5. Use identity verification software.
\nIf you're looking for ways to improve your customer verification process, identity verification software could be a smart addition to your business. Using such software can help you reduce the risk of fraud and identity theft, ensure compliance with KYC regulations and other requirements, and verify the identities of customers in real-time.
\nWhile choosing your identity verification software, focus on addressing your business needs. Besides, it should be able to verify customers worldwide, offer real-time verification, provide geolocation services and customization.
\nAlso, see that your solution is compliant with the global regulations and is secure. You should start looking up security tips from experts to strengthen your security.
\nThat’s a Wrap!
\nIn summary, there are many ways eCommerce retailers can improve the customer verification process. One way is to tailor the process to your business to get the greatest return on investment for your specific needs.
\nWhether you choose to develop your own system or purchase a verification solution from a third-party vendor, ensuring this process is seamless for customers, and free of errors will go a long way towards ensuring that both merchants and buyers have a trusted and satisfying shopping experience every time.
\n\n","frontmatter":{"date":"April 04, 2022","updated_date":null,"description":"In the wake of recent data breaches, many companies are realizing that they need to improve their customer verification process. Learn how to improve the process and make it easy and secure for your customers.","title":"5 Ways to Improve Your Customer Verification Process","tags":["identity verification","customer identity management","cx"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5625,"src":"/static/c33ab82e898a176f32167ddcfbbe1158/33aa5/customer-verifcn.jpg","srcSet":"/static/c33ab82e898a176f32167ddcfbbe1158/f836f/customer-verifcn.jpg 200w,\n/static/c33ab82e898a176f32167ddcfbbe1158/2244e/customer-verifcn.jpg 400w,\n/static/c33ab82e898a176f32167ddcfbbe1158/33aa5/customer-verifcn.jpg 768w","sizes":"(max-width: 768px) 100vw, 768px"}}},"author":{"id":"Gaurav Belani","github":null,"avatar":null}}}},{"node":{"excerpt":"Introduction The current COVID-19 times have given rise to extensive phishing scams all around the world. According to the IBM study, the…","fields":{"slug":"/identity/5-myths-about-phishing-attack/"},"html":"Introduction
\nThe current COVID-19 times have given rise to extensive phishing scams all around the world. According to the IBM study, the costs for data breaches were found to be $4.24 million per incident. Also, credential phishing was the most common method used by attackers.
\nCredential phishing scammers are now targeting corporate businesses to carry out their attacks. Many businesses around the world lose millions to direct and indirect costs of credential phishing attacks every year.
\nIn this blog, we will understand more about credential phishing and debunk five myths about credential phishing.
\nWhat Is Credential Phishing?
\nIn today's digital workplace, businesses are leveraging technology and innovation to improve their business processes, work operations, and culture.
\nBusiness operations are simplified by innovative software to deliver the best to customers as well as employees.
\nFor example, using employee engagement software and digital signatures to deliver an excellent employee experience, using email marketing software to deliver the right messages to customers, or using a digital adoption platform to help your customers with product walk-throughs.
\nRegistering for the software by creating an account is the first step towards building a successful workplace. Having a secure login system thus becomes the need of the hour.
\nAttackers usually send targeted emails, often impersonating a trusted individual to engage with the victim while having a sense of urgency. They convince the victim to provide credentials or extract their login details via digital manipulation.
\nCredential phishing attacks are usually targeted attacks that are backed by extensive research about the target. It always contains a link to a fake login page hosted on a spoof domain or disguised URLs. Once the victims click on the link, they are directed to the phishing website for stealing the credentials.
\nThe victims' credentials are then used to carry out secondary attacks like fraudulent funds transfer, stealing company data, identity fraud, and other fraudulent activities.
\n\nTop 5 Myths About Credential Phishing You Should Know
\nMost of us think that we can easily spot a phishing email and would not fall prey to fraudulent activities. However, it is not true. Let us have a look at the five myths about credential phishing.
\n1. Tech-savvy individuals do not fall prey to credential phishing.
\nOne of the biggest misconceptions of phishing attacks is tech-savvy individuals do not fall prey to credential phishing. All phishing emails are very similar to the normal emails you would receive from your colleagues. That is why it is difficult for anyone to ascertain at the first glance if the email received is genuine or not.
\nAttackers are fine-tuning their messages based on the data available on social media and other platforms, thereby increasing the chances of the victims clicking on their links.
\nThe best approach would be to make the employees aware of the phishing emails and use security awareness solutions to perform analysis of emails on a timely basis.
\n2. Customers are easy targets for phishing.
\nPhishing is generally regarded as a consumer-based threat. However, reports suggest that attackers are also targeting organizations to gain access to financial systems and commit fraud.
\nFor example, attackers commit insurance fraud by stealing employee information from the database of the organization.
\nCorporate email accounts are an excellent target for credential phishing because attackers can use just one account as a foothold to carry out more phishing operations.
\nFor example, eBay was once attacked by phishers who managed to display a malicious web page within eBay's website. This invasion was not noticed by any of the users as it came out to look legitimate. The attackers have complete access to users' accounts, credit card information, and other details.
\nAnother instance of phishing is Epsilon. Epsilon, one of the largest corporate email providers, was a victim of phishing in the year 2011. The attackers had obtained the customer data via this attack.
\nPhishing is not just restricted to sending messages via email. Communicating via SMS and social media are also targeted to gather personal information.
\n3. Phishing emails can be easily identified.
\nAttackers go the extra mile to design and compile a message that looks genuine by
\ncopying the same messaging format, logo, and signature. They project urgency in their messages to push the victims into taking immediate action.
\nFor example, this is a new email intercepted by MailGuard that seems like an auto-generated notification about password expiry.
\nMost of the time, a phishing attack aims to get the victim to click on a link. Attackers mask malicious links to make them look like genuine ones. Users can refrain from clicking on the links in the emails thus minimizing the risks of giving out information. Hovering over the hyperlink will help you see the URL and know whether it is a legitimate website or not. For example, some links could be misspelled domain names or subdomains. Furthermore, you can train your employees to identify such links and report the same to the respective team accordingly. This will help in the early detection of spammy emails. Antivirus software does help in detecting phishing messages but they can not completely stop them from coming altogether. You can set up filters in your email inbox to filter out spam messages. Investing in an anti-phishing tool can help in detecting phishing attempts and blocking them before they land in your email inbox. Regardless of how secure your email systems are or how well you train your employees, credential phishing can happen in any organization. Understanding the impact of phishing on your organization and adopting the required technology is necessary to combat these attacks. It can help you defend your organization against phishing, malware, and other malware threats. We are sure the information shared in this post will help keep your organization safe from such attacks. Protecting customer data is paramount to every business organization. Even though businesses deploy the most stringent security measures to safeguard data, malicious actors somehow find security shortcomings to access network systems and cause data breaches, compromising the confidentiality, integrity, and availability of information. Cybersecurity firms like Okta, which provides identity management solutions and deals in authentication space, make the backbone of an organization's cybersecurity posture. Okta serves 15000+ customers worldwide. The Okta data breach by Lapsus$ is a recent example of what can happen if business organizations depend on third-party solution providers who show laxity in implementing robust cybersecurity strategies, frameworks, and controls. It is also a cautionary tale for cybersecurity MSPs (Managed Services Providers) and ITSPs (IT Solution Providers) to ensure that they have the best of security controls in place to prevent incidents like this. Okta is an identity platform and offers identity and access management solutions such as Single sign-on (SSO), Multi-Factor Authentication (MFA), etc., for an organization's customers and employees. Okta’s CSO (Chief Security Officer) David Bradbury recently published an official statement about a support engineer whose computer was accessed by malicious actors for five days in mid-January (between January 16 to 21, 2022) and said they detected the unsuccessful attempt early on. Okta has now confirmed that malicious actors had access to one of its employees' laptops for five days in January 2022 but maintained there has been no data breach and remains fully operational. However, they concede that around 2.5% of its customers (about 366) might have been affected. Here is how the attack happened. News reports show that a group of unscrupulous actors identifying themselves as Lapsus$ in their Telegram channel was behind this Okta breach. They were aided by a customer support engineer working for a third-party service provider whose laptop was accessed by these hackers to gain vital information. Lapsus$ is also known as a notorious threat actor group — DEV-0537. This group has a history of taking over individual user accounts to drain their crypto holdings at cryptocurrency exchanges. The forensics report cited by Okta's CSO did not state how the hackers managed to gain access to the support engineer’s laptop, but the fingers point towards negligence by the engineer. However, the hackers claim to have had access to Okta's systems for more than a month before the January 2022 incident. If these claims are valid, it indicates a significant security breach at Okta's network center. The Okta breach exposed the security frailties of the Okta network system and put 15,000 Okta customers’ data at risk. However, Okta stated it had contacted the affected 2.5% of customers, appraising them of the matter. Okta further noted that the customers need not take any precautionary measures as their data is safe. The CSO blog post went on to add that the damage was restricted to the access that support engineers have, such as Jira tickets and lists of users. Though customer support engineers facilitate password resetting and MFA, the hackers did not seem to have obtained this information. The CSO also confirmed that customer service engineers could not create or delete users. Notably, Okta's customers include high-profile enterprises like FedEx Corporation and Moody's Corporation. Hence, Okta's shares plunged 11% immediately after hackers claimed the breach that has put thousands of Okta customers at risk. Limiting access and permissions to the employees is the first step to take. Employees and contractors should only be provided access on a 'need-to-know' basis and must be provided on a ‘least privilege’ basis (minimum access needed to perform a task or job). For example, support engineers shouldn't be able to access internal HR, accounting, or payroll systems. At the same time, marketing personnel should not have access to network configuration or applications that they do not use. In an increasing multi-cloud and hybrid-cloud environment, it's paramount to understand the s IT ecosystem, third-party APIs (Application Programming Interfaces) and applications, and Software as a Service (SaaS) solutions deployed. Requesting SOC reports from vendors and contractors can help understand how their information systems are maintained and secured. Implementing robust processes around Identity and Access Management (IAM) and Privileged Access Management (PAM) can help strengthen the cybersecurity posture by making it almost impossible for attackers to barge into the organization’s periphery. 'People' are the most valuable asset for any organization but can also be the weakest link in the cybersecurity chain. Therefore, organizations must regularly review the processes around training and educating employees, vendor-contractors, customers, and users to follow basic cyber hygiene. Organizations must continue to monitor and audit the control environments. Leveraging automated monitoring and alerting tools can help overcome many challenges SOC teams face. Organizations should perform internal audits and review the systems and monitor the traffic and access permission more frequently. It is also advisable to engage third-party audit firms to get an external and independent view of the cybersecurity posture. In case of a security incident, it is essential to be transparent to the employees, customers, vendors, and regulators and communicate with them immediately about the incident. Organizations should also provide specific guidance on how to safeguard the information assets. The Okta breach shows that no business organization is 100% safe from malicious attacks. One simplest security issue is sufficient for malicious actors to wreak havoc. In this specific example, the hackers accessed the laptop of one of Okta's customer service engineers to gain vital insights into the company's customer data. Such incidents prove that customers can never be sure that their information is safe and leak-proof. However, it offers a valuable learning experience that business entities should not ignore the minutest of details regarding network security. It surfaces the adage that ' A chain is only as strong as its weakest link.' To create secure applications, you need a way to authenticate and authorize your users. In this tutorial, you will learn to authenticate users in your NestJS apps using LoginRadius Authentication API. Authentication and authorization are often seen as similar concepts, but they are not. Authentication is the process of verifying that a user is who they claim to be, while authorization is verifying which resources the user has access to. Authentication always comes first before authorization since you first need to identify the user before determining what level of access to give them. You can either choose to implement your own authentication strategy or leverage the benefits of a third-party identity platform. A do-it-yourself solution is prone to security errors, takes up a lot of time, and can increase the complexity of your application. With a third-party solution, you get access to multiple authentication methods, advanced security features, and you write less code. LoginRadius is a no-code identity platform offering authentication, authorization, account security, and privacy solutions. The Authentication API provided by LoginRadius allows you to authenticate a user using an email and a password. Once the user is verified, LoginRadius responds with an access token. The user will, in turn, use the access token to send requests to protected endpoints. NestJS is a Node.js framework built on Express.js with an Angular-like architectural structure. It is used to build scalable and modern server-side applications. The following sections will guide you in creating a simple NestJS application with authentication. Create a new NestJS project by running the following commands To authenticate a user using LoginRadius in NestJS, you need credentials: an API key and an API secret. Get your account credentials by creating a free LoginRadius account and head over to the dashboard. Create an app and select configuration and then get your app's credentials from the API credentials panel. Since the API key and API secret from the LoginRadius dashboard are sensitive, you will store them in the You will need the dotenv module to access the your environment variables. Run the following command to install it. Add the API key, API secret, and Secure One Time Token(SOTT) to the.env file. In this project, you will be authenticating the user using their email and password. The following are the major steps you will be following: Generate an auth module, controller, and service by running the following code. To create a user, you need to create a signup route that will accept the email and password. Since you are using TypeScript, define the DTO (Data Transfer Object) schema to validate the user data passed in the request body. In the Next, inside the A service file is used to abstract the business logic away from the controller. You will be handling the actual authentication and authorization process in this file. Generate a service for auth by running the following command. Next, populate the auth.service file by adding the signup method. Note that you are also importing the user DTO and the loginradius-sdk at the top of the file.\nTo execute the signup method in the signup route, inject it in the Before registering the user, validate if the email is already in use.\nFirst, install Next import Next, check if the email is already in use. If the email is not already in use, register the user. In the above code, you register a new user by passing in the user data to the authentication API. The To log in the user, pass in the email and password to the authentication API of LoginRadius. In Since you are expecting the same type of data from the request body, i.e., the email and password, like in the signup route, you can reuse the user DTO. Next, add the login functionality. In the above code, you are logging in the user through loginradius-sdk. If successful, send back the Inject the login method in the For protected routes, like accessing a user dashboard, the user will need to send the access token with the request. The access token will then be verified, and if valid, the application will be granted access. The user will need to store the In NestJS, guards are responsible for handling authorization. They determine whether a request will be handled by the route. In In the above code, you define the auth guard that will be used to decorate the protected routes. The token is extracted from the request authorization header and passed to the In Now, create a protected route. In Now, every route you add Use Postman or any other REST client of your choice to test the routes you have created. First, create a test user by sending a POST request to the signup endpoint. Remember to include the email and password of the user in the request body. You should receive a \"Sign up successful\" message if the request is successful. In this tutorial, you have learned how to implement NestJS authentication using the LoginRadius Authentication API. You have seen how to log in a user and use an access token to protect specific routes. You can find the source code used in this tutorial on Github. Learn more about the LoginRadius Authentication API from the documentation files. It has more identity management features than discussed in this tutorial. You can use these features to further enhance authentication as you need in your NestJS projects. The verification email is a common type of identity validation within the CIAM concept. Even though it is a fundamental practice, with this authentication step, a company starts communicating with the customer. It means that, despite the security role, it can also provide some benefits for the brand's perception and customer journey. Moreover, it is in the company's interests to avoid spam traps, greet a customer and finish the authentication process. The blog will highlight the role of such emails and offer ideas on how to make them reach the inbox and add to the customer journey. Verification email, also referred to as validation email, is a way to verify a user action, like authentication or registration on the website or app. Such an email relates to the message that the business party sends to the customer's inbox. In terms of the CIAM concept, it ensures the ground for building relationships and establishing multi-factor authentication, passwordless login, and profiling. At the same time, validation emails add to the marketing efforts, opening the door for email marketers to the customer's inbox. From there, they would invite stakeholders to different stages of the sales funnel. As a result, the verification email can impact: It is clear now that the verification emails can contribute to the overall relationships with the customer. To make them effective, or at least be pleasing to the customer, you take the subsequent actions: Sometimes the messages get under the spam filters set by Internet providers and hit the spam section instead of the inbox. To customers, it brings confusion that can result in failure to get the subscriber. What are the possible issues? They refer to the domain, message, or the specific filter the provider sets. That's why, to avoid the trap, you should consider the following: It is crucial for the brand to start the email with the tone of voice reflecting your brand principles and making a specific impression. The choice of words is vital, especially when you want your customers to listen. The safest option for verification email would be a technical, neutral, and concise message. Nonetheless, choosing this way means you pick not to contribute to your marketing efforts and show why you are different. Depending on your marketing strategy, you can insert various elements, like informal greetings, fun facts, or images. The ultimate goal of such actions is to add integrity to your brand's actions. Personalization seems to be crucial for any action related to building customer relationships. For instance, around 70% of customers only engage with personalized messages. In this regard, including at least a name in the verification email is a fundamental thing. At the same time, based on the information customers give and special software, the email marketers can devise a system that will automatically provide the emails to the customers where personalization is a key. Lastly, if you decide to create your confirmation letter that will contribute to the customer journey, you need to consider how to attract their attention. The best email verification practices contemplate using: Besides, doing a fair amount of research and testing is vital to connect with customers. For instance, if you want to get facts or advice from industry leaders, you may want to contact experts in the niche and interview them. For it, you can use an email extractor plugin that allows getting information from other people from LinkedIn. Such a scenario can be very effective for B2B brands. Verification emails can be different. However, they all reflect the general practice that refers to the subject lines. The most common are the following: Besides, the examples of validation emails often have information regarding their product and possible support. Here is an example of how Discord used fun facts in their validation emails in 2019: While these examples show the usage of call to action buttons and tone of voice to produce additional value when engaging with customers: The first case illustrates how the brand uses colors to create a space and underline non-intrusive elements. The particular template is pretty straightforward and suits its purpose. The second example has more to offer with regard to fonts, colors, and tone of voice. The portal uses words that reflect the experience “fan club” offers to the subscribers. The goal of the particular article is to convince you that verification emails should not necessarily be basic and boring. They can add to the marketing strategy and be a starting point for your engagement with the customer. Identity is evolving, and developers are at the forefront of this transformation. Every day brings a new learning—adapting to new standards and refining approaches to building secure, seamless experiences. We’re here to support developers on that journey. We know how important simplicity, efficiency, and well-structured documentation are when working with identity and access management solutions. That’s why we’ve redesigned the LoginRadius website—to be faster, more intuitive, and developer-first in every way. The goal? Having them spend less time searching and more time building. LoginRadius’ vision is to give developers a product that simplifies identity management so they can focus on building, deploying, and scaling their applications. To enhance this experience, we’ve spent the last few months redesigning our interface— making navigation more intuitive and reassuring that essential resources are easily accessible. Here’s a closer look at what’s new and why it’s important: Developers spend long hours working in dark-themed IDEs and terminals, so we’ve designed the LoginRadius experience to be developer-friendly and align with that preference. The new dark mode reduces eye strain, enhances readability, and provides a seamless transition between a coding environment and our platform. Our new design features a clean, modern aesthetic with a consistent color scheme and Barlow typography, ensuring better readability. High-quality graphics and icons are thoughtfully placed to enhance the content without adding visual clutter. So, whether you’re navigating our API docs or configuring authentication into your system, our improved interface will make those extended development hours more comfortable and efficient. We’ve restructured our website to provide a straightforward breakdown of our customer identity and access management platform capabilities, helping you quickly find what you need: This structured layout ensures you can quickly understand each capability and how it integrates into your identity ecosystem. We’ve been analyzing developer workflows to identify how you access key resources. That’s why we redesigned our navigation with one goal in mind: to reduce clicks and make essential resources readily available. The new LoginRadius structure puts APIs, SDKs, and integration guides right at the menu bar under the Developers dropdown so you can get started faster. Our Products, Solutions, and Customer Services are also clearly categorized, helping development teams quickly find the right tools and make informed decisions. Developers now have a clear view of the tech stack available with LoginRadius, designed to support diverse business needs. Our platform offers pre-built SDKs for Node.js, Python, Java, and more, making CIAM integration seamless across popular programming languages and frameworks. Check out our revamped LoginRadius website and see how the improved experience makes it easier to build, scale, and secure your applications. Do not forget to explore the improved navigation and API documentation, and get started with our free trial today. We’re excited to see what you’ll build with LoginRadius!4. Users should stop clicking on foreign links and unknown emails.
\n5. Antivirus software helps in detecting all phishing messages.
\nSome More Security Measures You Can Follow
\n\n
\nConclusion
\nWhat Is Okta?
\nWhy Is Okta In the News?
\nHow Was the Attack Executed?
\n\n
\nWho Is Behind Okta’s Breach?
\nThe Key Reasons That Caused The Security Breach
\nOkta Breach: What Was the Impact?
\nWhat to Learn From Okta's Cyber Hack?
\n1) Limit Access on a ‘Need-to-Know’ Basis
\n2) Validate Third-party Apps and SaaS Solutions
\n3) Implement Robust IAM-PAM Solutions
\n4) Train Employees and Customers
\n5) Be Vigilant
\n6) Audit and Review Regularly
\n7) Communicate Transparently
\nTo Conclude
\nAuthentication vs. Authorization
\nUser Authentication with LoginRadius
\nUser Authentication in NestJS
\nSet Up the Project
\n
\n// Install NestJS CLI\nnpm i -g @nestjs/cli\n\n// Create a new project\nnest new nest-loginradius-auth\n\ncd nest-loginradius-authSet Up LoginRadius
\nSet Up .env file
\n.env file.
\nnpm install dotenv
\nAPP_NAME=<your app name>\nAPI_KEY=<your api key>\nAPI_SECRET=<your api secret>\nSOTT= <your sott>Authentication Flow
\n\n
\nCreate an Authentication Module
\n
\nnest generate module auth\nnest generate controller authCreate a User
\nauth folder, add the dto folder and create a UserDTO class in the user.dto.ts file.
\nexport class UserDto {\n email: string;\n password: string;\n}AuthController, import the DTO to be used to validate the request body.
\nimport { Injectable } from '@nestjs/common';\nimport { UserDto } from './dto/user.dto';\n\n@Injectable()\n@Controller('auth')\nexport class AuthController {\n @Post('signup')\n async signup(@Body() registerUserDto: UserDto) {\n // Register user\n }\n}Generate Auth Service File
\n
\nnest g service auth
\nimport { Injectable } from '@nestjs/common';\nimport { UserDto } from './dto/user.dto';\nimport * as LRAuthPrrovider from 'loginradius-sdk'\n\n@Injectable()\nexport class AuthService {\n async signup(registerUserDto: UserDto) {\n console.log('sign up')\n }\n}auth.controller.ts file.
\nimport { Injectable } from '@nestjs/common';\nimport { UserDto } from './dto/user.dto';\nimport { AuthService } from './auth.service';\n\n@Injectable()\n@Controller('auth')\nexport class AuthController {\n constructor(private readonly authService: AuthService) { }\n\n @Post('signup')\n async signup(@Body() registerUserDto: UserDto) {\n let response = await this.authService.signup(registerUserDto)\n return response\n }\n}loginradius-sdk using the following command.
\nnpm i loginradius-sdkloginradius-sdk and configure it and since you will be using variables from the .env file, remember to also configure dotenv.
\nimport * as dotenv from 'dotenv';\ndotenv.config()\nimport * as LRAuthPrrovider from 'loginradius-sdk'\n\nlet config = {\n apiDomain: "api.loginradius.com",\n apiKey: process.env.API_KEY,\n apiSecret: process.env.API_SECRET,\n siteName: process.env.APP_NAME,\n apiRequestSigning: false,\n proxy: {\n host: "",\n port: "",\n user: "",\n password: "",\n },\n };\nlet lrv2 = LRAuthPrrovider(config);\n\nlet sott = process.env.SOTT
\n@Injectable()\nexport class AuthService {\n async signup(registerUserDto: UserDto) {\n try {\n const response = await lrv2.authenticationApi\n .checkEmailAvailability(registerUserDto.email)\n if (response.isExist) {\n return "Email already in use"\n }\n catch(error) {\n return error\n }\n }\n}
\n@Injectable()\nexport class AuthService {\n async signup(registerUserDto: UserDto) {\n try {\n // check if email is already in use\n const response = await lrv2.authenticationApi\n .checkEmailAvailability(registerUserDto.email)\n if (response.isExist) {\n return "Email already in use"\n }\n // create registration model\n let authUserRegistrationModel = {\n email: [\n {\n type: "primary",\n value: registerUserDto.email,\n },\n ],\n password: registerUserDto.password,\n };\n // register user\n let user = await lrv2.authenticationApi\n .userRegistrationByEmail(authUserRegistrationModel, sott)\n if(user) {\n return "Sign up successful"\n }\n } catch (error) {\n return error\n }\n }\n}authUserRegistrationModel object defines how the email and password will be stored in the database.Log In the User
\nauth.service.ts, add the login function.
\n@Injectable()\nexport class AuthService {\n async signup(registerUserDto: UserDto) {\n // register user\n }\n async login(loginUserDTO: UserDto) {\n // login user\n }\n}
\n@Injectable()\nexport class AuthService {\n async signup(registerUserDto: UserDto) {\n // register user\n }\n async login(loginUserDTO: UserDto) {\n try {\n let emailAuthenticationModel = {\n email: loginUserDTO.email,\n password: loginUserDTO.password,\n };\n let user = await lrv2.authenticationApi\n .loginByEmail(emailAuthenticationModel)\n return {\n accessToken: user.access_token,\n }\n } catch (error) {\n return error\n }\n }\n}accessToken in the response body. The user will use the access token to access protected routes.auth.controller.ts file to use it in the login route.
\nimport { Injectable } from '@nestjs/common';\nimport { UserDto } from './dto/user.dto';\nimport { AuthService } from './auth.service';\n\n@Injectable()\n@Controller('auth')\nexport class AuthController {\n constructor(private readonly authService: AuthService) { }\n\n @Post('signup')\n async signup(@Body() registerUserDto: UserDto) {\n // register user\n }\n async login(@Body() loginUserDto: UserDto) {\n // login user\n }\n}Access Protected Routes
\naccessToken. In this tutorial, you will be storing the token in the authorization header as a bearer token. Another alternative would be to use HTTP-only cookies.auth.guard.ts, add the following code.
\nimport {AuthService } from './auth.service';\nimport { Request } from 'express';\n\n@Injectable()\nexport class AuthGuard implements CanActivate {\n\n constructor(\n private readonly authService: AuthService,\n ) {}\n\n async canActivate(context: ExecutionContext): Promise<boolean> {\n const request: Request = context.switchToHttp().getRequest();\n\n // Extract the access token from the authorization header\n const authheader = request.header('Authorization');\n const token = authheader && authheader.split(" ")[1];\n try {\n let authorizedMsg = await this.authService.authenticate(token);\n // Attach the authorized message to the request. You could also attach the user information.\n request['isAuthorized'] = "Authorized"\n return true;\n } catch (error) {\n throw new UnauthorizedException();\n }\n }\n}authenticate method defined in AuthService. This method will be responsible for verifying the token.auth.service.ts, create the authenticate method. This method will send the access token to LoginRadius for verification.
\nimport { Injectable, UnauthorizedException } from '@nestjs/common';\nimport { UserDto } from './dto/user.dto';\nimport * as LRAuthPrrovider from 'loginradius-sdk'\n\n@Injectable()\nexport class AuthService {\n async signup(registerUserDto: UserDto) {\n // signup user\n }\n async login(loginUserDTO: UserDto) {\n // login user\n }\n async authenticate(accessToken: string) {\n try {\n const response = await lrv2.authenticationApi\n .authValidateAccessToken(accessToken)\n return response\n } catch (error) {\n throw new UnauthorizedException();\n }\n }\n}auth.controller.ts, add the following.
\nimport { Controller, Get, Body, Post, UseGuards } from '@nestjs/common';\nimport { UserDto } from './dto/user.dto';\nimport { AuthService } from './auth.service';\nimport { AuthGuard } from './auth.guard';\n\n@Controller('auth')\nexport class AuthController {\n constructor(private readonly authService: AuthService) { }\n\n @Post('signup')\n async signup(@Body() registerUserDto: UserDto) {\n // signup user\n }\n @Post('login')\n async login(@Body() loginUserDto: UserDto) {\n // login user\n }\n @UseGuards(AuthGuard)\n @Get('protected')\n async protected() {\n return "Access granted"\n }\n}UseGuards to will require a valid access token.Test with Postman
\n
\nPOST http://localhost:3000/auth/signupConclusion
\nIntroduction
\nWhat is a Verification Email?
\n\n
\nHow to Make Verification Emails Effective?
\nKeep in mind anti-spam practice
\n\n
\nThink of the proper tone of voice
\nApply personalization
\nInsert design and creative elements
\n\n
\nExamples of Verification Emails
\n\n
\nSumming Up
\nWhat’s New and Improved on the LoginRadius Website?
\nA Developer-Friendly Dark Theme
\n![\"This](\"/f46881583c7518a93bb24e94c32320de/a-developer-friendly-dark-theme.webp\")
Clear Categorization for LoginRadius Capabilities
\n![\"This](\"/e5358b82be414940f3fb146013845933/capabilities.webp\")
\n
\nDeveloper-First Navigation
\n![\"This](\"/a8c155c2b6faf3d5f4b4de4e2b14d763/developers-menu.webp\")
Quick Understanding of Integration Benefits
\n![\"This](\"/b2f9a964a2da0ea83e2f8596b833bba7/we-support-your-tech-stack.webp\")
Over to You Now!
\n