Nest Authbeta

Core Concepts

The mental models you need to use Nest Auth effectively.

These pages explain the building blocks. Read them before diving into a specific auth method or reference.

  • Sessions & Tokens — JWT access + refresh, header vs cookie mode, auto-refresh, sliding expiration, password-hash-prefix invalidation.
  • Session Storage — DB / Redis / Memory backends and when to pick each.
  • User Modelimportant. Why NestAuthUser only stores auth fields, and how to link your AppUser to it.
  • Multi-Tenancydisabled / shared / isolated modes.
  • User Access & Platform Access — per-tenant memberships vs cross-tenant super-admin roles.
  • RBAC — roles, permissions, multiple guards (web/api/mobile).
  • MFA — TOTP, Email OTP, SMS OTP, recovery codes, trusted devices.
  • Request Context — AsyncLocalStorage-based per-request user/tenant/session.
  • Events & Hooksthe primary extension surface. Read this if you want to react to signup, login, password reset, etc.
  • Audit Logging — how to capture every auth event for compliance.

Previous

Quickstart — Vanilla JS

Next

Core Concepts