Storing every single JWT token in your database could have performance and storage implications. Here's how we can address this concern: 1. Consider alternative blacklisting approaches: Cache-based blacklisting: Instead of storing tokens, store only the IDs or unique identifiers in a cache. This approach uses less storage and offers faster lookup times. You can use Redis for that. Short-lived tokens: Set shorter expiration times for JWTs. This reduces the number of tokens in circulation and minimizes the impact on your database even if you store them. 2. Leverage database optimization techniques: Partitioning: Divide your data into smaller segments based on token issuance or expiration time. This improves query performance and reduces the overall impact on your database. Data deletion or archiving: Implement automated processes to remove expired tokens from your database periodically. This ensures you only store relevant information and optimize storage usage. 3. Evaluate the trade-offs: While storing tokens might increase database load, it offers additional benefits like: Centralized revocation: You can easily revoke specific tokens if needed, even if they haven't expired yet. Auditing: You can track user activity and logout events by storing tokens. Ultimately, the best approach depends on your specific application's needs and resource constraints. You can experiment with different methods and analyze their impact on performance and security to find the optimal solution for your system. Feel free to reach out if you have any further questions! #springsecurity #jwt #authentication #springboot #security #devops
Thank you for your in-depth teachings on Spring Security, which have been incredibly informative. I would like to make a request to incorporate OAuth2 concepts and implement database storage for user data. This enhancement would greatly benefit the platform's security and user experience.
I'm glad you found the teachings informative! I'll definitely consider incorporating OAuth2 concepts and database storage for user data in future videos.
Thank you for in-depth tutorial, I have a question: Considering the potential cost to our database, both in terms of storage and performance, what are the implications of storing JWT tokens for every login and logout, especially given that tokens expire within a set timeframe? How can we ensure that this approach is beneficial for our application in terms of security and functionality, while also minimizing the impact on our database?
That's a great question! You're right, storing every single JWT token in your database could have performance and storage implications. Here's how we can address this concern: 1. Consider alternative blacklisting approaches: Cache-based blacklisting: Instead of storing tokens, store only the IDs or unique identifiers in a cache. This approach uses less storage and offers faster lookup times. You can use Redis for that. Short-lived tokens: Set shorter expiration times for JWTs. This reduces the number of tokens in circulation and minimizes the impact on your database even if you store them. 2. Leverage database optimization techniques: Partitioning: Divide your data into smaller segments based on token issuance or expiration time. This improves query performance and reduces the overall impact on your database. Data deletion or archiving: Implement automated processes to remove expired tokens from your database periodically. This ensures you only store relevant information and optimize storage usage. 3. Evaluate the trade-offs: While storing tokens might increase database load, it offers additional benefits like: Centralized revocation: You can easily revoke specific tokens if needed, even if they haven't expired yet. Auditing: You can track user activity and logout events by storing tokens. Ultimately, the best approach depends on your specific application's needs and resource constraints. You can experiment with different methods and analyze their impact on performance and security to find the optimal solution for your system. Feel free to reach out if you have any further questions! #springsecurity #jwt #authentication #springboot #security #devops
Hi, im just want to add something for improvement, instead of using regular database to store the token, its better using redis (in memory database) for faster read to improve latency.
Hello, thank you very much for creating this content, it has been very helpful to me in understanding this topic. Would it be possible for you to make a video on how to combine login using Oauth2 (third party applications like Facebook, Google etc) and login and registration using JWT? Thanks again
Siggested topics: You were too good with implementation part. It would be better if you elaborate the architectural need indeph. This video can be good for someone who needs a refrence but if someone needs detailed understanding this suggestion might help. Although the quick discussion in this video was also great
hello i am deleting the tokens each time when a new login token is generated and i haven't used the isLoggedOut approach , is there any other solution to make only the last token that was logged in with to be valid ?
![ATEEZ(에이티즈) - [GOLDEN HOUR : Part.2] Preview](http://i.ytimg.com/vi/X4PfgRPBUVo/mqdefault.jpg)
Storing every single JWT token in your database could have performance and storage implications. Here's how we can address this concern:
1. Consider alternative blacklisting approaches:
Cache-based blacklisting:
Instead of storing tokens, store only the IDs or unique identifiers in a cache. This approach uses less storage and offers faster lookup times. You can use Redis for that.
Short-lived tokens:
Set shorter expiration times for JWTs. This reduces the number of tokens in circulation and minimizes the impact on your database even if you store them.
2. Leverage database optimization techniques:
Partitioning:
Divide your data into smaller segments based on token issuance or expiration time. This improves query performance and reduces the overall impact on your database.
Data deletion or archiving:
Implement automated processes to remove expired tokens from your database periodically. This ensures you only store relevant information and optimize storage usage.
3. Evaluate the trade-offs:
While storing tokens might increase database load, it offers additional benefits like:
Centralized revocation:
You can easily revoke specific tokens if needed, even if they haven't expired yet.
Auditing:
You can track user activity and logout events by storing tokens.
Ultimately, the best approach depends on your specific application's needs and resource constraints. You can experiment with different methods and analyze their impact on performance and security to find the optimal solution for your system.
Feel free to reach out if you have any further questions!
#springsecurity #jwt #authentication #springboot #security #devops
Hey iftikhar I was someone who has already implemented it. Just came accross due to curiosity. I must say the way you teach is so good
Thank you so much for your kind words! I'm glad you found the teaching helpful.
Thank you very much you helped me a lot. And please can you give us the name of the program you used at the beginning of the video
Thank you for your in-depth teachings on Spring Security, which have been incredibly informative. I would like to make a request to incorporate OAuth2 concepts and implement database storage for user data. This enhancement would greatly benefit the platform's security and user experience.
I'm glad you found the teachings informative! I'll definitely consider incorporating OAuth2 concepts and database storage for user data in future videos.
I also would like that!! I want to learn Oauth2 next the series has been great so far!@@LearnWithIfte
Great lecture, very easy to understand, I'm grateful for it!
Thank you for in-depth tutorial, I have a question:
Considering the potential cost to our database, both in terms of storage and performance, what are the implications of storing JWT tokens for every login and logout, especially given that tokens expire within a set timeframe? How can we ensure that this approach is beneficial for our application in terms of security and functionality, while also minimizing the impact on our database?
That's a great question! You're right, storing every single JWT token in your database could have performance and storage implications. Here's how we can address this concern:
1. Consider alternative blacklisting approaches:
Cache-based blacklisting:
Instead of storing tokens, store only the IDs or unique identifiers in a cache. This approach uses less storage and offers faster lookup times. You can use Redis for that.
Short-lived tokens:
Set shorter expiration times for JWTs. This reduces the number of tokens in circulation and minimizes the impact on your database even if you store them.
2. Leverage database optimization techniques:
Partitioning:
Divide your data into smaller segments based on token issuance or expiration time. This improves query performance and reduces the overall impact on your database.
Data deletion or archiving:
Implement automated processes to remove expired tokens from your database periodically. This ensures you only store relevant information and optimize storage usage.
3. Evaluate the trade-offs:
While storing tokens might increase database load, it offers additional benefits like:
Centralized revocation:
You can easily revoke specific tokens if needed, even if they haven't expired yet.
Auditing:
You can track user activity and logout events by storing tokens.
Ultimately, the best approach depends on your specific application's needs and resource constraints. You can experiment with different methods and analyze their impact on performance and security to find the optimal solution for your system.
Feel free to reach out if you have any further questions!
#springsecurity #jwt #authentication #springboot #security #devops
@@LearnWithIfte Thanks for the insightful information. I will consider one of these options for an optimized operation.
wow bro this was excelent content, thank you very much, i look forward to a video on implementation of OAuth2!! ty!!
Thank you for your suggestion! I'll definitely consider making a video on OAuth2. Stay tuned for future content!
Hi, im just want to add something for improvement, instead of using regular database to store the token, its better using redis (in memory database) for faster read to improve latency.
hi Iftekhar, I hope you can consider creating a tutorial for deploying a java-spring boot project 🙏 thank you
Thank you for your suggestion! I'll definitely consider making a video on deploying a java-spring boot project. Stay tuned for future content!
If I’m using Redis to store the tokens, would it be better if I just delete the token directly and not use the loggedOut attribute?
Hello, thank you very much for creating this content, it has been very helpful to me in understanding this topic. Would it be possible for you to make a video on how to combine login using Oauth2 (third party applications like Facebook, Google etc) and login and registration using JWT? Thanks again
Thank you for your kind words and suggestion! I'll definitely consider making a video on that topic in the future.
Good one. Thanks
Siggested topics:
You were too good with implementation part. It would be better if you elaborate the architectural need indeph. This video can be good for someone who needs a refrence but if someone needs detailed understanding this suggestion might help. Although the quick discussion in this video was also great
Thank you for your suggestion. I'll definitely consider to make detailed indepth video in future
Hi, how can I return a json response when the /logout is called?
❤❤❤❤thanks for the videos . Please make some Spring Webflux with security Jwt login logout with role based authentication.
hello i am deleting the tokens each time when a new login token is generated and i haven't used the isLoggedOut approach , is there any other solution to make only the last token that was logged in with to be valid ?
Can you do Oauth2 on Spring Boot on your next videos. Thanks
Thank you for your suggestion! I'll definitely consider making a video on oauth2 and spring boot. Stay tuned for future content!
let's make User post, just a simple post maybe with just some text
Thanks for the suggestion!
Thank you very much you helped me a lot. And please can you give us the name of the program you used at the beginning of the video