Thanks for the tutorial. I'm one of those expecting the video about requesting another token based on the initial token and the refresh token. Thanks in advance.
MerC🙏 Glad you liked dadash.❤️ The reason I am answering you in English is that RUclips blocks some comments and I don’t know what is the algorithm but based on my experience if it is not in English and understandable, sometimes it gets blocked. I prefer for more videos about security of JT and how to share it using public key and private key which we uploaded next week. Do not miss them.
Thanks a lot for that awesome video. you discussed the topics I was looking for like Using Refresh Token with Jwt Token What if the user disabled from backend or database and he already authenticated in the frontend app You awesome.Keep going
It really depends on the way of authorization. As long as the token is valid, the user is authenticated. If you check the user access on each request by going to the database, you can realize if the user is disabled but if you are checking the permissions, based on the claims inside the token, you need to wait until the token is expired And it is another reason to expire the token as fast as possible, as an example after half an hour, and force the user to use the refresh token. When you call the refresh can check the database again, and if the user is disabled or deleted from the database, it returns on authorized response. I’m uploading some other videos about how to use RSA and public key and private key for JT authentication next week. Do not miss them.
This week I will upload three videos about encryption using public and private key. The concept for end to end encryption is the same. Watch those videos and after that if you had any questions just write a comment and I will try to answer it.
Can I request access and refresh tokens with JWT using cookies instead of JWT bearer? Instead of reading the bearer token on every authorized controller, you read the JWT inside the access token cookies. If it expires, you check the refresh token and generate a new access token. I know how to do this with Node but don't know how in .NET Core.
It is possible, but I don't suggest it. You need to create your own middleware for it. Asp.net has an standard approach for using Cookie based Authentication. You don't need to store store JWT in the cookie, Asp validate the security by itself. Check my video about Cookie based Authentication. ruclips.net/video/3B5gfrJpMN8/видео.html
@@Foad_Alavi Thanks gonna check it out now. Another question, With JWT bearer-type authentication, if you send the JWT to the client as a response, where do you suggest the client store it Aside from local storage? like where should it be persisted, so that it can be attached as a bearer token on every backend request that requires authentication?
I use Angular for my front end, and I have a kind of Repository Pattern that all my controllers send the requests through. When my design sends all requests from just one method, I can add a header or cookie to all requests I send to the server. Regarding where to persist the token on the client browser, I use Angular DI. You can use local storage as well.
It depends. If you don’t annotate your refresh token endpoint with an authorized attribute, it means clients after the expiration of the token can refresh their tokens, but if you use the [Authorize], it means clients should refresh the token before the expiration. For the first one, you can use the repository pattern in angular, and for receiving an authorized response, send a request to refresh the token. And for the latter, you need to have a timer in your repository and send a request for refreshing the token before the token's expiration If more people have this request, I will create a video about how to do that using angular.
Thanks for the tutorial. I'm one of those expecting the video about requesting another token based on the initial token and the refresh token. Thanks in advance.
Clean architecture of a refresh token 🎉.
Thank you boss
Great video! 👌 The details and explanations provided were excellent 🤓. Thank you for sharing it, and I am looking forward to the next one. 😊
Glad you enjoyed it!
Great video, thanks. You explained everything very well and made it easy to understand.
I am glad it was helpful!
Thanks. It helped me a lot.
Thanks a lot!
How to refresh token automatically?
Great video! It helps me a lot to understand this topic!
Damet garm dadash
MerC🙏
Glad you liked dadash.❤️
The reason I am answering you in English is that RUclips blocks some comments and I don’t know what is the algorithm but based on my experience if it is not in English and understandable, sometimes it gets blocked.
I prefer for more videos about security of JT and how to share it using public key and private key which we uploaded next week. Do not miss them.
Great video! Helped me out greatly!
Glad to hear it!
Thanks a lot for that awesome video. you discussed the topics I was looking for like
Using Refresh Token with Jwt Token
What if the user disabled from backend or database and he already authenticated in the frontend app
You awesome.Keep going
It really depends on the way of authorization.
As long as the token is valid, the user is authenticated. If you check the user access on each request by going to the database, you can realize if the user is disabled but if you are checking the permissions, based on the claims inside the token, you need to wait until the token is expired
And it is another reason to expire the token as fast as possible, as an example after half an hour, and force the user to use the refresh token. When you call the refresh can check the database again, and if the user is disabled or deleted from the database, it returns on authorized response.
I’m uploading some other videos about how to use RSA and public key and private key for JT authentication next week. Do not miss them.
@@Foad_Alavi any plan for a video for end to end encryption as whatsApp do?
This week I will upload three videos about encryption using public and private key.
The concept for end to end encryption is the same. Watch those videos and after that if you had any questions just write a comment and I will try to answer it.
Long time dude
Good job !!!
Thanks!!
Can I request access and refresh tokens with JWT using cookies instead of JWT bearer? Instead of reading the bearer token on every authorized controller, you read the JWT inside the access token cookies. If it expires, you check the refresh token and generate a new access token. I know how to do this with Node but don't know how in .NET Core.
It is possible, but I don't suggest it. You need to create your own middleware for it. Asp.net has an standard approach for using Cookie based Authentication. You don't need to store store JWT in the cookie, Asp validate the security by itself.
Check my video about Cookie based Authentication. ruclips.net/video/3B5gfrJpMN8/видео.html
@@Foad_Alavi Thanks gonna check it out now.
Another question, With JWT bearer-type authentication, if you send the JWT to the client as a response, where do you suggest the client store it Aside from local storage? like where should it be persisted, so that it can be attached as a bearer token on every backend request that requires authentication?
I use Angular for my front end, and I have a kind of Repository Pattern that all my controllers send the requests through. When my design sends all requests from just one method, I can add a header or cookie to all requests I send to the server.
Regarding where to persist the token on the client browser, I use Angular DI. You can use local storage as well.
Thank you,
how to consume Angular
It depends.
If you don’t annotate your refresh token endpoint with an authorized attribute, it means clients after the expiration of the token can refresh their tokens, but if you use the [Authorize], it means clients should refresh the token before the expiration.
For the first one, you can use the repository pattern in angular, and for receiving an authorized response, send a request to refresh the token.
And for the latter, you need to have a timer in your repository and send a request for refreshing the token before the token's expiration
If more people have this request, I will create a video about how to do that using angular.
❤
Thank you a lot man.