Nest Authbeta
Authentication Methods

Email + Password

Classic email and password sign-up and sign-in.

The default. Users sign up with an email and a password, then log in with the same.

Server config

import { NestAuthModule } from '@ackplus/nest-auth';
 
NestAuthModule.forRoot({
  appName: 'My App',
  emailAuth: { enabled: true },          // on by default
  registration: { enabled: true },
});

To disable email signup but keep email login: leave emailAuth.enabled: true and set registration.enabled: false (or registration.requireInvitation: true).

Endpoints

MethodPathPurpose
POST/auth/signupCreate a user with { email, password, … }
POST/auth/loginLogin with { providerName: 'email', credentials: { email, password } }

Client call

import { AuthClient } from '@ackplus/nest-auth-client';
 
const client = new AuthClient({ baseUrl: '/api' });
 
await client.signup({
  email: 'alice@example.com',
  password: 'correct horse battery staple',
  // any extra fields land on the UserRegisteredEvent payload
  firstName: 'Alice',
  referralCode: 'ABC123',
});
 
await client.login({
  credentials: { email: 'alice@example.com', password: 'correct horse battery staple' },
});

React hook

import { useNestAuth } from '@ackplus/nest-auth-react';
 
function SignInForm() {
  const { login, error, isLoading } = useNestAuth();
 
  return (
    <form onSubmit={async (e) => {
      e.preventDefault();
      await login({ credentials: { email, password } });
    }}>

    </form>
  );
}

Password policy

The library hashes with argon2id. Change the cost via password.argon2. Replace the algorithm entirely via password.hash / password.verify hooks (see Hooks Reference).

The library does not enforce a minimum password complexity. Add a registrationHooks.beforeSignup to reject weak passwords if you want that policy.

Forgot password

Three endpoints chain together:

  1. POST /auth/forgot-password { email } → emits PasswordResetRequestedEvent (your listener sends the OTP/link).
  2. POST /auth/verify-forgot-password-otp { email, code } → returns a resetToken.
  3. POST /auth/reset-password { token, newPassword } → emits PasswordResetEvent.

See Sending Emails for the listener wiring.

Previous

Authentication Methods

Next

Phone + Password

On this page