Watched and learned from all of the JWT videos. How to create the JWT access token and refresh token for spring boot. Thank you so much sir. Awesome tutorial.
awesome tutorial. I'm having some issues. the authorization header that I am sending from my locally hosted web application (on port 3000) is not going through to the springboot. how can I fix this?
Sir, the 2 tutorials were really helpful. Just one question. Can you use the refresh token to access resources like you would with access token? Am I wrong or I dont see any code that would forbid that.
Refresh tokens are only used to generate new access tokens. You cannot access resources with a refresh token because its sole purpose is to obtain a new access token after the original one expires. Unlike access tokens, which are used to authenticate and authorize requests to protected resources, refresh tokens are meant to securely refresh access tokens without requiring the user to log in again.
Hello sir, can we store both accessToken and refreshToken in local storage in the frontend. Could you please share any reference of frontend react code with is integrated to this backend implementation. Thank you.
Hello! Yes, you can store both the access token and refresh token in local storage, but it's generally recommended to store tokens securely, such as in HTTP-only cookies, to prevent vulnerabilities like XSS attacks. If you still prefer local storage, just ensure you handle tokens carefully. As for React code integrated with a backend JWT implementation, I don't have a direct reference to share in this comment, but I'll consider creating a video or sharing a repo that covers it in detail. Stay tuned! 😊
just wondering, why do you save the access token in the database as well? I thought that the whole point of the access token is that it is stateless and that you do not ever have to make database calls when using it. I understand the necessity of it with the refresh token, but not with the access token.
Hi, thank you for watching. I have explained it in my previous video. you can check it here ruclips.net/video/OpSU0VgfkL4/видео.htmlsi=utQ463nHbUt1fGE8&t=63
Hello sir, Thank you for this awesome tutorial.. I've noticed about the LOGOUT request , why it is always 200-OK response rather than Unauthorized when user not logged in? is there any way to fix this issue?
Thank you for your question! To generate a refresh token for OIDC users, you should include the "offline_access" scope when you request authorization. If you have any more questions, feel free to ask!
Watched and learned from all of the JWT videos. How to create the JWT access token and refresh token for spring boot. Thank you so much sir. Awesome tutorial.
awesome tutorial. I'm having some issues. the authorization header that I am sending from my locally hosted web application (on port 3000) is not going through to the springboot. how can I fix this?
❤❤❤ Professional explanation. Thanks for all your technical videos . Please make the same JWT with SpringWebflux .
Thank you so much!!!
Sir, the 2 tutorials were really helpful. Just one question. Can you use the refresh token to access resources like you would with access token? Am I wrong or I dont see any code that would forbid that.
Refresh tokens are only used to generate new access tokens. You cannot access resources with a refresh token because its sole purpose is to obtain a new access token after the original one expires. Unlike access tokens, which are used to authenticate and authorize requests to protected resources, refresh tokens are meant to securely refresh access tokens without requiring the user to log in again.
@@LearnWithIfte Thank you very much for your response. I added "type" claim to each type of tokens to differentiate it.
Hello sir, can we store both accessToken and refreshToken in local storage in the frontend. Could you please share any reference of frontend react code with is integrated to this backend implementation. Thank you.
Hello! Yes, you can store both the access token and refresh token in local storage, but it's generally recommended to store tokens securely, such as in HTTP-only cookies, to prevent vulnerabilities like XSS attacks. If you still prefer local storage, just ensure you handle tokens carefully.
As for React code integrated with a backend JWT implementation, I don't have a direct reference to share in this comment, but I'll consider creating a video or sharing a repo that covers it in detail. Stay tuned! 😊
just wondering, why do you save the access token in the database as well? I thought that the whole point of the access token is that it is stateless and that you do not ever have to make database calls when using it. I understand the necessity of it with the refresh token, but not with the access token.
Hi, thank you for watching. I have explained it in my previous video. you can check it here ruclips.net/video/OpSU0VgfkL4/видео.htmlsi=utQ463nHbUt1fGE8&t=63
Hello sir, Thank you for this awesome tutorial.. I've noticed about the LOGOUT request , why it is always 200-OK response rather than Unauthorized when user not logged in? is there any way to fix this issue?
🎉❤
Hi sir, Could you please prepare a vedio with 2roles. Where admin can do put and post and user can do delete and both can do get.
Hi Sir,
Can you please confirm how can make refresh token for OIDC user?
Thank you for your question! To generate a refresh token for OIDC users, you should include the "offline_access" scope when you request authorization. If you have any more questions, feel free to ask!
thank you bro
Hi Sir, can you please provide the source code for this refresh token
Thanks for watching the video. Here is the source code: github.com/hello-iftekhar/springJwt