Auth Service
This page documents the core API surface of the module (primarily AuthService).
AuthService is the main abstraction exported by nestjs-auth-module.
It provides a consistent API for generating and validating tokens, regardless of which provider is selected (e.g. JWT).
Methods
| Method | Description |
|---|---|
generateAsync(payload, options?) | Generates a token from a payload and optional provider-specific options. |
verifyAsync(token) | Returns true if the token is valid, otherwise false. |
decodeAsync(token) | Decodes the token and returns the payload. Throws if invalid/expired. |
Using AuthService in your application
Once you register AuthModule (see Installation), you can inject AuthService into your own services/controllers.
generateAsync(payload, options?)
options is provider-specific and is passed directly to the selected provider implementation.
All providers return a common response shape from generateAsync.
| Field | Type | Description |
|---|---|---|
token | string | The generated access token. |
expiresIn | string | number | Expiration information returned by the provider. The current JWT provider returns an ISO date string. |
Use this to issue a new token.
auth.controller.ts
import { Body, Controller, Post } from '@nestjs/common';
import { AuthService } from 'nestjs-auth-module';
@Controller('auth')
export class AuthController {
constructor(private readonly authService: AuthService) {}
@Post('token')
async createToken(@Body() body: { userId: string }) {
// payload shape is provider-agnostic; keep it JSON-serializable
return this.authService.generateAsync({ userId: body.userId });
}
}
verifyAsync(token)
Use this when you only need a boolean answer (no payload).
auth.controller.ts
import { Controller, Get, Headers, UnauthorizedException } from '@nestjs/common';
import { AuthService } from 'nestjs-auth-module';
@Controller('auth')
export class AuthController {
constructor(private readonly authService: AuthService) {}
@Get('verify')
async verify(@Headers('authorization') authorization?: string) {
const token = authorization?.split(' ')[1];
if (!token) throw new UnauthorizedException('No token');
const ok = await this.authService.verifyAsync(token);
return { ok };
}
}
decodeAsync(token)
Use this when you need the decoded payload. It is expected to throw for invalid/expired tokens.
auth.controller.ts
import { Controller, Get, Headers, UnauthorizedException } from '@nestjs/common';
import { AuthService } from 'nestjs-auth-module';
@Controller('auth')
export class AuthController {
constructor(private readonly authService: AuthService) {}
@Get('decode')
async decode(@Headers('authorization') authorization?: string) {
const token = authorization?.split(' ')[1];
if (!token) throw new UnauthorizedException('No token');
const payload = await this.authService.decodeAsync(token);
return { payload };
}
}
Notes
- Prefer
verifyAsyncwhen you only need a boolean result. - Use
decodeAsyncwhen you want the payload; handle the thrown error as an unauthorized flow. - Provider-specific options (like
expiresIn/algorithmfor JWT) are documented under Providers.