14th of 25 Questions.

How does the OAuth2 authorization code flow work and how do you implement it with Passport in NestJS?

The authorization code flow redirects the user to the provider's consent screen, receives an authorization code at the callback URL, and exchanges it for tokens. In NestJS, the GET /auth/google route triggers the redirect via AuthGuard('google'). The callback route handles the code exchange and calls validate() with the user profile.

Google OAuth2 strategy and controller

OAuth2 authorization code flow steps:

1. GET /auth/google — AuthGuard redirects the browser to Google's authorization endpoint.
1. User consents on Google's screen.
1. Google redirects to callbackURL with an authorization code.
1. AuthGuard('google') on the callback route exchanges the code for tokens automatically.
1. validate() is called with the access token and user profile — find or create the user in your database.
1. Redirect the browser to the frontend with a JWT so subsequent API calls use JWT instead of sessions.

Question Loading...

14th of 25 Questions.

How does the OAuth2 authorization code flow work and how do you implement it with Passport in NestJS?

Google OAuth2 strategy and controller

OAuth2 authorization code flow steps:

1. GET /auth/google — AuthGuard redirects the browser to Google's authorization endpoint.
1. User consents on Google's screen.
1. Google redirects to callbackURL with an authorization code.
1. AuthGuard('google') on the callback route exchanges the code for tokens automatically.
1. validate() is called with the access token and user profile — find or create the user in your database.
1. Redirect the browser to the frontend with a JWT so subsequent API calls use JWT instead of sessions.