Thanks a lot Pedro. I particularly like your sincerity when you encounter bugs and work to fix them. However, just like in one of the comments below, you seem to have mixed up the two terms authentication and authorization. While authentication helps you validate a user, that is, confirm if a user is signed up already, and should subsequently be logged in when the enter the right inputs, authorization helps you control who should access specific routes or resources.
Hey, Just wanted to say thank you for the quality content. Me and my brother (32 year old with a Degree in Industrial Engineering and Management & 29 year old with a Degree in Computer Science) learned so much from you about JWT, and about how Session works. This tutorial will be embedded into our website, and we will forever be grateful and in your debt! Thank you thank you thank you ♥ You look so young, how old are you?
Your comment. made me very happy! I am beyond grateful that I am able to help people like you, who are working hard to succeed in the industry. Thank you for watching! I am 19 years old!
This is a great series of videos. I'm working on a project for college using the exact same stack and wasn't sure what method I wanted to use for authentication, then I found your videos. Thank you for the time and effort to share this with us!
Great videos thank you. Keep up the good work! A tip on explaining the difference which may be easier for people to remember: Authentication = who are you? Authorisation = What are you allowed to do (i.e. login)
Thank you! There is a bunch of tutorials that do not apply to a real project, and you getting your project and applying this concept on it, allowed me, to do the same, I have a project and I applied your logic in mine, worked like a charm.
Good video. You didn't need the "Bearer" because that's not how it was accessed at the backend. The backend didn't manipulate the token to filter out the string "Bearer". The video was great!!!
Hours of frutration and horrible experiences with CORS. Found this video by chance and your cors configuration fixed my issues....I was setting the headers in the responses and using a cors configuration just with the "origin: []". The headers were not being "considered" when a request was made because of the middleware. I had no clue lol thanks a lot :D
you're really really great programmer I learned a lot from you thanks a lot keep going bro and I hope you gonna become one of the famous programmers in the world love from Jordan
Thanks pedro, even though it still a lil confuse however your explanation were help lot alot in this case. Your video honestly is straight forward and are in the point. Keep your good work buddy.
Hi Pedro, I just wanted to thank you for these videos, I was struggling literally for a week on end watching another tutorial before a friend of mine recommended I watch yours and I've watched all 3 videos and it was truly a breath of fresh air, I was literally learning every step of the way and very easily at that too whereas the other video I followed, I was left feeling even more frustrated at the end of it because I didn't have a clue as to how I would implement it into my project. You should never stop putting tutorials out there, your teaching style is awesome and I literally come to your channel first to look for tutorials now. I do have a question for your though, I'd like to be able to implement what you taught in a production environment as I will be doing a few freelance projects and want to offer the best there is in the way of authentication and authorization to my clients, I know the 3rd video is the one that's more suited to it(if I'm not mistaken) and you also have another here: ruclips.net/video/b9WlsQMGWMQ/видео.html which I've also watched but not followed along to as yet but I'd like to know if you have another video with a full production ready application using the same stack where you do the authentication as taught in the 3 part(plus the other) video series that you can refer me to please? and if not perhaps you could do one on that, as a beginner I feel it would be really nice to see how it all comes together. Again, thank you for putting such great content out there. I'll be jumping to your NextJs videos after this lol
Hey Pedro Very good video, accurate. I was wrong for a long time, about 40 minutes. It was necessary to define next () for each auth that is performed otherwise I never have a response. Very Cool, keep it up brother Congrats!😀
Your video helped me a lot because I was taking a course in which the client was already realizing, so I couldn't know that it was up to me to put the token in my head, hahaha. Really thank you for this video.
Thanks dude. I have a wrong perception about jwt before watching our video. "That's very hard , Doe's n't understand easyly.". 🥵 But you will broke my wrong hope. your teaching way is pretty simple. Thanks again ❣
MAN!!!!!! Did you send me down a rabbit hole!!! LOL First off, THANK YOU for your videos. They are awesome and exactly on the level I need. The bug however is that your cookie you set is not valid for 24 hours, but a thousandth of that (its in milliseconds not seconds). I did not want to have a cookie for 24h so I made an "hour" which turns out to be 3.6 seconds. So, my login check did not work, because the cookie immediately expired. But again kudos for the videos, they are awesome
So one thing I would have shown was how to get the app to authenticate the user upon clicking the login and auto authenticate as the user navigates through the app. Since a "Check if Authenticated" button is never used in a real scenario. Regardless I did enjoy the knowledge you showed, but for your future videos ( which you might already ) show more realistic examples.
Yeah, I realize this video focused a bit more on authorization than I wanted it to. In a realistic example, you would use a check if authenticated function in every route that checks if the api call passed a valid jwt in their header. If they don't then you don't authorize the call. Or also, try using the token to identify a logged in user!
Thanks for this, your videos are simple and easy to understand, I like the way you teach the fundamental concepts for us to move on to more complex stuff, keep at it! cheers
Thank for this video pedro, for the trick, it is for example .. Bearer eidjflskflf .... which is returned as token, so we had to do req.headers["x-acces-token"].split (" ")[1] to access the token.
I have 2 questions. First is what happens when the token expires? Second is if I do a api request the token expire time reset? Btw very good tutorial 🙂.
Great video as always. I have a question about the expiry and invalidation of the JWT. Maybe I'm a little confused, but does it ever expire ?? And what happens when it does expire ?? Maybe could be the subject of a whole new video.
It will be great if you can leave the previous videos in the comment : ) I am looking for the videos you mentioned and you know there are many other great videos you made so it's hard to find which one.
Thank u Pedro, this login-auth tutorial series have been of a lot of help for me, and i bet for the rest all of us as well You have a very bright future kid. Keep on hacking!
Hello Pedro You teach wonderfully Please prepare a training course and teach us to create a blog with the admin panel I say blog to be a simple web to learn different things Thankful
@@PedroTechnologies Yes, something like that For example, a user as an administrator And be able to send posts And remove it Or, for example, have a category If there is a comment, that is great :)) Of course, the posts system can also send photos These are very good things. By learning these, you can easily set up personal or corporate websites
Hi, ty for your videos, i have been looking for these kind of things and got this videos rlly nice, i have a question about doing 2 roles, and for example how to autenticate or take the difference if your role is user or administrator
Good videos thanks! But I've been reading that storing de JWT in localstorage or in cookies are not good practices for the xss attacks, with this approach how to make the actual token gets expired let's say in 1 minute and auto refresh the access token to be more secure?
It should be stored in an http cookie, so that no one can access it through the browser's js. In the video I made the mistake of storing it in the local storage to make it simpler for the video!
@@PedroTechnologies Thanks for your answer! U got a new subscriptor lml. Yes I know that you made it this way for simple explanation but will you make a tutorial on how to make it with http cookie?
Thank you! Yeah my initial intention was to teach both on this video, but I get why it sounds confusing hahaha I made an updated video which is pure authentication!
Bro, your tutorials are awesome! Crystal clear explanations! Quick question: have you explained how to setup .env files? You mentioned them but I'm not sure if you've published something already.
Yo Pedro... Just wondering are you using JWT and sessions in this ? Is it not usually use one or the other ? Relatively new to this btw just curious...
Hey, yeah there are 2 types of auth: Token based and session based! In this video the session is just being created to hold the data. For session based auth you ususally store the session id in a db. I will make a video on it!
Hey Pedro, I asked about Restful's "Stateless" a few hours ago in your latest video. I have some more questions. 1. So in this video the backend creates and sends the token to the frontend in 8:42, it is not stateless right? Also in 27:15 using localStorage is getting the token from backend response. 2. As you have mentioned in 4:31 to use the token in every API request, I want to make sure that does API request mean working with app.get app.post or the Axios request in the frontend? If it means working with app. So what we do in actual project is to put the middleware verifyJWT in 12:10 into each app.get app.post and then that's it? since in this video you do the authentication with a button as just an example? I know my questions may be quite confusing but I just want to make sure I got that right. Thank you Pedro.
Hey, no worries! So in this video we are just creating the middleware to verify that we are an authorized user by the server. So the server isnt keeping track of the token, but the client is. So the client stores it in their browser and sends it with every request. The server only validates if that token is valid.
@@PedroTechnologies Thank you. Glad to hear it is restful. but 24:12 isn't it just go to the endpoint of IsUserAuth and since that endpoint has used the middleware VerifyJWT so the backend can validate? for example, if I want only authenticated user can go to a page, do I need to again put the middleware VerifyJWT into the app.get "request" like this: app.get("/page", VerifyJWT, (req, res)) or we just need to do it once in IsUserAuth endpoint for the whole application by clicking the button? I am not sure how to call them the app.get app.post.
Good video but you are wrong at the start when you said authorization is when they log in and authentication when they do api requests. It ia actually the other way around. Authentication = to see whoever logs in (aka authentic user) authorization = if allowed (authorized) to access a resource. :)
My wep-page crashes when the jwt token expires and I have to manually delete my expired token from the localStorage for the page to work again, why is that happening and how i can solve it ? Note: I’m not using a refresh token .
I think is the opposite. Authentication means who that person is ( username , password ) . Authorization is what I am able to access so what page or resource , btw nice tutorial.
Just wanted to say thank I have one question in sequelize when i connect the post and comment table it show this error how to fix this error Error: Posts.hasMany called with something that's not a subclass of Sequelize.Model .
Thank you. Glad to hear it is restful. but 24:12 isn't it just go to the endpoint of IsUserAuth and since that endpoint has used the middleware VerifyJWT so the backend can validate? for example, if I want only authenticated user can go to a page, do I need to again put the middleware VerifyJWT into the app.get "request" like this: app.get("/page", VerifyJWT, (req, res)) or we just need to do it once in IsUserAuth endpoint for the whole application by clicking the button? I am not sure how to call the "app.get, app.post".
31:35 totally agree, the reaason why they said it is very complicated because others explain jwt to them in a very complicated way, they never tell you exactly how to work with jwt in a full circle and always talk about jwt as if it is a complicated API that NASA used in freakin mars, that is why people think it is complicated
Thanks a lot Pedro 🙏 I have a question regarding how to get the username form the token so next time I don't need to enter username and password , and I can know it from the token.
So if you want to keep the user logged in you can store an id / token in the cookie and then just check to see if it exists whenever someone eneters the site. If it exists, then you should automatically login to the user with that token!
BUT! True or false in react can be hacked and i can still open your dash board and see whats inside. You should not just be 100% sure to manage your login into app using true or false. You should check in your code more infromation outside of the state to enable render or protected route.
Well, you can use a true or false to store if you are logged in or not cause even if someone managed to change that value to true, they still would not have access to anything. Cause you should make all api requests require the Json Web Token to make sure they are actually who they say they are.
@@jahanshah1538 Omg im sorry I read your question wrong. I thought you asked if I could make a video on it! A lot fo people are requesting it so I think I will make one!
I've been following your tutorial about how to make login system using express + mysql, it's really make sense for me to understand. But, when try to implement to mobile platform, i'm stuck in authentification system. Would you like to provide for React Native please. Thank you so much before.
I have a question. How do we check each time the logged in user and the key given to him? i think when we using jwt.verify() method , we must check who sending request like is it the logged in user or another user(like pretend user)? in the video we just check only jwt key is generated or not
Nice video and liked it! I built an app using jwt and stored token in localstorage and deployed on heroku. However, it is removing the token every time I refresh the page. I don't have loggedIn status in my code and is that the state that will keep me logged in and render the page after refresh?
unfortunately I have this error code at the end: Error [ERR_HTTP_HEADERS_SENT]: Cannot set headers after they are sent to the client, do you know what i can do about it?
I am getting an internal server error while loading data. I can load the data if i don't use the middleware.but when i use middleware in loading data..am getting error like internal server error and its showing like no token
I have a question. So I basically follow your instructions and everything seems to work as expected. However, I do notice one thing. When I send the login request and inspect the request payload in the Network tab in Dev Tools, the username and password are fully shown in plain text. Is there something I do wrong or that's the way it is supposed to be? Because I believe in your video we are sending password in plaintext to server and then server will bcrypt compare, so I am a little bit confused. Thank you
Hi man, Can you do a video on How to fetch data about a user from MySQL database to the react front end, Like, once we log in, we have the username and password to find if the user is authorized. But after the login, let say we are displaying a dashboard page and in it, there is a button to fetch the name of the user or something else of that user. How can we find which user is requesting the data. Please do a video on this. I think we can use this jwt token for that but I don't know how to use it. So please help.
How to store our jwt in cookies in our frontend ? Am doing a MERN stack application and I reply frontend and back-end seperately, when I store the cookies in backend it's being stored in backend deployed , so I can't access it from fronend, please help me out, thank you!
Good video, despite the terminology confusion about authorization and authentication (these terms are used incorrectly in many occurrences)
Thanks a lot Pedro. I particularly like your sincerity when you encounter bugs and work to fix them.
However, just like in one of the comments below, you seem to have mixed up the two terms authentication and authorization.
While authentication helps you validate a user, that is, confirm if a user is signed up already, and should subsequently be logged in when the enter the right inputs, authorization helps you control who should access specific routes or resources.
Hey,
Just wanted to say thank you for the quality content.
Me and my brother (32 year old with a Degree in Industrial Engineering and Management & 29 year old with a Degree in Computer Science) learned so much from you about JWT, and about how Session works.
This tutorial will be embedded into our website, and we will forever be grateful and in your debt!
Thank you thank you thank you ♥
You look so young, how old are you?
Your comment. made me very happy! I am beyond grateful that I am able to help people like you, who are working hard to succeed in the industry. Thank you for watching! I am 19 years old!
This is a great series of videos. I'm working on a project for college using the exact same stack and wasn't sure what method I wanted to use for authentication, then I found your videos. Thank you for the time and effort to share this with us!
Glad it was helpful!
@@PedroTechnologies i am making an notes app but i want that a for a particular user only his notes should be shown how can i do that
Great videos thank you. Keep up the good work! A tip on explaining the difference which may be easier for people to remember: Authentication = who are you? Authorisation = What are you allowed to do (i.e. login)
You know what? I usually never like and comment but you were genuine about it. And the content is actually good. So have my like sir
Thank you!
There is a bunch of tutorials that do not apply to a real project, and you getting your project and applying this concept on it, allowed me, to do the same, I have a project and I applied your logic in mine, worked like a charm.
Bro..you are a life saver man. Was looking for this for days. Finally found it. Continue on making such Quality content. Thanks man
I am so happy you liked it! If you have any trouble or any doubts, I posted an updated version of this video a week ago!
Can you post a link to it?
We'll be sure to watch it, and of course like it :)
@@PedroTechnologies which video, please post the link
Good video. You didn't need the "Bearer" because that's not how it was accessed at the backend. The backend didn't manipulate the token to filter out the string "Bearer".
The video was great!!!
Hours of frutration and horrible experiences with CORS. Found this video by chance and your cors configuration fixed my issues....I was setting the headers in the responses and using a cors configuration just with the "origin: []". The headers were not being "considered" when a request was made because of the middleware. I had no clue lol thanks a lot :D
Thank you bro just because of you i solved my problem that was really irritating me and now i am going to finish my project in just time..
Im happy I could help!
you're really really great programmer I learned a lot from you thanks a lot keep going bro and I hope you gonna become one of the famous programmers in the world love from Jordan
hahaha Thank you Bro! I really appreciate it!
U deserve million subscribers. Awesome tutorial. Keep it up bro 👊💪💯
I appreciate that!
Thanks pedro, even though it still a lil confuse however your explanation were help lot alot in this case. Your video honestly is straight forward and are in the point. Keep your good work buddy.
Thank you! I appreciate it! Im here to help you if u are still confused! Just let me know!
Parabéns pelo vídeo, muito bom ver brasileiros falando um inglês fluente e fazendo tutoriais em inglês.
Pedro sir This series is one of the best videos seen.
You and Dev Ed have always the nicest explanation !!
I have an upcoming software engineering project and this will definitely going to help me man! Awesome. Thanks a lot.
Glad I could help!
Hi Pedro, I just wanted to thank you for these videos, I was struggling literally for a week on end watching another tutorial before a friend of mine recommended I watch yours and I've watched all 3 videos and it was truly a breath of fresh air, I was literally learning every step of the way and very easily at that too whereas the other video I followed, I was left feeling even more frustrated at the end of it because I didn't have a clue as to how I would implement it into my project. You should never stop putting tutorials out there, your teaching style is awesome and I literally come to your channel first to look for tutorials now.
I do have a question for your though, I'd like to be able to implement what you taught in a production environment as I will be doing a few freelance projects and want to offer the best there is in the way of authentication and authorization to my clients, I know the 3rd video is the one that's more suited to it(if I'm not mistaken) and you also have another here: ruclips.net/video/b9WlsQMGWMQ/видео.html which I've also watched but not followed along to as yet but I'd like to know if you have another video with a full production ready application using the same stack where you do the authentication as taught in the 3 part(plus the other) video series that you can refer me to please? and if not perhaps you could do one on that, as a beginner I feel it would be really nice to see how it all comes together.
Again, thank you for putting such great content out there. I'll be jumping to your NextJs videos after this lol
Hey Pedro
Very good video, accurate.
I was wrong for a long time, about 40 minutes. It was necessary to define next () for each auth that is performed otherwise I never have a response.
Very Cool, keep it up brother
Congrats!😀
Your video helped me a lot because I was taking a course in which the client was already realizing, so I couldn't know that it was up to me to put the token in my head, hahaha. Really thank you for this video.
Amazing! you have earned a loyal subscriber. Keep it up!
Wow, thank you so much! Really happy you liked the video!
thanks man , let me use this method for my project too , i am happy to be here ,keep burning
Thank you so much! I appreciate the positive message!
@@PedroTechnologies its working , thanks boss
Awesome!
Great video, man! I’m from Brazil and I appreciate your work. Keep up!
Can you zoom into the code when ur typing but great video tho
THank you! I am trying to zoom in more, I agree its hard to see!
Everything is clear. Great job, Thank you!
Great to hear!
Keep pumping this stuff out. Great job!
Thank You! I appreciate it!
dude, you have videos for all my questions :D thank you a lot!!!!
Thanks dude. I have a wrong perception about jwt before watching our video. "That's very hard , Doe's n't understand easyly.". 🥵 But you will broke my wrong hope. your teaching way is pretty simple. Thanks again ❣
This awesome video helps me to code my first authentication api. Thank you very much!
Pretty sure you got meant to say authorization is the "who is allowed to do what" and authentication is "who is who"
Awsome video cleared all my doubts. Thanks man 👍🏼👍🏼
Glad it helped!
First thanks for your video. FYI: You need the Bearer so that as on standart not everyone can make a API call. Just your application can ;)
Glad yoou liked it! Yeah at the time I was still confused on why we needed the bearer but ur right!
Thank you dude ! Was an awesome tutorial. Good explanations, and you talk very well !
MAN!!!!!! Did you send me down a rabbit hole!!! LOL First off, THANK YOU for your videos. They are awesome and exactly on the level I need.
The bug however is that your cookie you set is not valid for 24 hours, but a thousandth of that (its in milliseconds not seconds). I did not want to have a cookie for 24h so I made an "hour" which turns out to be 3.6 seconds. So, my login check did not work, because the cookie immediately expired.
But again kudos for the videos, they are awesome
So one thing I would have shown was how to get the app to authenticate the user upon clicking the login and auto authenticate as the user navigates through the app. Since a "Check if Authenticated" button is never used in a real scenario. Regardless I did enjoy the knowledge you showed, but for your future videos ( which you might already ) show more realistic examples.
Yeah, I realize this video focused a bit more on authorization than I wanted it to. In a realistic example, you would use a check if authenticated function in every route that checks if the api call passed a valid jwt in their header. If they don't then you don't authorize the call. Or also, try using the token to identify a logged in user!
Thanks for this, your videos are simple and easy to understand, I like the way you teach the fundamental concepts for us to move on to more complex stuff, keep at it! cheers
Glad it was helpful!
Thanks a lot, Pedro. Your videos helped me a lot.
I love your teaching man. Thanks you so much
Thank for this video pedro, for the trick, it is for example .. Bearer eidjflskflf .... which is returned as token, so we had to do
req.headers["x-acces-token"].split (" ")[1] to access the token.
Very nice tutorial! Could you make a tutorial about Email verification after register an account?
Thank you! I have never implemented email verification before, but I am going to search more about the topic!
@@PedroTechnologies Thanks a lot!
Your videos are the best! thanku for the content
I have 2 questions. First is what happens when the token expires? Second is if I do a api request the token expire time reset?
Btw very good tutorial 🙂.
In this tutorial I didn't present a refresh token, so when it expires the person would have to login again to create a new one!
Great tutorials Perdo!
Thanks sir, you helped me a lot, this is actually that i want to know :)
Great video! Very helpful bro!
Glad it helped!
You are amazing pedro, keep up!
Thank You Bro! I appreciate it
Keep up the amazing work mate
Great video as always. I have a question about the expiry and invalidation of the JWT. Maybe I'm a little confused, but does it ever expire ?? And what happens when it does expire ?? Maybe could be the subject of a whole new video.
Hey Pedro, this video was very useful. How can i redirect the user to a home page after he clicks the "login" button?
Great video. Great content. Was very helpful
Nice Vids !!! Thanks for them.
Maybe it's possible to make a tutorial about email verification ?
Thank you for the idea!
I will make a video about it!
I'm waiting for it. Thanks a lot 🙂
It will be great if you can leave the previous videos in the comment : ) I am looking for the videos you mentioned and you know there are many other great videos you made so it's hard to find which one.
Thank u Pedro, this login-auth tutorial series have been of a lot of help for me, and i bet for the rest all of us as well
You have a very bright future kid. Keep on hacking!
That makes me very happy! Thank you for the positive words! I am glad I am being able to help you!
Thankx for this explanation about jwt
Hello Pedro
You teach wonderfully
Please prepare a training course and teach us to create a blog with the admin panel
I say blog to be a simple web to learn different things
Thankful
Hey, Thank You! You mean making a blog with an admin panel to delete posts?
@@PedroTechnologies Yes, something like that
For example, a user as an administrator
And be able to send posts
And remove it
Or, for example, have a category
If there is a comment, that is great :))
Of course, the posts system can also send photos
These are very good things. By learning these, you can easily set up personal or corporate websites
Hi, ty for your videos, i have been looking for these kind of things and got this videos rlly nice, i have a question about doing 2 roles, and for example how to autenticate or take the difference if your role is user or administrator
Thank you so much. This was very helpful.
Great video man!
Glad you liked it!
Good videos thanks!
But I've been reading that storing de JWT in localstorage or in cookies are not good practices for the xss attacks, with this approach how to make the actual token gets expired let's say in 1 minute and auto refresh the access token to be more secure?
It should be stored in an http cookie, so that no one can access it through the browser's js. In the video I made the mistake of storing it in the local storage to make it simpler for the video!
@@PedroTechnologies Thanks for your answer! U got a new subscriptor lml.
Yes I know that you made it this way for simple explanation but will you make a tutorial on how to make it with http cookie?
Your channel has great content..!! awesome..!! you just got a new subscriber..!! 😁👍
Welcome aboard! Thank you!
I think you mixed up Authorization and Authentication, but otherwise, great video.
Thank you! Yeah my initial intention was to teach both on this video, but I get why it sounds confusing hahaha I made an updated video which is pure authentication!
Bro, your tutorials are awesome! Crystal clear explanations! Quick question: have you explained how to setup .env files? You mentioned them but I'm not sure if you've published something already.
This video is basically😀 very good!
Great video, helped me a lot
What's the use of session if you're using JWT for authentication? (BTW, I'm newbie to JWT 😅)
Yo Pedro... Just wondering are you using JWT and sessions in this ? Is it not usually use one or the other ? Relatively new to this btw just curious...
Hey, yeah there are 2 types of auth: Token based and session based! In this video the session is just being created to hold the data. For session based auth you ususally store the session id in a db. I will make a video on it!
Simple and Clear
Thank you!
Hey Pedro, I asked about Restful's "Stateless" a few hours ago in your latest video.
I have some more questions.
1. So in this video the backend creates and sends the token to the frontend in 8:42, it is not stateless right? Also in 27:15 using localStorage is getting the token from backend response.
2. As you have mentioned in 4:31 to use the token in every API request, I want to make sure that does API request mean working with app.get app.post or the Axios request in the frontend?
If it means working with app. So what we do in actual project is to put the middleware verifyJWT in 12:10 into each app.get app.post and then that's it? since in this video you do the authentication with a button as just an example?
I know my questions may be quite confusing but I just want to make sure I got that right. Thank you Pedro.
Hey, no worries! So in this video we are just creating the middleware to verify that we are an authorized user by the server. So the server isnt keeping track of the token, but the client is. So the client stores it in their browser and sends it with every request. The server only validates if that token is valid.
@@PedroTechnologies Thank you. Glad to hear it is restful. but 24:12 isn't it just go to the endpoint of IsUserAuth and since that endpoint has used the middleware VerifyJWT so the backend can validate?
for example, if I want only authenticated user can go to a page,
do I need to again put the middleware VerifyJWT into the app.get "request" like this: app.get("/page", VerifyJWT, (req, res)) or we just need to do it once in IsUserAuth endpoint for the whole application by clicking the button?
I am not sure how to call them the app.get app.post.
thanks now concept is very clear..
Good video but you are wrong at the start when you said authorization is when they log in and authentication when they do api requests. It ia actually the other way around. Authentication = to see whoever logs in (aka authentic user) authorization = if allowed (authorized) to access a resource. :)
My wep-page crashes when the jwt token expires and I have to manually delete my expired token from the localStorage for the page to work again, why is that happening and how i can solve it ? Note: I’m not using a refresh token .
Thank you so much! It is very clear!
I'm yet to see the video... from the comments ..looks good... please can you do a complete authentication system using redux? Thanks
Hope You Enjoy it! I don't use Redux, so I wouldn't know how to implement it with it. Sorry about that!
Hello, do you have any materials to share on how we should route once auth is true? Thank you for this video it has extremely helpful!
Thank you! You can just use the component in the React-Router-Dom library. Or you can also do something like window.location.pathname = "/newroute"
I think is the opposite. Authentication means who that person is ( username , password ) . Authorization is what I am able to access so what page or resource , btw nice tutorial.
You need to separate Bearer and token in the backend by using Split
Yes!
Hum req.header se token kaise retrieve kar rhe hai
Hmnee usme to kuch save hi nhi kya?
@@akashparihar515 it's a server when you make a request to it with headers from front end then we can access the values req.headers
Thanks bro 🙏🙏
Just wanted to say thank I have one question in sequelize when i connect the post and comment table it show this error how to fix this error
Error: Posts.hasMany called with something that's not a subclass of Sequelize.Model .
Thank you. Glad to hear it is restful. but 24:12 isn't it just go to the endpoint of IsUserAuth and since that endpoint has used the middleware VerifyJWT so the backend can validate?
for example, if I want only authenticated user can go to a page,
do I need to again put the middleware VerifyJWT into the app.get "request" like this: app.get("/page", VerifyJWT, (req, res)) or we just need to do it once in IsUserAuth endpoint for the whole application by clicking the button?
I am not sure how to call the "app.get, app.post".
31:35 totally agree, the reaason why they said it is very complicated because others explain jwt to them in a very complicated way, they never tell you exactly how to work with jwt in a full circle and always talk about jwt as if it is a complicated API that NASA used in freakin mars, that is why people think it is complicated
Always awesome...thanks bro
Glad you liked it!
nice video really helped me through
But where is the previous video link ? can you give that link here ?
Thanks a lot Pedro 🙏
I have a question regarding how to get the username form the token so next time I don't need to enter username and password , and I can know it from the token.
So if you want to keep the user logged in you can store an id / token in the cookie and then just check to see if it exists whenever someone eneters the site. If it exists, then you should automatically login to the user with that token!
Boa Pedro!! Video top, me ajudou demais, desejo muito sucesso para você ksksks, salve do Brasil.
Fico feliz :)
@@PedroTechnologies Ah, aliás eu posso te perguntar uma dúvida que já tentei fazer de tudo e não estou conseguindo com o React?
Is it possible to get a copy of the source?
BUT! True or false in react can be hacked and i can still open your dash board and see whats inside. You should not just be 100% sure to manage your login into app using true or false. You should check in your code more infromation outside of the state to enable render or protected route.
Well, you can use a true or false to store if you are logged in or not cause even if someone managed to change that value to true, they still would not have access to anything. Cause you should make all api requests require the Json Web Token to make sure they are actually who they say they are.
Do you have a video on logging out functionality?
Yes!
@@PedroTechnologies Sorry I couldn't find it lol would appreciate a link
@@jahanshah1538 Omg im sorry I read your question wrong. I thought you asked if I could make a video on it! A lot fo people are requesting it so I think I will make one!
I've been following your tutorial about how to make login system using express + mysql, it's really make sense for me to understand. But, when try to implement to mobile platform, i'm stuck in authentification system. Would you like to provide for React Native please. Thank you so much before.
Thank you so much for this!
I have a question. How do we check each time the logged in user and the key given to him? i think when we using jwt.verify() method , we must check who sending request like is it the logged in user or another user(like pretend user)? in the video we just check only jwt key is generated or not
hey, can you make tutorial how to implement refresh token?
Great content!!
Nice video and liked it! I built an app using jwt and stored token in localstorage and deployed on heroku. However, it is removing the token every time I refresh the page. I don't have loggedIn status in my code and is that the state that will keep me logged in and render the page after refresh?
You can persist the status in many different ways. You can also store the jwt in your cookies. I recommend having a globa state to keep you logged in!
@@PedroTechnologies Thanks for the answer Pedro!
unfortunately I have this error code at the end: Error [ERR_HTTP_HEADERS_SENT]: Cannot set headers after they are sent to the client,
do you know what i can do about it?
can you do a video on after u authen, u will redirect to a protected route??
Will post a video tommorow talking about this!
I am getting an internal server error while loading data. I can load the data if i don't use the middleware.but when i use middleware in loading data..am getting error like internal server error and its showing like no token
Interesting, can you paste ur code here?
@@PedroTechnologies export const loadUser=()=>(dispatch:Function,getState:Function)=>{
//user loading
dispatch({type:actionTypes.USER_LOADING})
const headers:any ={
'Authorization':'Bearer '+tokenConfig(getState)
}
axios.get(API_URL+'/users',headers)
.then(res=>
dispatch({
type:actionTypes.USER_LOADED,
payload:res.data
})
)
.catch(err=>{
dispatch(returnErrors(err.response.data,err.response.status))
dispatch({
type:actionTypes.AUTH_ERROR
})
})
}
export const tokenConfig = (getState:Function)=>{
//get token from localstorage
//it will take token from authReducer
const token = getState().auth.token
//headers
const config:IConfigHeaders={
headers:{
'Content-Type': 'application/json'
}
}
//if we have token,then add it to headers
if(token){
config.headers['authorization']=token
}
return config
}
Could you find it??
I have a question. So I basically follow your instructions and everything seems to work as expected. However, I do notice one thing. When I send the login request and inspect the request payload in the Network tab in Dev Tools, the username and password are fully shown in plain text. Is there something I do wrong or that's the way it is supposed to be? Because I believe in your video we are sending password in plaintext to server and then server will bcrypt compare, so I am a little bit confused. Thank you
Hi man, Can you do a video on How to fetch data about a user from MySQL database to the react front end,
Like, once we log in, we have the username and password to find if the user is authorized. But after the login, let say we are displaying a dashboard page and in it, there is a button to fetch the name of the user or something else of that user. How can we find which user is requesting the data. Please do a video on this. I think we can use this jwt token for that but I don't know how to use it. So please help.
To do that you need to have the id of the user logged in saved on the browser, and then pass this id as params in the api request!
@@PedroTechnologies where can I store this id ? can we store this on the local storage? or in some session: cookies?. Can you explain?
How to store our jwt in cookies in our frontend ? Am doing a MERN stack application and I reply frontend and back-end seperately, when I store the cookies in backend it's being stored in backend deployed , so I can't access it from fronend, please help me out, thank you!