{"id":48282731,"url":"https://github.com/syniol/node-nestjs-identity-provider","last_synced_at":"2026-04-12T13:36:44.977Z","repository":{"id":297684460,"uuid":"997584437","full_name":"syniol/node-nestjs-identity-provider","owner":"syniol","description":"NestJS OAuth 2.1 implementation RFC-compliant for Node.js Ecosystem. Production-ready with Docker and Docker Compose.","archived":false,"fork":false,"pushed_at":"2026-02-15T14:28:08.000Z","size":43633,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-02-15T20:19:50.397Z","etag":null,"topics":["docker","docker-compose","knex","knexjs","nestjs","nodejs","oauth2","postgresql","redis-client","restful-api","typescript"],"latest_commit_sha":null,"homepage":"https://syniol.com","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"zlib","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/syniol.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-06-06T19:27:07.000Z","updated_at":"2026-02-15T14:28:07.000Z","dependencies_parsed_at":"2025-07-10T07:02:10.813Z","dependency_job_id":null,"html_url":"https://github.com/syniol/node-nestjs-identity-provider","commit_stats":null,"previous_names":["syniol/nestjs-skeleton","syniol/nestjs-oauth2","syniol/nestjs-identity-provider","syniol/node-nestjs-identity-provider"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/syniol/node-nestjs-identity-provider","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/syniol%2Fnode-nestjs-identity-provider","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/syniol%2Fnode-nestjs-identity-provider/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/syniol%2Fnode-nestjs-identity-provider/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/syniol%2Fnode-nestjs-identity-provider/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/syniol","download_url":"https://codeload.github.com/syniol/node-nestjs-identity-provider/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/syniol%2Fnode-nestjs-identity-provider/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31418270,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-04T20:09:54.854Z","status":"ssl_error","status_checked_at":"2026-04-04T20:09:44.350Z","response_time":60,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","docker-compose","knex","knexjs","nestjs","nodejs","oauth2","postgresql","redis-client","restful-api","typescript"],"created_at":"2026-04-04T22:51:05.667Z","updated_at":"2026-04-04T22:51:06.178Z","avatar_url":"https://github.com/syniol.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# NestJS OAuth 2.1\n![workflow](https://github.com/syniol/nestjs-oauth2/actions/workflows/makefile.yml/badge.svg)\n\nThis project intended as a production ready application for OAuth 2.1 implementation using NestJS.\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://syniol.com/\" target=\"blank\"\u003e\u003cimg src=\"https://github.com/syniol/nestjs-oauth2/blob/main/docs/logo.png?raw=true\" width=\"60%\" alt=\"NestJS OAuth 2.1 Mascot\" /\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\n## Component Architecture\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://syniol.com/\" target=\"blank\"\u003e\u003cimg src=\"https://github.com/syniol/nestjs-oauth2/blob/main/docs/component-architecture.jpg?raw=true\" width=\"70%\" alt=\"NestJS OAuth 2.1 Mascot\" /\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n## Solution Architecture\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://syniol.com/\" target=\"blank\"\u003e\u003cimg src=\"https://github.com/syniol/nestjs-oauth2/blob/main/docs/solution-architecture.jpg?raw=true\" width=\"70%\" alt=\"NestJS OAuth 2.1 Mascot\" /\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\n## Software Architecture\nIt uses a Modular, Hexagon, Component-based Architecture, and it utilises Rich-Domain Design. \nIn cases where bounded context extended to two or more components, component are imported as \nrequired. One of major component is `infrastructure`, by importing this component, you will \nimport all APIs and connections for __Postgres__ and __Redis__. However, you could also just \nimport `CacheModule` or `DatabaseModule` individually.\n\n\n### Structure\nDiagram below shows root structure of the project.\n\n```mermaid\ngraph LR\n    A[node-nestjs-identity-provider];\n    A --\u003e A1[app];\n    A ---\u003e A2[docker];\n    A --\u003e A3[Makefile]; \n    A1 --\u003e B[bin];\n    A1 --\u003e S[src]\n    A1 --\u003e T[test - Int \u0026 E2E Tests]\n\n    B --\u003e B1([key.js]);\n\n    A2 ---\u003e C1[dev];\n    A2 ---\u003e C2[prod];\n\n    C1 --\u003e D1([docker-compose.yml])\n    C2 --\u003e D2([docker-compose.yml])\n\n    C1 --\u003e DD1[node]\n    C1 --\u003e DD2[postgres]\n    C1 --\u003e DD3[redis]\n\n%%    DD1 --\u003e DDD1[Dockerfile]\n%%    DD2 --\u003e DDD2[Dockerfile]\n%%    DD3 --\u003e DDD3[Dockerfile]\n    \n    C2 --\u003e DP1[node]\n    C2 --\u003e DP2[postgres]\n    C2 --\u003e DP3[nginx]\n    C2 --\u003e DP4[redis]\n    C2 --\u003e DP5[knex]\n\n%%    DP1 --\u003e DPD1[Dockerfile]\n%%    DP2 --\u003e DPD2[Dockerfile]\n%%    DP3 --\u003e DPD3[Dockerfile]\n%%    DP4 --\u003e DPD4[Dockerfile]\n%%    DP5 --\u003e DPD5[Dockerfile]\n\n    S --\u003e S1([main.ts - NestJS Bootstrap])\n```\nIn this diagram you can see the structure of NestJS application and the modules\n```mermaid\ngraph LR\n    NestJS[src];\n    NestJS --\u003e auth\n    NestJS --\u003e user\n    NestJS --\u003e crypto\n    NestJS --\u003e infrastructure\n    NestJS --\u003e health\n\n    auth --\u003e adto[dto]\n    crypto --\u003e cdto[dto]\n    health --\u003e hdto[dto]\n\n    infrastructure --\u003e cache\n    infrastructure --\u003e db\n```\n\n\n## Production Deployment\nYou need to have a docker installation on the host machine (VPS, Dedicated Server, \nCloud Private Computing). For an Ubuntu distros you can run `docker.sh` at the \nroot of `docker` folder. Please see an example below running the command.\n\n```bash\n./docker/docker.sh\n```\n\nwhen installation is complete, simply clone this repository on the remote host.\n\n### SSL and NGINX Configuration\nThere an SSL configuration inside the NGINX `conf` file but is commented out. This file \nis copied during built inside the NGINX Docker image, and it could be found \nat: `/docker/prod/nginx/nginx.conf`.\n\n```editorconfig\n#         listen 443 ssl;\n#         server_name *.syniol.com;\n#         ssl_certificate       /usr/.ssl/fullchain.pem;\n#         ssl_certificate_key   /usr/.ssl/privkey.pem;\n```\n\n### SSL with Certbot\nYou could set up your certificates with a Free and recognised SSL \nauthority Certbot.\n\n__Verification running on a remote host:__\n```bash\n# Verification Server for Certbot\ndocker run --rm --name cert-http-server \\\n-v \"$(pwd)\":/usr/share/nginx/html:ro \\\n-p 80:80 \\\n-d nginx:latest\n```\n\n__Producing Certificates for NGINX__\n```bash\n# TLS Cert for NGINX\ndocker run -it --rm --name certbot \\\n-v \"/etc/letsencrypt:/etc/letsencrypt\" \\\n-v \"/var/lib/letsencrypt:/var/lib/letsencrypt\" \\\ncertbot/certbot certonly -a manual -i nginx -d api.yourdomain.com\n```\n\nWhen process is complete, you will need to copy generated certificate two files \ninside the NGINX docker image located at: `docker/prod/nginx/`\n * __fullchain.pem__\n * __privkey.pem__\n\n\u003e You could also ignore SSL configuration step and always serve on port 80 (http)\n\n\n### Secret Manager\nYou should populate create and populate `docker/prod/.env` from given template `docker/prod/.env.dist`. \nYou could use any secret manager you have in your toolbox. This repository doesn't enforce or opinionated \nfor your operation toolkit.\n\n#### Encryption Key\nThere is a CLI node.js application located at: `app/bin/key.js` that creates a secret key\ncould be utilised to decrypt and encryption of passwords. Environment variable\n`CRYPTO_SECRET_KEY` is populated via host or `.env` file at the root of docker files. This \nwill differ for each environment. You could generate a new shared key and modify the exiting \nkey located at: `docker/prod/.env`.\n\n#### Database Credential \u003csup\u003eZero Trust Security\u003c/sup\u003e\nPostgres database is not exposed outside of private network for zero trust security. However, \nin order to access the database within the secure network and container you need to define a \npassword inside `docker/prod/.env` via your chosen secret manager `POSTGRES_PASSWORD`.\n\n\n### Up and Running with Docker\nIt's simple, just run `make \u0026\u0026 make up`. This will build docker images necessary\nto run the app and spins up the containers. Please look at `Makefile` to see all \navailable commands.\n\n\n## Health Check\nHealth check endpoint should always return http status code `200` _OK_. This is\nused inside docker-compose for determination of status of container.\n\n```bash\ncurl -X GET http://127.0.0.1/healthz\n```\n\n\n## Authentication\nFollowing __RFC-6749__ standard for OAuth 2.1 for `grant_type=password`, created an endpoint\nto request a token to access auth guarded endpoints utilising `AuthGuard`.\n\n__Request Example:__\n```bash\ncurl -d \"username=guest\u0026password=Guest123456\u0026grant_type=password\" \\\n -H \"Content-Type: application/x-www-form-urlencoded\" \\\n  -X POST http://127.0.0.1/auth/token\n```\n\n__Response Example:__\n```json\n{\n  \"access_token\": \"wLLGQxn5CpUd4Kx0tnM5qrxTgoZyLd8LnqvE8ZkaVHPVeFQF/iuMYuvQu1QGPk9qRj91vqc1JzDZHOlCFV8NhQ==\",\n  \"expires_in\": 3600,\n  \"refresh_token\": \"E/hi7cQ4La/TZwwk33VXHbCqaSc3cZx0FGxsamgdCOli4+uAXAsezWMo+NrPTCcwujlwqqszik7r/qmXJzPJoA==\",\n  \"scope\": \"portal.readonly\",\n  \"token_type\": \"Bearer\"\n}\n```\n\n\n## Database \u0026 ORM\nDue to capability of Postgres database for serving both document based and relational. I\npicked Postgres and `Knex.js` as database and SQL query builder, database migration, and\ndata seeder.\n\n__Knex.js Useful Commands:__\n```bash\nnpm install nestjs-knex knex pq --save\n\nnpx knex init -x ts\n\nnpx knex migrate:make \u003cmigration_name\u003e -x ts\nnpx knex migrate:latest\n\nnpx knex seed:make \u003cseed_name\u003e -x ts\nnpx knex seed:run\n```\n\n## Data Transfer Objects (DTO) Validation\nIn order to validate the incoming requests we use Zod and its extension for NestJS. Please [read more here](https://www.npmjs.com/package/nestjs-zod).\n\n```bash\nnpm i nestjs-zod zod\n```\n\n\n### Credits\n\u003csmall\u003eAuthor: [Hadi Tajallaei](mailto:hadi@syniol.com)\u003c/small\u003e\n\u003cp\u003e\u003csmall\u003eCopyright \u0026copy; 2026 Syniol Limited. All rights reserved.\u003c/small\u003e\u003c/p\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsyniol%2Fnode-nestjs-identity-provider","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsyniol%2Fnode-nestjs-identity-provider","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsyniol%2Fnode-nestjs-identity-provider/lists"}