Skip the long setup and get secure, multi-device authentication with refresh token rotation in just a few minutes.
Why This Boilerplate Exists
Most NestJS developers eventually hit the same bottleneck:
"How do I build secure authentication without spending days wiring everything together?"
I ran into this repeatedly. Setting up JWT flows, refresh token rotation, HttpOnly cookies, RBAC, device sessions, rate limiting, logging, structured API responses, and proper error handling shouldn’t take a week — but it often does.
This boilerplate packages all of this into a clean, production-ready setup you can start using immediately.
Features Included
- JWT access + refresh tokens
- Refresh rotation
- HttpOnly cookies
- Declarative RBAC
- Multi-device sessions
- Rate limiting
- Global API response interceptor
- Centralized exception filters
- Prisma + PostgreSQL
- Pino structured logging with PII redaction
- Prebuilt Postman API collection
Full write-up on Medium:
Stop Rebuilding Auth: A Production-Ready JWT + RBAC Template for NestJS
Repo: nestjs-jwt-rbac-boilerplate
Quick Start
bash
# Clone the repo
git clone https://github.com/masabinhok/nestjs-jwt-rbac-boilerplate.git app-name
cd app-name
# Install dependencies
npm install
# Copy environment variables
cp .env.example .env
# Run database migrations
npm run prisma:migrate
# Start development server
npm run start:dev
Top comments (0)