Access Refresh Token, Middleware and cookies in Backend

A small bug in code, if (!(username || email)) . Jab video dekhoge to aa jayega smjh. GIthub pe b add kr diya h code. Next video me krte h discuss
hitesh.ai/whatsapp

Hello Sir, after 7 years I started coding again, because of some financial issues i cannot pursue my studies, and i have to work in another field because of availability of other jobs. I manage my time at night to gain my knowledge in coding and YOU are the main reason Sir. Thank you.

Todo's for login ( dnt know if its good )
- take input from the user from the login page.
- save it in a variable
- apply check ( as per js series form handling part ) if the username == username && password == password . Then perform some action.
- call mongodb to check the db if there is any user with the same username ( email in case ) is present or not , if not throw err . And redirect to register (dnt know how, will plan if situation arise)
- if username/email present. Then get its _id and store it in variable
- retreive username and pass from that variable to check if both are same or not. If no then err
- if yes then redirect it to the page we want
( Dnt know the use of refresh token. Actually i didnt get it by now. I hope I will understand after seeing how u are using it ) , now continue to the video...
-

I have more than 4 year experience on watching tech video on RUclips in Hindi language.....I can say that this Hindi RUclips channel is top of all Hindi RUclips channel....
Amazing sir aapke samjhna ka tarika pasand aaya...very beginner level.
Thank you sir thank you very much❤❤

Login user todo
1- get values from client side
2- validation- emptiness checking
3- check user exist if not redirect to register page
4- assigning of access token
5 -login
6- success response

I've never understood backend better until I found your videos. Their clarity and enthusiasm make learning a joy!

It's a challenge to completely understand this, because it is the very first time I'm seeing these methods, and that too a lot of them in a single video.
But at least I'm getting the motive behind each action that we are taking.
Thanks to you sir, we could get access to such high quality code.

whoever is facing difficulty in understanding the video. Watch the video twice!. i faced the same problem as i was coding and watching the video at the same time , but i dedicated the second time to watch the video at 2x to understand each and every bit.
now i have understood everything.
thank you so much hitesh sir ♥
♥

I have 1+ years of experience in mern but still watching your backend course, looking interested never watch this type of content on any platform. Awesome 🥰

Steps for User to Login :
1. get data from user
2. check the data if it is not empty
3. check the data from user to match with that of database.
4. if the data is matched return true else if return false.

Sir, feeling so lucky to be a part of this community.
Literally, Chai and Code is an emotion 🔥🔥

The clarity i get from watching your videos is mind blowing.

I contributed a comment, q ki Target 🎯 to achieve karna aur karvana padega na
Thank you sir❤❤😊

This is the best videos you can find on internet... University should also suggest this course students because they don't teach you like this

I have learnt a lot from your backend series , how the flow happens , how to think and not rush to code, how to standardize the code , how to abstract the common logic . This series has really increased my confidence. I really appreciate your effort and your valuable time in bringing us the valuable content and trying to make us better programmers. Thanks a lot Hitesh.

---Login TODOs
// get username or email , password from user
// Check for empty fields
// Check if user exists or not
// fetch user from database
// compare saved password and input password
// if credentials are correct generate access and refresh token
So far I can only figure out this
and itna sbh isliye likh paaya because peechli video se mst sikh kr aaya 3-4 attempt lge smjhne m

1. validation of input fields
2. check if users credentials is present in db
3. compare passwords
4. generate access and refresh token
5. return response of access and refresh token in cookies
thank you sir

Late-night coding with Chai. Great lecture. Appreciate your teaching skills from Pakistan.

Hi @hitesh, Thanks for this series. I love it :) . I wish you to plan for MERN interview guide series, it would help many ❤

User ko login karne ke steps:
1. Get data from user.
1.5 . Validate the data as per your need.
2. Check if the user already exists or not , if not then give error
3.Save the email and password in jwt for further uses like not to ask the user to login again and again .
Mujhe to itna hi knowledge hai abhi tak. Dhanyawad 🙏

Great to see u back! btw we gonna make frontend for this after this series? just a random thought came into my mind as u showed us the app in the very first.

1. Fetch req body
2. Check if user is exist.
3. Check user crendtails are correct.
4. Generate access & refresh token.
5. Save refresh token in DB
6. Return access & refresh token to client.

Sir ji after dhiwise and flutter flow like technology which can create flutter code very fast is learning flutter still good option I know a real developer is a person who focus on concept not on technology but I want your opinion... ❤

After watching the video twice, I found it extremely insightful. It provided a superb understanding of the topic

Aaj toh aapke comment targets ko double karke maanenge

Hats off to you sir..
Standing throughout the videos, pain in eye, still dedicated to text us.. 😮 That's great.
Thanku so much 👏👏

Sir we really appreciate the fact that you are providing quality knowledge and making it accessible for everyone!

Yes any other video will take lot of effort to reach this kind of dedication to give real real value to the community.

I have 1+ year experience but today I have understand this core concept true way. Thank you so much Sir 🤗

Sir, the effort you put into each tutorial is highly appreciated. Hitesh sir is one of the best things I got from RUclips. Wishing you a long life and good health from Bangladesh.🙏

6:15 I think sir,
step01 => get user's email id and password
step02 => primary validation(empty field or not)
step03 => check if user already exists then generate access and refreash token
step04 => give the user accessability to log in
step05 => remove the tokens from the field
step06 => if user email and password not match route the user to the sing up page

6:18
1. Check if the user is not registered
2. Compare passwords in req body and db
3. Create an access token and refresh token using jwt
4. save token in cookie or DB as per requirements
5. Send response with tokens

Waah sir, itna bada lecture!!
Bohot achha laga pura dekh ke.
kaafi kuch cheezein clear hui aur nayi nayi cheezein seekhne ko mili
Thank you 😊

Sir I am java Full Stack Developer, but in my current project I was working on node js and I want say that everything you are covered in this video that same thing we also need to implement, sir hands of best series i definitely learn now node js love you sir ji ❤❤❤❤❤ mene bhi chaiye Pina chalu kar dii apki videos dekh kae 😅😂❤❤ more love sir ❤❤❤

@10:30 if we are looking for atleast one input from user that's username or email, than condition to throw error should be "&&'. If we use Or ("||") than it will throw error even though user has sent either of the options, i e. Username or email.
Apart from that, thank you so much for this type of videos. 🙏🏼

For the first time, i have completed 1 hour long video in one sitting and completed in full while coding and understanding things properly. Thank you hitesh sir for making these topics so much engaging for us.
Completed at 14 March 2024 5:50 pm

Steps to login
1. Getting username/email and password from user
2. Checking username/e-mail and password fields
3. Getting user info from db
4. Password checking
5. Generation of acces and refresh token
6. Send cookie

These videos have become an ADDICTION! Really a production grade code, I am guessing this can become a reference code.🙌

Sir , pain hua 2 baar dekhne me lekin maza aagaya

todos
1)get email,password from the user
2)check if they are not empty
3)validate them with the existing user
4)send res accordingly

Yes Sir, pura samjh me aarha hai. Ho hi nahi sakta hi aap samjhaye or hume samjh na aaye.. 🙏🏻🙇🏻‍♂

Dear studenst you can never find this production type content on paid or free course, this series is lit

Login user
1. get data available in req object from adding req.json() middleware
2. extract data and perform validation (frontend validation is recommended)
3. get user from database with same email trying to login
4. decrypt password bcrypt.compare and compare (we can also use an method written on user schema)
5. if password is correct create jwt and store it in req.user, which will give access to user from req object

todos for a login user:
1) email and password ko pehle validate kro wrna error pass kro
2) uske bd check kro jo user ne email dia h kia exist bhi krta h ya nhi db me wrna error pass krwao
3) agar email h db me tw password ko compare karwao jo db me save h wrna invalid credentials ka error pass krwao
4) uske bd aek access token aur aek refresh token return kro user ko lekin dono tokens k secret key different rkh kr same nhi hona chaiye
continue...

todo's->
get the user info from fronted(username,email,password)
make a db call to find the user
if the info is wrong or empty then throw error
generate the refreshtoken and accesstoken, set duration for them

Todo's for login
1. username/email input
2. password input
3. check user exit or not
4. if user exit assign token
5. redirect to home page

Well thanks for this detailed discussion sir, I had done a complex project in past months and most of the things I've implemented in my project is getting used here too but I didn't know the reason for most of the stuffs that why are we doing this and that. For example that auth middleware I understood 20-30% implementation during my project but still not sure the reason. Now I get to know that Oh when we are logging out we actually don't have anything related to user in our req and res... Thanks sir❤❤

this was such deep and in depth lecture ,completed this in 2 days in 2 sitting ,each minute was worth it

todos for login user
1) get email and password from user
2) check if email already exit or not then only allowed to login
3) check if entered email and have correct password
4) also some captcha should be provided for authentication
5) then only allow user to login into his/her account
async(err,req,res,next)

steps to follow for user login : tried to write it before watching the whole video(might not be totally correct )
1->get username and password from front-end( req.body)
2->check for user existence in the database using username and through 'User" object
3->validation of password
4->if all steps passed ->user login successfully
At the end Thankyou so much sir for this amazing channel ❤

Login Steps which came in my mind:
1.Take Input (credentials).
2.Validation ( fields are not empty , email is valid ,etc.).
3. Find user in our db by email or username.
4.Verify password.
5.Generate access and refresh token.
6.Redirect to Home page if you want.
7.Remove tokens and password from response.
8.Return response.
after continue video I got to know that , I missed out to save my access token in my db, so another step.
after step 5 , there'll be another crucial step "Send tokens in the form of cookies"

get user details from the frontend or backend
check if any field is not empty
validate the credentials give by user
check if the user exists or not
generate access token for the user
redirect user to the required page he wants to go home or admin...

Thanku so much sir ❤❤ aap hamare liye itne cast me hone ke baad bhi hamlog ko padha rahe hai love you sir 🌹🌹

1. validation of input fields (req.body such as email or username and password)
2. check if users credentials is present in database
3. compare and validate passwords using jwt and database
4. generate access with expiration 1 hr and refresh token expiration 1 day
5. return response of access and refresh token

6:11
take username email and password from req.body
trim and check if all fields have proper value
check if user exist or not
if exist login the user and generate refresh and access token
if not throw error

To login a user:
1) get the data from user
2) validate it (whether all fields are provided, then whether the user exists)
3) I guess then, return the access token and refresh token to user to access all other resources.

Thanks for this detailed explanation of the concepts with code.
While practicing, I got stuck on one error when trying to compare the passwords during the login process. Mongoose was throwing the error "user.isPasswordCorrect isn't a function" when I tried debugging it. The code seems to be fine, after a few minutes of frustration, i found out that the only thing missing is "await" when calling "User.findOne." Because I didn't add await, it was giving me an error.
As you said, we need to add "await" whenever we call Database, since it's in another continent😀😀😀

Sure! Access tokens are like keys to access things (like toys in a chest). Refresh tokens are like a special tool that can create new keys when the old ones stop working. They help you get new access without asking permission again.

todos for login
1. get the data from the frontend
2. check if the user has access token
3.check if the user has refresh tocken if do not has access token
4. check in the database
5. redirect to the homepage

Todo's for login:
1 validate email and password field must not be empty
2 find the user with email and check if password matches nor not using bcrypt
3 if password matches than create access token and refresh token.
4 save refresh token in database and send them to the client for storing in cookies

Todo's login user
- get the value for user
- check the value is not null
- validation - check value empty
- if the data is save then user is login.
- assigned access token
- and successfully user is login

sir aap tk koi phunch ke liye aap ki trh hona pdega aur sir aisa syd hi ho thanks guru ji ...🙏🙏🙏🙏🙏🙏

I could never imagine such in depth information can be found so much easily, you are really great Hitesh sir!!

06:33
1. User enters the credentials
2. We check the credentials if correct
3. We loggin user
4. And using refresh token we make user to login for a particular time..
Caution :- I'm not understanding this project properly but I'm try my best after completing I'll come again and practice again

1. take input from the user
2. save the details in database
3. success response

damn man, I started hating coding and was planning to leave all this and go to 3d/vfx/cgi but you made me fall in love with coding again I have no words I know this video is old but hope I you read it. YOU ARE DOING A GREAT FUCKING JOB! Huge respect from your neighbor country Pakistan 🐐

1. get credentials from the user/frontend
2. validate data/credentials
3. check for the user in DB with the username
4. compare the passwords after decrypting
5. generate an access token and refresh the token
6. send access token as a response

Thank you for explaining everything in such a great way

1. get values from database
2. check userid or password does exist
3. if exist then access to login
4. if doesn't exist redirect to sign up page

todos for login user
1.get req from client
2.check if the user is exists
3.decode password and compare both passwords
4.if matches create a refresh token and access token
5. create a middleware to verify access token
6. function that assigns again access token

1 input of the credentials
2 validation of the credentials
3 if credentials matches with what present in db login the user
4 generate the tokens
5 if user returns then check the tokens if it matches with the tokens present in the db login the user without taking the credentials
6 return the necessary response

30:39 Yes sir samajh aa raha hai sir bahut ache se aap padate hai sir I sure that none one can become like you

1.get the data of user
2.validate the data
3.check {username or email ,password} is correct in db
4.return res

1. get the email and password from the user
2. check whether email is present in database
3. compare the password
4. store tokens in database and user's browser

Thank you so much sir !!! feeling grateful to study from such a great teacher .💗💗💗

1. validation input files (req.body)
2. check the user is presente in database
3. compare email and password
4. send response

login user:
1. take data from user using frontend.
2. Now validate it with data stored in a database
3. also check the refresh token
4. if user is valid user, then login the user, otherwise throw an appropriate error to user

//steps for logging the user in
1. take credential as input from the user
2. check is the given credential matches with the ones in the database (thiis method should be strictly await)
3 if the credential match then log the user in and assigned a acess token and
if the credentials do not match then show a pop that the user need to register first and redirect to the registration page

1. Deconstruct the the body object.
2. check if the required properties are provided and valid (not empty)
3. check if the user exists or not using the username or email
4. check if the password is correct or not using the comparePassword method we defined in the model file
5. Check if the user has a refresh token or not
6. If the user has a refresh token, then we'll use that to get a new access token
7. If the user doesn't have a refresh token, then we'll create a new refresh token and access token

Hello sir, I show when I am hit the Like button then your likes count become a 1k this surprisingly for me , thanks a lot for this valuable❤able content

Padharo Mhare Desh ................. My fav Rajsthani folk song

51:00 awesome shortcut

1) data from user like username/email and password
2) validate userdata
3) compare userdata with db data
4) create access token and refresh token
5) send satus with tokens

6:17
Todo for login :
Get input from the user
Validate the input data
Check whether this email exists in the database or not
Then hash the given password using bcrypt and compare it with the stored one
Then give response to the user

1) check kare ge ke user pehale se ragister hai ya nahi.
2)ragister nahi hai tho user ko ragister kara yea ge.
3)user pehale se register hai tho pehale refresh token match karege and then user ko naya access token dege.
4) user ka email and password and username yea sab validate kar lege.

i took sir mern stack boot-camp but believe me this series and way more better then whole boot-camp.even they do teach refresh token there so i'm relearning here again

1. Take details from user needed to login
2. Check if any detail is not empty
3. Search in database, if the user exists or not
4. If exists then provide it refresh token and access token

Sir it's a very awesome video ❤. I am out of words to express how beautifully you have explained such heavy topic so easily. As I was getting closer to the end of video, I was falling more and more in love with the way of your teaching and explanation. Thank you so much sir for making such awesome videos for us. Hats off to you Sir. ❤

1. Get the data from login portal
2. Compare the data
3. if match(return true) and give access token and then render to the dashboard
4. if not match(return false) and send message of failure login

Today I watch this video, this is something next level really I enjoyed while watching this video.

1. we take request from user like email and pass
2. we do validation user exist or not
3.if extist we send him response with refresh and accesstoken

6:33
A. get the username
B.check if it is present in out db
C.take email and check it
d-take pass word and check it .
D.take the access token
c.give him a refresh token

6:13 Todos:
1>jab user login hoga tab user ka password and email ya toh username validate karna hai .
2> agar password and username || email same hai toh user ko main route pr bhej na hai
3> agar match nahi ho raha hai toh usko message dena hai ki invalid credentials

6:22 1.create fields for email and password
2.Validation
3.check if already have and account so direct login In
4. If not then go to register
5.forgot password
6. remove password and refresh token
7. return response

I just love and find very funny one of your line about middleware is - Jaane se pehle milke jaiyega 😅 ❤❤

1. get the details from user (username/email, password)
2. check for validation
3. check user exists or not
if exists then
4.get the details of the user (except password ,....)
5. generate access token and refresh token
6. return response to the user/frontend with user details

best backend ever, i am blessed i found u in this early stage in my career.

sir according to me these are the steps to follow for user login.
1. take email and password from user.
2. write a function to check the email and password in already register in the database or not
3. if already register then login the user to access the site.
4. if not then show message you are not the user please signup first.
5. if email is correct match with the database but not the password then show the message that your password is wrong please enter the correct password.

I was having some issues regarding JWT token, after watching this video my problem is gone. Thankyou so much sir for you hard work.
#chaiaurcode

- It will take the value from the input-box the are given
- then store that value in a variable
- it will check with the give username with store username
- if it match then check the password
and
- if it didn't match say sign up or user dont exist