Apps generated by Amplication contain authentication mechanisms based on the NestJS/Passport library.
Amplication apps include two built-in authentication methods:
- JWT (JSON Web Token)
Alternatively, you can use a custom authentication provider.
To select the preferred Authentication Method:
- Navigate to the Dashboard and click on Auth Settings.
- From the drop-down list, select JWT (default) or HTTP
We recommend using JWT as a more secure alternative to HTTP authentication.
When generating an app with JWT authentication, the process includes the following two steps:
- Send a login request to the server with username and password to get back from the server the JWT token.
- Add an authentication header with the JWT token to every consecutive request.
Following are examples of how to log in with REST API and GraphQL API.
curl -X 'POST' \
-H 'accept: */*' \
-H 'Content-Type: application/json' \
Header with JWT Included (example)
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjoieW91IGFyZSBzb29vb28gY29vbCB0aGF0IHlvdSBjaGVjayB0aGF0ISIsIm5hbWUiOiJPZmVrIGdhYmF5IDspIiwiaWF0IjoxNTE2MjM5MDIyfQ.vaYJaP9SUlOU0u4NfFCRm5tmBVDKeCwvN6ByCkqJt8U
Basic HTTP Authentication
When using Basic HTTP, when sending a request to the API you must provide a Basic HTTP authentication header with the format:
Authorization: 'type' 'credentials'
where type is Basic and credentials is the Base64 encoding of a string "username:password".
Authorization: Basic YWRtaW46YWRtaW4=
By default, your app comes with one user with the username "admin" and password "admin".
You can use a tool to create the header. There are several generators available, such as https://www.blitter.se/utils/basic-authentication-header-generator/
Read here to find out more: HTTP authentication.
Custom Authentication with Passport
You can further develop the code generated by Amplication to rollout your own authentication system.
Amplication uses the
@nestjs/passport module as middleware to support authentication.
Passport is a popular
node.js authentication library, widely used by the community.
Passport supports many authentication strategies available as
npm modules, which you can implement in your generated project. You can easily integrate the library with a
Nest application using the
Passport has a rich ecosystem of strategies that implement various authentication mechanisms.