very well made video, i can't wait for session with api, i want to try writing an api with adonis but cannot find any information to do a session based authentication (in v6), hope your video will come out soon, ty☺
Hi Luca! Thank you very much for the kind words! We actually released our session auth video before this one. Though we don't use an API within it so long as cookies are shared: - Specify credentials: "include" with your API requests - Using the same top-level domain (TLD) Then all should work a-okay! Only caveat is when using a meta framework like Next/Nuxt which have their own servers, then they have an extra step of sharing cookies from server to server. Here's our session auth lesson if you're interested: ruclips.net/video/YBXizIaV1B8/видео.html
@@Adocasts thank you, i saw the video and took some parts from there and from the one on v5 api, i actually managed to build a connection between nextjs and adonis, can't tell it was easy, but It worked fine, thanks again
@@lucaparmeggiani6777 That's great to hear Luca! Happy you were able to get it all working. Those meta frameworks, like Next/Nuxt, certainly make things a little tricky lol.
Hi Joey! I unfortunately don't have my VSCode set up as it is in this lesson anymore. The theme used in this lesson was the GitHub Dark theme. You can find my current VSCode configuration here though: gist.github.com/tomgobich/7eae8cd3c331c4b0a801b4261ca637a9
Hello , thank you for this beautiful list of videos , it helped me a lot I am currently learning adonis , its awesome But the way we do database query , migrations ... I don't prefer it I really want if i can help and do some hard work and contribute to the community , for now i prefer the way drizzle manage database ,can you do a video on how to use drizzle with adonis ? I will be so happy thank you and i am open to help
Hi Gaming Wolf! Thanks for watching, I'm happy to hear the lessons are helping! I can't rule this out as something we may cover down the road, but it likely won't be something we cover soon as I've never worked with Drizzle. However, AdonisJS is customizable, and the core team has a guide on how you can use Kysely in place of Lucid. You may have success adapting this guide to fit Drizzle: adonisjs.com/blog/kysely-with-adonisjs
Hi KrishT0! We describe & show how to populate the user with check and the auth middleware between the 8:30 - 10:00 mark, as well as the difference between the two. Can you please share what about this you feel is missing/insufficient?
@@Adocasts i meant u didnt show the middleware creation part and its code also the guard part , these two things are also used in this auth flow, as i was following and without these two i cant get it right. the codes are present in github but u didnt explain those 1. middleware creating and its code (auth middleware) 2. guard in config/auth
@@KrishT0 Sorry, the auth middleware is scaffolding with the project's creation, we did not create that it comes with the project. Then, the auth config is only needed when you're straying from the defaults and doesn't need changed to get authentication set up. This is also scaffolded with the project's creation.
Hi, I use nextjs for front end and adonisjs as a backend api, is it safe to store access token only inside local storage or is more safe store inside session cookie?
Hi Muhammad! It would be best to store it in an http only secure cookie. However, if you're able to use cookies, then I'd recommend just using session authentication instead of token authentication to make things easier for yourself. As mentioned in the lesson, we're rolling with the assumption you would not have access to http only cookies, which is why we use local storage here.
Hi Mohd! To use both the web and api guards, you'd want to configure both guards into your project. Configure with: `node ace configure @adonisjs/auth`. You might need to update your config &/or model to account for both guards as the configuration step won't overwrite pre-existing files. Here's an example of what the config & model would end up looking like: gist.github.com/tomgobich/323e5cbadec2834c4bde447d7ce977c9 Then, you can utilize the `use` method off the auth module to specify which guard you'd like to work with inside your code. Hope this helps!
@@mohdsajidshaikh4291 Yeah, I made a note to cover this setup in a quick tip as it is a fairly common requirement. I won't be covering AdonisJS with NextJS though, I don't really use React.
AdonisJS uses Opaque Tokens which are stored in the database, longer lived, and can be revoked at any time unlike JWTs. So, since they live in the db and can be revoked they don't have refresh tokens. Though there is a community package if you prefer JWTs: github.com/MaximeMRF/adonisjs-jwt
@@Adocasts Since there is no refresh token in Adonis. Can you explain how to automatically log in when the access token expires and the user is still actively using the system without asking for email and password again?
@@devwalex You can use a middleware to check if the token is within a certain period you deem close to expiry. If the token is, you can either assign a fresh new token for the user or extend the life of the current token. For example, if I create a token with a life of 48 hours for a user and the user visits while the token only has 60 minutes left of the 48 hours, I could extend the life of the user's current token for another 4 hours (or even another 48 hours). And, that process could be repeated as long as they're actively submitting requests.
These videos makes me really want to use Adonis for a project 😆 I really enjoy the way you teach!
I'd totally recommend giving it a go! Thanks so much, Sigve!! 😀
Thanks, I was waiting for API.
I hope you will cover global exception handling as well.
Thanks for watching, Dilip!
Anything in particular you're interested in with global exception handling?
very well made video, i can't wait for session with api, i want to try writing an api with adonis but cannot find any information to do a session based authentication (in v6), hope your video will come out soon, ty☺
Hi Luca! Thank you very much for the kind words! We actually released our session auth video before this one. Though we don't use an API within it so long as cookies are shared:
- Specify credentials: "include" with your API requests
- Using the same top-level domain (TLD)
Then all should work a-okay! Only caveat is when using a meta framework like Next/Nuxt which have their own servers, then they have an extra step of sharing cookies from server to server.
Here's our session auth lesson if you're interested: ruclips.net/video/YBXizIaV1B8/видео.html
@@Adocasts thank you, i saw the video and took some parts from there and from the one on v5 api, i actually managed to build a connection between nextjs and adonis, can't tell it was easy, but It worked fine, thanks again
@@lucaparmeggiani6777 That's great to hear Luca! Happy you were able to get it all working. Those meta frameworks, like Next/Nuxt, certainly make things a little tricky lol.
incredible thank you !!
Thank you for watching, Céline!
I wish i know your vscode config looks soooo clean
Hi Joey! I unfortunately don't have my VSCode set up as it is in this lesson anymore. The theme used in this lesson was the GitHub Dark theme. You can find my current VSCode configuration here though: gist.github.com/tomgobich/7eae8cd3c331c4b0a801b4261ca637a9
👍👍👍 TOOOP 👍👍👍 very interesting bro
Many thanks, Mohamed!! 😀
Hello , thank you for this beautiful list of videos , it helped me a lot
I am currently learning adonis , its awesome
But the way we do database query , migrations ... I don't prefer it
I really want if i can help and do some hard work and contribute to the community , for now i prefer the way drizzle manage database ,can you do a video on how to use drizzle with adonis ? I will be so happy thank you and i am open to help
Hi Gaming Wolf! Thanks for watching, I'm happy to hear the lessons are helping!
I can't rule this out as something we may cover down the road, but it likely won't be something we cover soon as I've never worked with Drizzle.
However, AdonisJS is customizable, and the core team has a guide on how you can use Kysely in place of Lucid. You may have success adapting this guide to fit Drizzle:
adonisjs.com/blog/kysely-with-adonisjs
you didnt the show the auth middleware part, which is kinda main thing
Hi KrishT0! We describe & show how to populate the user with check and the auth middleware between the 8:30 - 10:00 mark, as well as the difference between the two. Can you please share what about this you feel is missing/insufficient?
@@Adocasts i meant u didnt show the middleware creation part and its code also the guard part , these two things are also used in this auth flow, as i was following and without these two i cant get it right. the codes are present in github but u didnt explain those
1. middleware creating and its code (auth middleware)
2. guard in config/auth
@@KrishT0 Sorry, the auth middleware is scaffolding with the project's creation, we did not create that it comes with the project. Then, the auth config is only needed when you're straying from the defaults and doesn't need changed to get authentication set up. This is also scaffolded with the project's creation.
@@Adocasts understood thanks
Thank you for the feedback! In the future, I’ll do better to specify when things like this are scaffolded with the project.
Same like laravel has both session and auth token in one project
Hi, I use nextjs for front end and adonisjs as a backend api, is it safe to store access token only inside local storage or is more safe store inside session cookie?
Hi Muhammad! It would be best to store it in an http only secure cookie. However, if you're able to use cookies, then I'd recommend just using session authentication instead of token authentication to make things easier for yourself. As mentioned in the lesson, we're rolling with the assumption you would not have access to http only cookies, which is why we use local storage here.
How to use both session for edge and token for apis in mobile app
Hi Mohd! To use both the web and api guards, you'd want to configure both guards into your project. Configure with: `node ace configure @adonisjs/auth`. You might need to update your config &/or model to account for both guards as the configuration step won't overwrite pre-existing files. Here's an example of what the config & model would end up looking like:
gist.github.com/tomgobich/323e5cbadec2834c4bde447d7ce977c9
Then, you can utilize the `use` method off the auth module to specify which guard you'd like to work with inside your code.
Hope this helps!
@Adocasts ok did you have plan for future video on this or setup adonis with nextjs
@Adocasts Thanks for answering.
Have a nice day 😊
@@mohdsajidshaikh4291 Yeah, I made a note to cover this setup in a quick tip as it is a fairly common requirement. I won't be covering AdonisJS with NextJS though, I don't really use React.
@@mohdsajidshaikh4291 Anytime! Thank you, you do the same! 😊
thanks !
Thanks for watching, Jimmy!! ♥
Is there refresh token in Adonis?
AdonisJS uses Opaque Tokens which are stored in the database, longer lived, and can be revoked at any time unlike JWTs. So, since they live in the db and can be revoked they don't have refresh tokens. Though there is a community package if you prefer JWTs: github.com/MaximeMRF/adonisjs-jwt
@@Adocasts Since there is no refresh token in Adonis. Can you explain how to automatically log in when the access token expires and the user is still actively using the system without asking for email and password again?
@@devwalex You can use a middleware to check if the token is within a certain period you deem close to expiry. If the token is, you can either assign a fresh new token for the user or extend the life of the current token. For example, if I create a token with a life of 48 hours for a user and the user visits while the token only has 60 minutes left of the 48 hours, I could extend the life of the user's current token for another 4 hours (or even another 48 hours). And, that process could be repeated as long as they're actively submitting requests.