Concern

Authentication middleware and strategies (pluggable auth).

Technology

Passport (@nestjs/passport)

Documentation

• Website: http://www.passportjs.org/
• Repository: https://github.com/jaredhanson/passport
• Getting started (NestJS auth): https://docs.nestjs.com/security/authentication

Integration

framework / NestJS

Use @nestjs/passport and guards in controller-layer. Strategies (e.g. local, JWT) provide sessions/tokens for API auth. Pair with jwt for token-based strategies and password-hashing for local (username/password) strategies.

Google SSO and Microsoft SSO

• Google: passport-google-oauth2 (passportjs.org/packages/passport-google-oauth2). Routes: GET /auth/sign-in/sso/google and GET /auth/sign-in/sso/google/callback. Env: GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET.
• Microsoft: passport-microsoft (passportjs.org/packages/passport-microsoft). Routes: GET /auth/sign-in/sso/microsoft and GET /auth/sign-in/sso/microsoft/callback. Env: MICROSOFT_CLIENT_ID, MICROSOFT_CLIENT_SECRET.

Same find-or-create + JWT + redirect flow for both; when a provider's env vars are empty, a guard returns 501 and the strategy uses placeholder credentials so the app starts. See capability auth for the full flow.