Good explanation. For the refresh token, I think its better to store it in a http-only cookie. Its secure -> no access for attackers via javascript. With the refresh call the refresh token is automatically sent to the backend. Holding the refresh token in the angular app / browser is not necessary and insecure. Stealing the refresh token give attackers long access to the system. Acces tokens normally have a short lifetime 5 minutes for example.
Thank you Very much for the detailed explanation. Hi Sir, I am using Google IDP with implicit flow, How can I get a refresh token? silent-renew is not working.
after implementation of interceptor, login api will also need token right? currently i am getting error for this so how can we avoid login api to go through interceptor cause its showing error that Cannot read properties of undefined (reading 'token')
if we use subjects n every component then when we emit its value all the components will subscribe it and calls unnecessary api's for eg i have 2 component dasboard and profile when i go to dashboard my api's give 401 then i call my refresh token and emit the subject value then my profile component will also subscribe it and calls the api which is not necessary and if i perform some action on button click and that api return 401 then how we will handle it
can you share your jwt refresh and token api source code? I created mine but isn't returning an object like yours....wanna see if am in a right directions.
Hi sir at 34:00 video when i use router to navigate link to one component it success but when i reload page in that component (example: your component 'localhost:3005/dashboard') it error pages loading not show api not show error message hope you can help me.
15:00 capture login tokens
28:19 for interceptors to make fetch calls
35:29 for refresh expired token
Good explanation. For the refresh token, I think its better to store it in a http-only cookie. Its secure -> no access for attackers via javascript. With the refresh call the refresh token is automatically sent to the backend. Holding the refresh token in the angular app / browser is not necessary and insecure. Stealing the refresh token give attackers long access to the system. Acces tokens normally have a short lifetime 5 minutes for example.
Correct.
Good explanation. its better that, If share as video the APIs generation , for full stack knowledge
Ok will try in next video
What's the point of using a refresh_token if it's next to an access_token? In this case, if the access token leaks, then along with the refresh token.
Thank you Very much for the detailed explanation. Hi Sir, I am using Google IDP with implicit flow, How can I get a refresh token? silent-renew is not working.
Very Nice video, thanks for helping with nice videos.
when multiple api request at the same time and in one api request token is expired how to implement in this senerio refresh token and jwt token .
after implementation of interceptor, login api will also need token right? currently i am getting error for this so how can we avoid login api to go through interceptor cause its showing error that Cannot read properties of undefined (reading 'token')
is it best practice to return the refresh token in the response ?
great content
If you have a stand alone based application in angular 17 you don't have an app.module, how do you configure the interceptor then?
in the imports from app.component.ts
superb vedio bro thanks
Very innovative
Thanks
if we use subjects n every component then when we emit its value all the components will subscribe it and calls unnecessary api's for eg i have 2 component dasboard and profile when i go to dashboard my api's give 401 then i call my refresh token and emit the subject value then my profile component will also subscribe it and calls the api which is not necessary and if i perform some action on button click and that api return 401 then how we will handle it
No at a time whatever component is loaded in dom that's subject subscribe will execute
plz teach angular and nestJs togehter
Is this the same approach normally industry follow means using interceptor
Yes interceptor is the best way to handle this
can you share your jwt refresh and token api source code? I created mine but isn't returning an object like yours....wanna see if am in a right directions.
Please connect on LinkedIn
Sir the same way we can implement Jwt, refresh token in realtime project also
Yes
great video +1 like
Thanks
Sir, could you please provide api code user in this video?
Great tutorial
thanks alot for the excellent content. Keep it up.
Welcome keep watching
very nice sir can you please share api for this app?
freeapi.miniprojectideas.com/index.html
Very nice sir
please add oauth2 in angular.
Yes will soon create this one too
@@LearningPartnerDigital thanks
onLogin and refreshToken api giving cors error.
Please run angular project on 3006 port
cool
Hi sir at 34:00 video when i use router to navigate link to one component it success but when i reload page in that component (example: your component 'localhost:3005/dashboard') it error pages loading not show api not show error message hope you can help me.
Sorry but not clear.
Can u connect on LinkedIn n share error image
thx man
Have you implemented this in your project and it's working fine??
not yet@@AnkitTiwari-qt5ds
onLogin api showing (Cors issue)
run project on 3005 port
@@LearningPartnerDigital
Sir instead of 4200 I need to run on 3005
@@LearningPartnerDigital thank you sir
@@vikashbanoriya142 on 3005 you should get response. It's allowed on same port make sure url is correct