What Is JWT and Why Should You Use JWT

Поделиться
HTML-код
  • Опубликовано: 22 дек 2024

Комментарии • 1,2 тыс.

  • @WebDevSimplified
    @WebDevSimplified  5 лет назад +252

    I just posted an implementation to JWT authentication in Node.js based on popular demand. ruclips.net/video/mbsmsi7l3r4/видео.html

    • @grantfleming5250
      @grantfleming5250 4 года назад +19

      I thought you said in the video that JWT is not for authentication? :S

    • @scottmcmahon7209
      @scottmcmahon7209 4 года назад

      I really enjoy all your videos. You explain everything much better than most of the tutorials I buy on udemy. You should do your own tutorials on udemy because you're a much better teacher than most of the other people on that website.

    • @vivekmehta9933
      @vivekmehta9933 4 года назад +5

      Now m confused..you just said JWT is not for authentication and the new video title is jwt authentication..??please help..

    • @abhinavpandey3356
      @abhinavpandey3356 4 года назад +1

      @@grantfleming5250 same it's for Authorization I guess

    • @zackOverflow
      @zackOverflow 3 года назад

      Mr Kyle I'll like to ask you a question, in one of your video you titled 'JWT Authentication Tutorial - Node.js' but here you said JWT is for Authorization and not Authentication, I'm a bit confused here...

  • @gimmins
    @gimmins 5 лет назад +128

    I work in the software industry and needed to understand JWT. Your tutorial is by far one of the best I've seen. Clear, concise and super easy to understand. Uber thank you!

    • @WebDevSimplified
      @WebDevSimplified  5 лет назад +16

      You are very welcome! I have a video coming out on Saturday that goes over implementing JWT in Node.js so that may be something you find useful.

  • @nsharma4981
    @nsharma4981 4 года назад +129

    Man you're really a godsend, how is it humanly possible to pack so much info AND explain it all so lucidly in 15 mins?! I read so many articles but they all made the verify signature sound like magic and here you simplify it like it's no big deal. Now I finally understand why jwt is important. Thank you so so much Kyle! 😃

  • @powderriverfarrier
    @powderriverfarrier 5 лет назад +690

    An articulate clear explanation of a very important security concept. Keep the videos coming Kyle.

    • @WebDevSimplified
      @WebDevSimplified  5 лет назад +52

      Thank you! I felt this was one of my better videos on explaining a concept and I am really glad that you enjoyed it also.

    • @Name-lt2tz
      @Name-lt2tz 3 года назад +2

      @@WebDevSimplified I really low technology being explained in such simple way.

  • @gabrielfono844
    @gabrielfono844 2 года назад +25

    this is one of the underrated explanations of jwt.
    as full stack engineer , I remember taking your react course 2 years ago where we were building a food application applying all the http verbs.
    now , I have been working for 7 months as full stack engineer here in seattle waghinston.
    if someone had told me , I will be a developer one day, I wouldn't have believed.
    thanks again

    • @jeevavenkat4021
      @jeevavenkat4021 Год назад +1

      Congrats on becoming a developer!

    • @kalideb-y3y
      @kalideb-y3y 10 месяцев назад

      you mean CRUD?

    • @elforeyyy
      @elforeyyy 4 месяца назад

      hello brother may you please assist me in my application used springboot security problem is after a successful login it's calling the login page again not redirecting to the specified endpoint. How can I share my classes with you

  • @riccoduro
    @riccoduro 5 лет назад +158

    Excellent explanation of JWT, I was literally able to understand JWT in 15 minutes !

    • @WebDevSimplified
      @WebDevSimplified  5 лет назад +11

      Thank you! I am really glad that you enjoyed it!

    • @HK-sw3vi
      @HK-sw3vi 4 года назад +7

      why did you take 8 extra seconds after the video ended?

    • @pavanchsr
      @pavanchsr 3 года назад +1

      Kudos to you ..for the simple and clear explanation

  • @evergreen7781
    @evergreen7781 3 года назад +21

    I don't think there is any better video on the Internet explaining JWT concepts in such detailed crystal clear manner !!!
    Its lovely from you, Kyle

  • @glorat
    @glorat 4 года назад +446

    JWT in this tutorial is all about authentication, not authorization contrary to what was described, because its use here is identifying whether the user is the same user as the one that logged in (just like with sessions). Perhaps the confusion is that JWTs are commonly used for authorization by being created to grant access to APIs so that the API server knows the client is authorized to use the API. Neverthless, JWTs can be used for authentication (as in this tutorial) such as "ID tokens" and also for authorization such as "access tokens". A clear tutorial apart from this!

    • @ameennazeer12
      @ameennazeer12 Год назад +35

      Ur comment is one of those comments where I learn something
      And feel I wish I come across more these kind of comments

    • @-seoulair
      @-seoulair Год назад +2

      incredible comment!

    • @bencipherx
      @bencipherx Год назад +2

      Nice, thanks man

    • @codie12
      @codie12 Год назад +13

      It has been 2 years but thanks for clearing my confusion.

    • @ram-pc4wk
      @ram-pc4wk Год назад +10

      It was about Authorization only.
      Server creates a jwt after login only. Or I can say after authentication only.
      Server sends jwt back first time to client/browser after authenticated.
      Then the corresponding user reqs,
      Has a jwt in its header.
      Now server authorizes is it a valid jwt?. (But not does not validates user mail, user password).
      So the video description is correct.
      If i am missing something, correct me .😮

  • @IntrinDesign
    @IntrinDesign 2 года назад +16

    This is seriously the best explanation of JWT I have viewed. Thank you!

  • @tayfun6378
    @tayfun6378 4 года назад +23

    I'm gonna say what everyone else said. this might be the clearest explanations ever!

  • @sarthakshah6761
    @sarthakshah6761 Год назад +2

    I love the way you started the video by explaining, JWT is meant for authorisation not authentication. It shows how hard you work for your content. Thank you and kudos to you..

    • @01kaskasero
      @01kaskasero Год назад +2

      Aaaaand he was so 100% wrong.

  • @NehaGupta-fd8hs
    @NehaGupta-fd8hs 5 лет назад +48

    Thank you for the tutorials! You are making a huge difference!

  • @ThaiNguyen-gg8xj
    @ThaiNguyen-gg8xj Год назад +1

    Your speaking is really easy to listen to for a non native speaker like me. Thank you so much.

  • @moy2010
    @moy2010 4 года назад +21

    Another use case for JWT is the following:
    - The client signs the JWT with their own private key
    - The client shares its public key with you, and you keep a copy on the server
    - Everytime you decode the JWT, you verify its validity with the copy of the public key that you have on the server

  • @oghenetegaphilip6068
    @oghenetegaphilip6068 2 года назад +1

    Any thing I get confused on, I check your page first. Your videos are really short and straight to the point with clear understanding. Thank you for putting out great content as always.

  • @Texas6
    @Texas6 3 года назад +3

    So much better than my professor's explanations. The visuals help a lot too. Thank you Kyle.

  • @bluechacha
    @bluechacha 4 года назад +1

    Very clear explanation. Easy to understand. Good job!!!

  • @moebob24
    @moebob24 4 года назад +3

    Your videos are some of the cleanest, most well put together, informative, and easy to follow videos on RUclips. Thank you.

  • @BlueHat1
    @BlueHat1 7 месяцев назад +1

    I'm really in awe of how easy to understand and clear you made this topic. What an incredible explanation! This is one of your best videos :)

  • @virajyadav8571
    @virajyadav8571 3 года назад +5

    Was struggling to understand the concept of JWT since over 2 weeks, I'm glad I watched this tutorial. Complete concept of JWT has been cleared in my mind now. Thanks a lot for making it so clean and simple to understand.

  • @abhishekgupta4360
    @abhishekgupta4360 5 лет назад +1

    I have been working with JWT for a while, but this explanation made me clear how things work under the hood. Thanks and keep up the good work.

  • @current815
    @current815 2 года назад +4

    Thanks for the great explanation on JWT. For the session cookie based solution, I think the session doesn't have to be stored in memory. Storage like Redis with TTL is a great option. So when a user tries to swtich from Bank to Retirement service, the services can both retrieve the user session from the same Redis cluster

  • @h__m7551
    @h__m7551 4 месяца назад

    I've never fully understood how JWT works, but after I saw this video finally everything is clear.
    Thank you 🙏

  • @AbdullahAlabd
    @AbdullahAlabd 5 лет назад +11

    You're really talented at this.
    I love this kind of tutorials, simple clear and brief without losing important details.
    Hope you continue providing such content.

    • @WebDevSimplified
      @WebDevSimplified  5 лет назад +1

      Thank you! I promise I will never stop making videos like this. They are some of my favorite to make.

  • @georgesmith9178
    @georgesmith9178 4 года назад

    1. Explanation - awesome
    2. Sound - awesome
    3. Examples - concise and to the point
    Wish I could give you 10 thumbs, man :)

  • @howtobecomeapanda1547
    @howtobecomeapanda1547 4 года назад +11

    Thankyou so much for this. I cant believe the difference between you explaining things vs my teachers. I finally get it now! It wasnt that difficult after all. I also love how you explain why you should use it & show us a few examples.

  • @davidkeel4543
    @davidkeel4543 3 года назад

    "Essentially we are storing the user information on the client" - that seems to be the sentence that finally got my head to wrap around this concept. Thank God for RUclips and your video, because I don't think my head could comprehend this heady subject by just reading.

  • @TshepoMokgoatjane
    @TshepoMokgoatjane 4 года назад +8

    Nice one Kyle, you speak so clearly and sound highly knowledgeable about JWT. Really appreciate the effort you put into your videos. Awesome. Keep up the good work.

  • @elhaambasheerch7058
    @elhaambasheerch7058 Год назад

    In terms of explaining the concept, Kyle has to be one of the Very best on RUclips !

  • @gregc4878
    @gregc4878 5 лет назад +5

    I've been working with JWTs for a while and this is the first time I've figured out how these really work. Great video.

  • @earth9651
    @earth9651 2 года назад +1

    My memory must be going, because this is like my 3rd time watching this video in the past few years. Just as helpful as ever, thanks for helping me keep my job. o7

  • @issammbarek78
    @issammbarek78 5 лет назад +9

    best explanation of JWT i've come across thank you

  • @avimehenwal
    @avimehenwal 4 года назад +2

    Bro you are a genius, I learnt full stack webdevelopment from this youtube channel during corona time. Glad I found you :)

  • @ramyabhat3921
    @ramyabhat3921 4 года назад +7

    Omg your content is pure goldd!!!!! I really appreciate your good work! Thank you☺️

  • @alexandre9051
    @alexandre9051 3 года назад

    I am watching it 2 years after it's been published, it is still very relevant ! Thanks for video! Two thumbs up !!

  • @AnnieTaylorChen
    @AnnieTaylorChen 5 лет назад +14

    A superb video for me to review this thing even I've been using it for a while. :P Btw I really love that you include graphic to illustrate the point, it is easier than just words. And I also like the servers of the bank example. :)

    • @WebDevSimplified
      @WebDevSimplified  5 лет назад +3

      I am really glad you enjoyed the video and the visuals. It takes quite a bit of time to set up and create the visuals so I am really glad they are helpful.

    • @MightyPuff
      @MightyPuff 3 года назад

      @@WebDevSimplified Much appreciated!

  • @study-me1oe
    @study-me1oe 2 года назад

    this channel is really a gem. Been able to see your videos as top results of my searches also.

  • @esnguimaraes
    @esnguimaraes 5 лет назад +115

    I would really appreciate your node and JWT Tutorial.

    • @WebDevSimplified
      @WebDevSimplified  5 лет назад +12

      I just released a video on the implementation. ruclips.net/video/mbsmsi7l3r4/видео.html

  • @JamesJon1187
    @JamesJon1187 6 месяцев назад +1

    Thanks this was not only super helpful in understanding jwts, but it also clarified how a session works!

  • @nerdiloo9863
    @nerdiloo9863 5 лет назад +8

    Good stuff. This is not often talked about compared to other web topics.

  • @businiaowyf
    @businiaowyf 2 года назад

    This is the best explanation of JWT I've seen on the internet. Thanks so much for the video!

  • @noumanmalik960
    @noumanmalik960 3 года назад +3

    The youtuber with perfect hair. Thank you for this video Kyle.

  • @ManuelRuiz-ry7lq
    @ManuelRuiz-ry7lq 3 года назад

    Heard today for the first time the phrase "JSON Web Takens" and your video has helped me inmensely to understand its application. Thanks!

  • @cidpickle666
    @cidpickle666 2 года назад +5

    A common technique for handling traditional sessions is to save the session information into a database that is accessible to any number of servers. This counter-acts the main con presented in this video. However! JWT is more efficient because it doesn't need to do a database lookup (and potentially another network call to connect to a shared db instance).

    • @Xaero324
      @Xaero324 2 года назад +1

      I wouldn't even use a DB for sessions. Things like Redis is way more optimized for that.

    • @toreAndreFlo19
      @toreAndreFlo19 Год назад

      It might not need a full database query, but you still need to look up the private key and perform the cryptographic check on each JWT. So you're still sharing a key between servers, and need to ensure they key is up-to-date on all of them. With session cookies, if you stored user session IDs on Redis, the performance difference compared to verifying a JWT with a private key would probably be negligible. Even if you're using a SQL DB to store the session IDs, you aren't going to notice a difference until you are reaching massive numbers of users.
      Plus, JWTs hold user information on the browser that is much easier to compromise than a properly secured server.

  • @kishor777
    @kishor777 4 года назад

    This is may be my ~10th video / web page reading about JWT. I can confidently say this one explained the concept better than any one else. Finally I understand JWT and if required can explain to others.

  • @zerosecond9739
    @zerosecond9739 2 года назад

    When ever I need to understand certain topic, I visit this channel.... greatWork... very helpful...

  • @kaimura9248
    @kaimura9248 3 года назад +3

    A little bonus information: before the times of JWT devs obviously had a "workaround" for the selfishness of the servers that saved the authorization state to their own session memory. That was to make a call to a databank to check there if any other of its server buddies has already seen and authorized the user. Obviously this method had the huge disadvantage that every server unneccessary bothered the DB and was a potential security risk if that said server got hacked and gets access to the DB.

  • @omkarjadhav3743
    @omkarjadhav3743 Год назад +1

    Loved your explanation! Thank you so much!

  • @imapseudonym6198
    @imapseudonym6198 3 года назад +3

    I'm having to finally tackle major security concerns after many, many years of it being my weakest subject by far. (Not totally sure why management thought putting me on this project was a good idea, but hey.) Breakdowns like this are very helpful to me, thank you.

    • @subusrable
      @subusrable Год назад

      Awesome explanation. Thanks!

  • @Gus-px7hd
    @Gus-px7hd 3 года назад

    Dude, you're a natural teacher. Thx.

  • @prestonmckenzie6315
    @prestonmckenzie6315 5 лет назад +9

    JWT with node.js, yes please. Great videos!

  • @BrandonSWie
    @BrandonSWie 4 года назад +1

    I've just started using JWT in my lastest Udemy course project and this video is just perfect for me to understand how it works.

  • @mykalimba
    @mykalimba 5 лет назад +32

    Might be useful -- for complete newbies watching this -- to explain that base64 encoding the header and payload DOES NOT secure that data, i.e. the encoding is not an encryption, and the string can easily be decoded to reveal the original data. So don't put anything "secret" (like the user's password, or other sensitive data) in the payload.
    Also worth deeper explanation is what a hash is, and how it makes it possible to know that the signature sent from the user is legit. I know you demonstrated how tampering with the header or payload invalidated the signature, but I think a deeper dive into how hashing works to detect this would be beneficial.

    • @samiullah9154
      @samiullah9154 3 года назад +1

      Can you please explain what's the point of encoding with base64 if it is not encryption.

    • @СимонЦанков
      @СимонЦанков 3 года назад

      Where do you put the password than?

    • @samiullah9154
      @samiullah9154 3 года назад +1

      @@СимонЦанков JWT doesn't need to store password. On registration of user, password is still stored on server

  • @codewithkin
    @codewithkin 6 месяцев назад

    Kyle you are the BEST, I can't believe that after your explanation at 2:00 I already understood what JWT is, thanks a lot man.

  • @1.2.3.maria.
    @1.2.3.maria. 2 года назад +3

    Youre the best i love all your videos, super nice and clear content. learning quick. =))

  • @willysnowman
    @willysnowman 5 лет назад +4

    Yes please on the node.js. Thanks!

  • @youssefoubrik5254
    @youssefoubrik5254 4 месяца назад

    Finally, I understand what JWT is all about! Thanks

  • @nickvallaris5976
    @nickvallaris5976 3 года назад +3

    Really good explanation! Although, regarding the last example, both servers can share the same session database but still we go back to the issue that we have to store the sessions in the database and having a lookup that takes time and it's a performance concern. Really good video. Thanks!

  • @ganeshbabu6458
    @ganeshbabu6458 4 года назад

    After Mosh Hamedani's tutorial, your explanation seems clear to me.. Great post. Keep it up..

  • @MrMudbill
    @MrMudbill 3 года назад +4

    While I think JWT is good for particular things, I wish you had touched on its cons as well as its pros. It isn't _always_ the best solution for authorization. In fact, session authorization is considered safer, and JWT was created with the intention of having short-lived tokens that can let you authorize to a different server. It's intended as a bridge between services, but a lot of people use it for local authorization as well. And if the token's payload includes the User ID which then has to be used to query the database, you lose the benefits of JWT.
    It's also important to keep in mind that JWTs aren't encrypted by default, and even without the secret, a client can still _read_ the contents in plain text, they just can't modify it.
    All in all, there are some considerations and requirements to look at before decision which method to use for this. JWT is simple and popular, but not always best. Stay safe!

  • @jumboliah13
    @jumboliah13 2 года назад

    OMG, thank you. This was incredibly helpful. I've spent literally dozens of hours trying to figure out JWT and how to get it to work in my use case, but until watching your video, I was groping around in the dark lol. I still have work to do, but now it will be smooth sailing!

  • @SocksWithSandals
    @SocksWithSandals 5 лет назад +8

    Yeah,
    When will they finally launch the
    James Webb Telescope?
    Mmm?

  • @jeffdesouzadev2500
    @jeffdesouzadev2500 Год назад

    Thanks!

  • @trappar_og
    @trappar_og 5 лет назад +13

    Most servers that use sessions also offer the ability to store an auth token to a client side cookie. This is what happens when you check “Remember me” on most sites. Then when switching servers the auth token is used to reauthorize the user and generate a new session. In other words, non-JWT already solves all the problems you say JWT solves in this video.
    Not saying JWT isn’t a good solution, but your video doesn’t really do a good job of explaining why it is.

  • @kprajwal7599
    @kprajwal7599 Год назад

    Bro, you are the one, that needs to be looked out for understanding the concepts!

  • @arijitdas9115
    @arijitdas9115 Год назад

    Your tutorial is by far one of the best I've seen. Best precise explanation man.

  • @alexanderzharkov6953
    @alexanderzharkov6953 3 года назад +1

    I am so glad that I found your channel, Kyle. You literally make my life easier. Thank you very much!

  • @MrVipulLal
    @MrVipulLal 4 месяца назад

    Man, all your videos are detailed an clear explanation. Thank you for sharing your knowledge

  • @CodeDynamo
    @CodeDynamo Год назад

    Cleared my concept about jwt.. Thanks a lot.. I was thinking jwt was very unsecure thing to use.. You clear everything..

  • @dardaC137
    @dardaC137 5 лет назад

    Thats a very clear and detail explanation about JWT. U are like the guy in the group who can explain harder thing very easily.

    • @WebDevSimplified
      @WebDevSimplified  5 лет назад

      Thank you so much! That is exactly what I try to do on my channel.

  • @floriantiquet-duriez2179
    @floriantiquet-duriez2179 3 года назад

    You saved my life at work with this very clear explanation. So much easier to understand than the other material I run over the web. Thanls !!!!

  • @assylkhanyeszhanov2356
    @assylkhanyeszhanov2356 3 года назад

    I was struggling to understand the concept of JWT before. But now I feel more confident, thank you!

  • @dinesh8112
    @dinesh8112 3 года назад +1

    Man, I'm so glad I found your channel. One of the best and detailed explanations. Thank you for making it so easy to understand!

  • @fzk8093
    @fzk8093 2 года назад +1

    PURE GOLDEN Explanation, Thank you soooooooo much Kyle🙏🏼

  • @jurijus01
    @jurijus01 4 года назад

    Kyle, you saved my ass for future security hacks. After watching your video, I realised I was using JWT completely wrongly. You are one of the best web dev youtubers. I am your fan now!

  • @medsalemdeddah8853
    @medsalemdeddah8853 9 месяцев назад

    You're a life saver my G ❤.
    Happy Ramdan brother

  • @ganeshnaik2065
    @ganeshnaik2065 3 года назад

    Thank you for the video. JWT is very well explained.
    I have few questions regarding JWT as follows-
    1. Who generates JWT token very first time? Referring to your example, is it client browser making a request to some server who generates JWT? or it is Bank who validates user against say username/password and on successful authentication then generates JWT token and send back to client?
    2. How does token validator knows, if token has expired? Who performs that expiration check?

  • @dafidales
    @dafidales 4 года назад +1

    This Channel provides by far the best and most clear explanations. Thank you so much for your work!

  • @habiks
    @habiks 3 года назад +2

    12:00 actually the session is stored where you configure it.. shared session is possible in web farm..

    • @saikirancoolboy17
      @saikirancoolboy17 3 года назад

      Yeah. Generally in real time, session is store on database and that is how session is manged between different servers.

  • @ArunKumar-xw6iw
    @ArunKumar-xw6iw 4 года назад

    Thanks a lot for this video. I have been struggling to understand what JWT is for months, but this video made my day.

  • @chansiewhuang9647
    @chansiewhuang9647 2 года назад +2

    A really helpful video explaining JWT! I love that u also included advantages of using JWT compared to sessions and also included a real world usecase as example. Hope to see more videos from you! :D

  • @gowinidea
    @gowinidea 4 месяца назад

    Thanks much for the explanation Kyle! Useful for someone living in Bangkok, Thailand and trying to build something!

  • @alexvass
    @alexvass 2 года назад

    Thanks

  • @_patrickisaac
    @_patrickisaac 4 года назад +1

    Wow. This was an amazing video explaining JWT. The example you provided at the end to me was the cherry on top! Thank you so much for this!

  • @kizomanizo
    @kizomanizo 3 года назад

    I use and understand JWT but I could never explain it this well. Nice presentation, keep up! you've gained a subscriber.

  • @phpmysql2007
    @phpmysql2007 2 года назад

    Blown away how you explain these things. wow. simply wow.

  • @jorgecarlosalberto
    @jorgecarlosalberto 4 года назад

    Excellent job! You not only make a very good and clean explanation, but also add a real case where JWT is better tan sessions.

  • @Mrnw10
    @Mrnw10 2 года назад

    Mate seriously that was really good! You explained this so clear and easy! As we say in the ends round here in London "Respect!"

  • @codeforlife9513
    @codeforlife9513 4 года назад

    Finally today I understood what is actually a JWT, also diff between JWT and Session ID. Thank you so much.

  • @VIGASBSBCG
    @VIGASBSBCG 11 месяцев назад

    really helpful to wrap the mind around this "complex-to-understand-at-first" concept!!!✨

  • @aravind.a
    @aravind.a 4 года назад

    nice bro, I have been using this JWT for the last 1 year without knowing its security and purpose. thanks for the video.

  • @alexgochenour8740
    @alexgochenour8740 2 года назад

    Crystal clear, and I also appreciate the industry example at the end. A very well thought out video, thank you

  • @priyankmadan7097
    @priyankmadan7097 11 месяцев назад

    Can't thank you enough for a crisp walk through!

  • @kevinkiumbe5380
    @kevinkiumbe5380 8 месяцев назад

    this man is a whole library !

  • @pezwarrior4
    @pezwarrior4 2 года назад

    Nice, learning this right now in my fullstack bootcamp and this video is a perfect compliment to it. Thumbs up.

  • @himanshupanwar8408
    @himanshupanwar8408 4 года назад +1

    Best Tutor i have ever found!!

  • @tyge7927
    @tyge7927 4 года назад

    Really appreciate you taking the time to explain how JWT decides the token has been tampered with. Makes a lot of sense now compared to when I heard it just happened.

  • @bhargavav7376
    @bhargavav7376 4 года назад

    Wow perfect and clear explanation for JWT. So far the best

  • @YOUdudex
    @YOUdudex 4 года назад

    Very well explained. This channel has been so helpful for me with learning web developement. You deserve more subscribers

  • @Adam.Winther
    @Adam.Winther Год назад

    It was an amazing video that clarified all the stuff I was confused with for a few weeks. Now it makes sense. Thank you so much for this wonderful, well detailed and easy to follow introduction.