This is a super simple, very basic example of how JWTs can be used with Nest and Fastify without the use of Passport.
I use curl
for testing and sending API requests, but Postman or Insomnia would be fine too.
curl http://localhost:3000/protected
{"statusCode":403,"message":"Forbidden resource","error":"Forbidden"}
curl http://localhost:3000/auth/login -d '[email protected]&password=s1mple'
eyJhbGciOiJIUzI1NiJ9.dGVzdEB0ZXN0LmNvbQ.TL-ROX3v5bJsRhxAgtZ7lg7af3r9pRkX22Sgqn97AHI
curl http://localhost:3000/protected -H 'authorization:Bearer eyJhbGciOiJIUzI1NiJ9.dGVzdEB0ZXN0LmNvbQ.TL-ROX3v5bJsRhxAgtZ7lg7af3r9pRkX22Sgqn97AHI'
All Good
This example does not take into account adding a list of rejected tokens to check against (for things like signing out). It also does not use a secure secret or a database. This is just to show how JWTs can be used. Use this as a base, and expand on it from there.