizedException</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@nestjs/common</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">ConfigService</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@nestjs/config</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">PassportStrategy</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@nestjs/passport</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Strategy</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">passport-custom</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">UsersService</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">src/users/users.service</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Request</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">express</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">ClerkClient</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@clerk/backend</span><span class="dl">'</span><span class="p">;</span> <span class="p">@</span><span class="nd">Injectable</span><span class="p">()</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">ClerkStrategy</span> <span class="kd">extends</span> <span class="nc">PassportStrategy</span><span class="p">(</span><span class="nx">Strategy</span><span class="p">,</span> <span class="dl">'</span><span class="s1">clerk</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nf">constructor</span><span class="p">(</span> <span class="p">@</span><span class="nd">Inject</span><span class="p">(</span><span class="dl">'</span><span class="s1">ClerkClient</span><span class="dl">'</span><span class="p">)</span> <span class="k">private</span> <span class="k">readonly</span> <span class="nx">clerkClient</span><span class="p">:</span> <span class="nx">ClerkClient</span><span class="p">,</span> <span class="k">private</span> <span class="k">readonly</span> <span class="nx">configService</span><span class="p">:</span> <span class="nx">ConfigService</span><span class="p">,</span> <span class="p">)</span> <span class="p">{</span> <span class="k">super</span><span class="p">();</span> <span class="p">}</span> <span class="k">async</span> <span class="nf">validate</span><span class="p">(</span><span class="nx">req</span><span class="p">:</span> <span class="nx">Request</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">User</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nx">authorization</span><span class="p">?.</span><span class="nf">split</span><span class="p">(</span><span class="dl">'</span><span class="s1"> </span><span class="dl">'</span><span class="p">).</span><span class="nf">pop</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">token</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">UnauthorizedException</span><span class="p">(</span><span class="dl">'</span><span class="s1">No token provided</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">tokenPayload</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">verifyToken</span><span class="p">(</span><span class="nx">token</span><span class="p">,</span> <span class="p">{</span> <span class="na">secretKey</span><span class="p">:</span> <span class="k">this</span><span class="p">.</span><span class="nx">configService</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">CLERK_SECRET_KEY</span><span class="dl">'</span><span class="p">),</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nx">clerkClient</span><span class="p">.</span><span class="nx">users</span><span class="p">.</span><span class="nf">getUser</span><span class="p">(</span><span class="nx">tokenPayload</span><span class="p">.</span><span class="nx">sub</span><span class="p">);</span> <span class="k">return</span> <span class="nx">user</span><span class="p">;</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="nx">error</span><span class="p">);</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">UnauthorizedException</span><span class="p">(</span><span class="dl">'</span><span class="s1">Invalid token</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>The <code>validate()</code> method returns user data that NestJS automatically attaches to the request.user.</p> <h3> Creating an Auth Module </h3> <p>Create an <code>AuthModule</code> that provides the Clerk strategy and integrates with the <code>PassportModule</code>. Then, register the <code>AuthModule</code> in the <code>AppModule</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// src/auth/auth.module.ts</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Module</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@nestjs/common</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">ClerkStrategy</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./clerk.strategy</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">PassportModule</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@nestjs/passport</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">ClerkClientProvider</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">src/providers/clerk-client.provider</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">ConfigModule</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@nestjs/config</span><span class="dl">'</span><span class="p">;</span> <span class="p">@</span><span class="nd">Module</span><span class="p">({</span> <span class="na">imports</span><span class="p">:</span> <span class="p">[</span><span class="nx">PassportModule</span><span class="p">,</span> <span class="nx">ConfigModule</span><span class="p">],</span> <span class="na">providers</span><span class="p">:</span> <span class="p">[</span><span class="nx">ClerkStrategy</span><span class="p">,</span> <span class="nx">ClerkClientProvider</span><span class="p">],</span> <span class="na">exports</span><span class="p">:</span> <span class="p">[</span><span class="nx">PassportModule</span><span class="p">],</span> <span class="p">})</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">AuthModule</span> <span class="p">{}</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// src/app.module.ts</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Module</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@nestjs/common</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">ConfigModule</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@nestjs/config</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">ClerkClientProvider</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">src/providers/clerk-client.provider</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">AuthModule</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">src/auth/auth.module</span><span class="dl">'</span><span class="p">;</span> <span class="p">@</span><span class="nd">Module</span><span class="p">({</span> <span class="na">imports</span><span class="p">:</span> <span class="p">[</span> <span class="nx">ConfigModule</span><span class="p">.</span><span class="nf">forRoot</span><span class="p">({</span> <span class="na">isGlobal</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">}),</span> <span class="nx">AuthModule</span><span class="p">,</span> <span class="p">],</span> <span class="na">providers</span><span class="p">:</span> <span class="p">[</span><span class="nx">ClerkClientProvider</span><span class="p">],</span> <span class="p">})</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">AppModule</span> <span class="p">{}</span> </code></pre> </div> <h2> Implementing routes protections </h2> <p>Protected routes are routes that require the user to be authenticated before they can access them.</p> <h3> Creating Clerk authentication guard </h3> <p>Guards determine whether a specific request should be processed by a route handler based on certain runtime conditions.</p> <p>If you want to protect all routes in your application by default, you’ll need to take the following steps:</p> <ol> <li>Create a <code>Public</code> decorator to mark routes that should be accessible without authentication.</li> <li>Implement a <code>ClerkAuthGuard</code> to restrict access to protected routes, allowing only authenticated users to proceed. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// src/decorators/public.decorator.ts</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">SetMetadata</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@nestjs/common</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">IS_PUBLIC_KEY</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">isPublic</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">Public</span> <span class="o">=</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="nc">SetMetadata</span><span class="p">(</span><span class="nx">IS_PUBLIC_KEY</span><span class="p">,</span> <span class="kc">true</span><span class="p">);</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// src/auth/clerk-auth.guard.ts</span> <span class="k">import</span> <span class="p">{</span> <span class="kd">type</span> <span class="nx">ExecutionContext</span><span class="p">,</span> <span class="nx">Injectable</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@nestjs/common</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Reflector</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@nestjs/core</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">AuthGuard</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@nestjs/passport</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">IS_PUBLIC_KEY</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">src/decorators/public.decorator</span><span class="dl">'</span><span class="p">;</span> <span class="p">@</span><span class="nd">Injectable</span><span class="p">()</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">ClerkAuthGuard</span> <span class="kd">extends</span> <span class="nc">AuthGuard</span><span class="p">(</span><span class="dl">'</span><span class="s1">clerk</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nf">constructor</span><span class="p">(</span><span class="k">private</span> <span class="nx">reflector</span><span class="p">:</span> <span class="nx">Reflector</span><span class="p">)</span> <span class="p">{</span> <span class="k">super</span><span class="p">();</span> <span class="p">}</span> <span class="nf">canActivate</span><span class="p">(</span><span class="nx">context</span><span class="p">:</span> <span class="nx">ExecutionContext</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">isPublic</span> <span class="o">=</span> <span class="k">this</span><span class="p">.</span><span class="nx">reflector</span><span class="p">.</span><span class="nx">getAllAndOverride</span><span class="o">&lt;</span><span class="nx">boolean</span><span class="o">&gt;</span><span class="p">(</span><span class="nx">IS_PUBLIC_KEY</span><span class="p">,</span> <span class="p">[</span> <span class="nx">context</span><span class="p">.</span><span class="nf">getHandler</span><span class="p">(),</span> <span class="nx">context</span><span class="p">.</span><span class="nf">getClass</span><span class="p">(),</span> <span class="p">]);</span> <span class="k">if </span><span class="p">(</span><span class="nx">isPublic</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="kc">true</span><span class="p">;</span> <span class="p">}</span> <span class="k">return</span> <span class="k">super</span><span class="p">.</span><span class="nf">canActivate</span><span class="p">(</span><span class="nx">context</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Enabling authentication globally </h3> <p>Since most of your endpoints will be protected by default, you can configure the authentication guard as a global guard.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// src/app.module.ts</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Module</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@nestjs/common</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">ConfigModule</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@nestjs/config</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">ClerkClientProvider</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../providers/clerk-client.provider</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">AuthModule</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../auth/auth.module</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">ClerkAuthGuard</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../auth/clerk-auth.guard</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">APP_GUARD</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@nestjs/core</span><span class="dl">'</span><span class="p">;</span> <span class="p">@</span><span class="nd">Module</span><span class="p">({</span> <span class="na">imports</span><span class="p">:</span> <span class="p">[</span> <span class="nx">ConfigModule</span><span class="p">.</span><span class="nf">forRoot</span><span class="p">({</span> <span class="na">isGlobal</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">}),</span> <span class="nx">AuthModule</span><span class="p">,</span> <span class="p">],</span> <span class="na">providers</span><span class="p">:</span> <span class="p">[</span> <span class="nx">ClerkClientProvider</span><span class="p">,</span> <span class="p">{</span> <span class="na">provide</span><span class="p">:</span> <span class="nx">APP_GUARD</span><span class="p">,</span> <span class="na">useClass</span><span class="p">:</span> <span class="nx">ClerkAuthGuard</span><span class="p">,</span> <span class="p">},</span> <span class="p">],</span> <span class="p">})</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">AppModule</span> <span class="p">{}</span> </code></pre> </div> <h3> Defining Protected and Public Routes </h3> <p>In these two controllers, the <code>Public</code> decorator is used in the <code>AppController</code> to designate a route as public. In contrast, no decorator is needed in the <code>AuthController</code> to specify routes as protected, as the authentication guard is applied globally by default.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// src/app.controller.ts</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Controller</span><span class="p">,</span> <span class="nx">Get</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@nestjs/common</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Public</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">src/decorators/public.decorator</span><span class="dl">'</span><span class="p">;</span> <span class="p">@</span><span class="nd">Controller</span><span class="p">()</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">AppController</span> <span class="p">{</span> <span class="p">@</span><span class="nd">Public</span><span class="p">()</span> <span class="p">@</span><span class="nd">Get</span><span class="p">()</span> <span class="k">async</span> <span class="nf">app</span><span class="p">()</span> <span class="p">{</span> <span class="k">return</span> <span class="dl">'</span><span class="s1">Hello World</span><span class="dl">'</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// src/auth/auth.controller.ts</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">User</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@clerk/backend</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Controller</span><span class="p">,</span> <span class="nx">Get</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@nestjs/common</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">CurrentUser</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">src/decorators/current-user.decorator</span><span class="dl">'</span><span class="p">;</span> <span class="p">@</span><span class="nd">Controller</span><span class="p">(</span><span class="dl">'</span><span class="s1">auth</span><span class="dl">'</span><span class="p">)</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">AuthController</span> <span class="p">{</span> <span class="p">@</span><span class="nd">Get</span><span class="p">(</span><span class="dl">'</span><span class="s1">me</span><span class="dl">'</span><span class="p">)</span> <span class="k">async</span> <span class="nf">getProfile</span><span class="p">(@</span><span class="nd">CurrentUser</span><span class="p">()</span> <span class="nx">user</span><span class="p">:</span> <span class="nx">User</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">user</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><strong>Note</strong>: Remember to register the <code>AppController</code> in the <code>AppModule</code> and the <code>AuthController</code> in the <code>AuthModule</code>.</p> <h2> Conclusion </h2> <p>Clerk as a platform handles authentication and security responsibilities, keeping up with the latest trends and best practices. This enables you to focus on building your application’s core features and accelerating your development process.</p> <p>In this guide, we’ve covered the steps to implement Clerk authentication, from setting up the project to securing routes. These foundational steps should help you get started on your journey of exploring the possibilities with an authentication service platform.</p> <p>A fully functional example of this project is included at the end of this article.</p> <div class="ltag-github-readme-tag"> <div class="readme-overview"> <h2> <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fassets.dev.to%2Fassets%2Fgithub-logo-5a155e1f9a670af7944dd5e12375bc76ed542ea80224905ecaf878b9157cdefc.svg" alt="GitHub logo"> <a href="https://github.com/thedammyking" rel="noopener noreferrer"> thedammyking </a> / <a href="https://github.com/thedammyking/clerk-nest-auth" rel="noopener noreferrer"> clerk-nest-auth </a> </h2> <h3> Using Clerk authentication and user management in NestJS backend application </h3> </div> <div class="ltag-github-body"> <div id="readme" class="md"> <div class="markdown-heading"> <h1 class="heading-element">Clerk-NestJS Authentication</h1> </div> <p>Using Clerk authentication and user management in NestJS backend application</p> <div class="markdown-heading"> <h2 class="heading-element">What's inside?</h2> </div> <p>This monorepo includes the following packages and apps:</p> <div class="markdown-heading"> <h3 class="heading-element">Apps and Packages</h3> </div> <ul> <li> <code>api</code>: a <a href="https://nestjs.com/" rel="nofollow noopener noreferrer">NestJS</a> app</li> </ul> <p>Each package and app is 100% <a href="https://www.typescriptlang.org/" rel="nofollow noopener noreferrer">TypeScript</a>.</p> <div class="markdown-heading"> <h3 class="heading-element">Utilities</h3> </div> <p>This monorepo has some additional tools already setup for you:</p> <ul> <li> <a href="https://www.typescriptlang.org/" rel="nofollow noopener noreferrer">TypeScript</a> for static type checking</li> <li> <a href="https://eslint.org/" rel="nofollow noopener noreferrer">ESLint</a> for code linting</li> <li> <a href="https://prettier.io" rel="nofollow noopener noreferrer">Prettier</a> for code formatting</li> </ul> </div> <br> <br> </div> <br> <div class="gh-btn-container"><a class="gh-btn" href="https://github.com/thedammyking/clerk-nest-auth" rel="noopener noreferrer">View on GitHub</a></div> <br> </div> <br> javascript nestjs authentication node