NestJS: cookie based JWT authentication

$ npm install --save cookie-parser
$ npm install --save-dev @types/cookie-parser

기존에 Authorization Header에서 가져 오던 JWT 토큰을 cookie에서 가져 오는 것으로 JwtStrategy 변경

src/auth/jwt.strategy.ts

...
      jwtFromRequest: ExtractJwt.fromExtractors([
        (request) => {
          return request?.cookies?.token;
        },
      ]),
...

OAuth callback에서 JWT 토큰 cookie 설정

src/auth/auth.controller.ts

...
  async callback(@User() user: UserDto, @Res() res: Response) {
    const { access_token } = await this.authService.login(user);
    res.cookie('token', access_token, { httpOnly: true });
    res.redirect('/user/protected');
  }
...

cookie Parser 실행

src/main.ts

...
  app.use(cookieParser());
...

참고)

• https://charming-kyu.tistory.com/39
• https://sound-story.tistory.com/19
• https://codegear.tistory.com/78
• https://medium.com/a-layman/jwt-authentication-in-nestjs-refresh-jwt-with-cookie-based-token-2f6b860f7d67
• https://tigran.tech/nestjs-cookie-based-jwt-authentication/
• https://www.learmoreseekmore.com/2021/05/nestjs-jwt-auth-cookie-series-part3-refresh-token.html
• https://github.com/Naveen512/nestjs-jwt-cookie-auth
• https://github.com/Naveen512/nestjs-jwt-cookie-auth
• https://velog.io/@nookcoder2/JWT%EB%A5%BC-%EC%84%A0%ED%83%9D%ED%95%9C-%EC%9D%B4%EC%9C%A0-NestJS-%EB%A1%9C-JWT-%EA%B5%AC%ED%98%84%ED%95%98%EA%B8%B0