Node.js API Authentication With JWT
HTML-код
- Опубликовано: 3 окт 2024
- In this overview we will take a look at Node.js and JSON web tokens. I will show you how to create a route to generate a token and use that token to make a request to a protected route.
SPONSOR:
Check out Coding Dojo - www.codingdojo....
CODE: Github Repo With Example
github.com/bra...
💖 BECOME A PATRON: Show support & get perks!
/ traversymedia
ONE TIME DONATIONS:
www.paypal.me/t...
VISIT MY WEBISTE: Check Out My Udemy Courses
www.traversymed...
FOLLOW TRAVERSY MEDIA:
/ traversymedia
/ traversymedia
/ traversymedia
/ discord
Thank you Patreon patron for this request and thank you Brad for the tut!
You're very welcome. Great channel by the way, guys check it out
Brad comes along to save the day once again. Honestly bro I don't know how you do it.. 5 days of pain, dozens of videos and dozens of blog posts with unclear non-relevant over engineered information, then you come along and in one fell swoop answer EVERY SINGLE QUESTION I had around the topic in a clear, detailed and swift manner. Thank you brother once again...
You're a role model to us all. I plan to improve my Patreon participation this coming year. I've grown in confidence as a software dev and have a job now thanks to your videos. Overall my life has seen a lot of improvement as a result of this channel, So thank you and Merry Christmas, Brad.
Thank you, Merry Christmas to you as well :)
Great to hear buddy, hope you're still doin' well :)
You are not the only one who makes video about JWT, however, you deliver the knowledge in clearest and easiest way. Thank you Brad!
In 2020, with v12.15.0 everything still works exactly the same, I just run through your tutorial. Thank you Brad!
That's good, because I'm going to do this tutorial soon.
One of the shortest, yet most succinct, useful tutorials I've seen. Brad rocks!
I always struggle understanding the auth stuff but you have managed to explain it so well. Thank you so much for this tutorial Brad!
I needed a refresh about JWT functionalities and this little course was very helpful. Just one mention. Token name that we send with res.header can be anything for example 'auth-token', not just 'Authorizatiion'. And token value in a name-value pair doesn't have to start with 'Bearer' word, it's enough to send token only. In that case we do not have to split result into name 'Bearer' and token value.
Thank you so much! I’ve been struggling trying to make a protected route with passport for the past month. I couldn’t get it working on a side project I was working on would get super frustrated. I watched this video last night and was able to get it working today! You are a God send! 🙏🏽
I was literally just looking up how to do this and this video pops up. This video is a God send lol. Perfect timing.
I came from the MERN series part 9 to learn more about JWT before implement it to the project. And I made it even it is my first time using auth. Thanks, Brad. 👏🏽 Excellent content as always!!
This is an excellent, no-nonsense, straight-forward explanation of using JWTs to protect API routes, thanks.
This is exactly what I needed. Short, sweet, and to the point! Have a great holiday, man!
Don't dislike knowledge. Knowledge can be appreciate only. It's not a movie which can be like/dislike. Humble request to the people. Brad I really appreciate your knowledge which improve my understanding and skills. Thank you Brad for this fantastic tut.
Reaaaaaly liked the straightforwardness of the tutorial. Implemented it on an existing server in under 40min thanks to your tutorial, keep up the good work :D
Man I love this tutorial... Other RUclipsrs take more than 1 hr to explain just this. But you did it in less than 25 mins..
Brad Bhai (brother in India), thanks a lot for the succinct explanation..always love the explanation in code.
Brad, your videos are amazing. Whenever I need to cut through the b.s. and learn something quickly, I come to your channel. This video is an enormous help to me. Thanks!
You could have handled the JWT verification in the middleware, to keep responsibilities nicely separated. Other than that, nice tutorial :)
That also gives the nice advantage that the token itself doesn't get passed on the request object twice (req.token = bearerToken is no longer required).
May not seem like much, but if you ever need to scale an application, even a few bytes of data per request can save a lot in the long run.
Yes.
The authentication should be done at the middleware.
What Brad did works better for authorization once in the route handle.
Merry Christmas Brad. I wanted this video badly. I was stuck with server side route authentication. Thanks for it and keep the good work going 😊. If possible please make a video using front end application, so that we will get more clear cut idea on this.
yes please, agreed !
Clear & to the point without irrelevant information.
Thanks Brad you've been helping me so much for almost a year.
Cheers 🍻
Probably the best JWT tutorial on the internet.
Merry Christmas to you and your family. You have been a big help and inspiration over the last year. I appreciate you and the extreme effort you put into helping people to learn. As always keep broadcasting!!
This is the course I've been looking for! Brad, you are the best!!
I have been waiting for this Brad, I can't thank you enough
thanks its really helpful video, my boss was struggling with this authentication for a very long time, but now we will prove that who is the boss
I have seen two of your videos and found this channel very helpful. Thank u :)
This is exactly what I was looking for !
Now I know how to make it work. Clear and simple.
Awesome! I wish each my question on the Internet had such a clear explanation
Simple, To the point and concrete. Thanks Buddy!
Best video on node and jwt so far. Thanks a lot.
Very useful even after 3 years! Thank you Brad!
Thanks for recording this video. Things are a lot clearer now.
you shouldn't store the jwt in local storage, as it opens an attack vector for xss. an httponly cookie is the preferred way. now, it means that your rest api no longer is stateless, but it sure makes it way more secure.
I am a huge fan of your tutorials, thank you so much for all these great videos
Doing the lords work. Thanks a bunch, this just helped me through the toughest part of my current project.
This video was very well done, very informative, and exactly what I was looking for.
Thank you, I learned much more than I bargained for.
Best technical videos on youtube, keep up the good work!
I love watching your tutorials and this is brilliant. Many thanks!
I found this video at the right time, thanks Brad
now i understand jwt and how to use it... thanks Brad!
You have some of the best web tutorials I've found yet. I bought also your Udemy MERN stack course, can highly recommend! Thanks.
The verifyToken middleware should do the token validation and, in case of, check the token is valid from the DB.
october 2021 still works!
thx brad
That was a huge amount of help , really easy to understand and you explained it in a calm , quite and nice manner which is really important
I implemented this 100% successfully. Thanks, Brad.
This is exactly what i needed, amazing stuff!!!
17:57 Beware: do not store JWTs in LocalStorage. Use an http-only cookie instead. Any javascript has access to locastorage, therefore by using it as your secure storage you lay your app open to xss attacks.
Well, localStorage is generally the preffered method. Moreover cookies are not any safer, they are prone to CSRF attacks as well
@@TheAndre2131 Yep, that's why we invented CSRF tokens!
Very nice explanation with working code examples
Thanks for the video, clear and easy to understand!
Thanks Brad, great video, happy holidays.
Thank you, i learned how to use a token to access protected routes. LOVE IT MAN!
Thank you so much for your tutorials. They are very informative. You are an inspiration to us all. Could you do a refresher for the PostresSQL tut?
Well, this is one of the breakthrough demos of oauth present in youtube. Great job man.
Thank you brad for this awseome tutorial , just a note we should send only the id in the payload as far as read in articles
Thank you sir, youve been such an inspiration for me, get well soon.
Great work helping the community in a short video with excellent and straight forward professional explanation.
thanks traversy, such a legend for me and an inspiration...
Very clear explanation. Thanks Brad.
This is exactly what i was looking for!
Thanks Brad , I hope that you do a full mean stack project
you saved my day ! again!
thank you brad!
Very informative and easy to follow. Thanks!
Thank you SO MUCH for your lesson. It really helped me a lot!!!
Really great explanation sir... Simple and worthy ...
I love you. Thanks so much for the video. Crystal Clear in all aspects and I got the exact and even more information I needed.
Sir really awesome video. Made me understand completely about jwt
Thank you from Italy, very clear and helpful!
5 years later…. Still gold
Awesome stuff brad as always!
Those who wants to know, what next() function is? i.e. In verifyToken(req, res, next).
verifyToken is a middleware function in express, which take req, res and next parameters.
Calling next will move to succeeding middleware function.
More details here: expressjs.com/en/guide/writing-middleware.html
Make things pretty clear. Simple and Clean. Thanks.
Woww this cleared my all the doubts. Thank you so much ❤
Great tutorial, clear & simple to follow!
Hi Brad, cool video and thanks, i needed a refresh! i think only that should be better to handle the verify in the middleware to keep the api clean, but great! thanks.
very good, simple and clear tutorial
A very nice tutorial sir , you r a role model for all of us , thank you sir !!
Your explanation was perfect. Thank you so much!!
You have my like and my sub :)
Thank you for this! I can expand upon this and save a good few lines of code and a dependency with it.
Excellent video. Short and to the point. Thank you for not building a client and using PostMan instead.
Thank you so much..
So clear and lucid explanation
Perfect video as always. short and useful.
One suggestion: Wouldn't it be more convenient to verify the jwt in the middleware and then attach the authData to the req object? This way you wouldn't have to verify the token in every route that you define. :)
Otherwise, as usual, awesome tutorial, have a great great holiday!
left as an exercise to the viewer ;)
Very well explained . Thanks so much for this video
Perfect! Thank you, Brad! My hero!
Ton of thanks Brad for putting up this tutorial. it's really easy to follow and understand the every bit of code. Thank you again.
Just a quick question, did you put up any tutorial for Login / registration user flow? If yes, please share link to the same.
Wonderful tutorial. Please make a tutorial on Node+Express+Angular+JWT+Socket
Congrats 🎊 Brad for 500k subscribers ✌️👍👏🎈🎁💐
This turorial was help me solve my problem. Thanks!
Thanks Brad for such a useful content!
Thank you great tutorial. Helped me a lot.
Why do we need the Bearer string in the authorization? instead of header['authorization'] = '' ?
There are different types of Authorization, such as Basic, Bearer, Digest, HOBA, OAuth - even Amazon Web Services has one called AWS4-HMAC-SHA256. The idea behind it is allowing multiple ways of authenticating with the same API, or server. This dates back to the HTTP/1.0 standard from W3C :)
Which playlist is this video in? This video will definitely help me to learn, thanks for uploading this video.
Awesome tutorial. Thanks for the time and effort put into this. I would rather rename that verifyToken middleware to something else like getToken to better capture what the middleware does.
Agree. Was about to comment this.
Just what i needed !
Great video but for who already know why jwt is needed and has theoretical knowledge of token👍❤️👌🥳
Thanks for all! Nice videos, you are the best!!!
Again, you're amazing.
Great video. Succinct and informative. Thanks. Merry Christmas.
Brilliant video Brad! Thanks a lot!