Added
Session Management for NestJS SDK
8 days ago by Jim Verducci
๐ฃ Wristband NestJS Auth SDK 1.0.0 Release ๐
Release v1.0.0
Initial major release of Wristband NestJS authentication SDK with dynamic modules, authentication guards (SESSION and JWT strategies), encrypted session management, and complete OAuth 2.1/OIDC flow support. Wraps @wristband/express-auth with NestJS patterns.
Features
๐๏ธ NestJS Module System
Dynamic Modules:
WristbandExpressAuthModule- Authentication service with DIWristbandExpressSessionModule- Session management with middleware- Multi-instance support via custom DI tokens
forRootAsync()pattern withConfigServiceintegration
๐ Authentication Guards
Guard factory createWristbandAuthGuard() supports multiple authentication strategies:
Supported Strategies:
SESSION- Cookie-based session authentication with automatic token refreshJWT- Bearer token authentication with JWKS validation
Features:
- Apply with
@UseGuards()decorator at route or controller level - Automatic access token refresh for expired tokens (SESSION strategy)
- Optional CSRF token validation (SESSION strategy)
- Rolling session windows (SESSION strategy)
- Configurable JWKS caching (JWT strategy)
๐ช Session Management
Encrypted cookie-based sessions powered by @wristband/typescript-session.
Features:
- AES-256-GCM encryption
- TypeScript declaration merging for custom session fields
- CSRF protection with dual-cookie approach
- Session API:
fromCallback(),save(),destroy(),getSessionResponse(),getTokenResponse()
๐ OAuth 2.1 / OIDC Workflows
- Login flow with tenant resolution (subdomains and custom domains)
- OAuth callback handling with redirect edge cases
- Logout flow with token revocation
- Session and token endpoints for frontend SDKs
๐ ๏ธ SDK Features
- Full TypeScript support
- CommonJS and ES Module support
- SDK auto-configuration endpoint
- Comprehensive NestJS-specific documentation
For full documentation, see the README.