You explain directly using a screenshot and save time to write down code which is time saving there where lots of videos are basic level but you go one step ahead and explain prior to savings time 🎉🎉🎉
Hmm interesting so jwt helps in saving additional calls to db and off course space as well but yeah third party reliance is too much in token based authentication btw awesome video as always
Hi Shrayansh, if each third party has its jwks.json list where they store public key w.r.t Kid in that case can't hacker access the key and decrypt the content? --video timestamp (48:20).
In JWT you have mentioned that no db is included but how come the application server sends the request to validate the token and the authentication server authenticate it without storing the data somewhere?
@ConceptandCoding can you share the source material you use for creating your videos? Would love to go in depth in many of the topics covered in your videos. Thanks!
What is the use of 'n' and 'e' when the public key they are forming can't be used, we are using Kid to find the public key from third party. n and e seem redundant as they can be tampered.
The 'n' and 'e' components in JWT's public key are used for double verification by the recipient. While the 'kid' header helps locate the correct key, 'n' and 'e' ensure the integrity and authenticity of the key once found.
bo we can not extend the expiry time, there is something called refresh token you get, by which you can get new token, i have covered the refresh token in OAuth video
As he mentioned in this video that will add more vulnerability to the token. So by using a refresh token we can get a new token if the old one expires. Also initially while we are setting the claims, we can set the expiry time of JWT as per our wish.
Symmetric Cryptography: A single secret key is used for both creating and validating the token. Both the issuer and the verifier need to have access to this key. my question how verifier will get this secret key? like i will send him personally or it will store in cloud/DB .so he/she can access it , or i will send in mail,teams....
hello brother may you please assist me in my application used springboot security problem is after a successful login it's calling the login page again not redirecting to the specified endpoint. How can I share my classes with you
I have a question regarding how is JWT considered to be stateless? I understood the part that there is not any session maintained as compared to traditional cookie/session-based authentication But 1. If we need a key to decode the jwt token, then the authorization server needs to store the key to decode it right? So will this key be stored in a db? So won't we need to hit the DB to fetch the key.
Thanks for the Response Love your videos One more question here are we replicating the same token to every authentication server if it is a distributed system meaning One Microservice calls the authentication server to validate and when I again calls it will get a different server because of load balancer so we will have to replicate same token to every authentication server? Or this is wrong? @@ConceptandCoding
Sir if possible after this playlist end , help us making project like book my show , implementing concurrency control as you already explained in one of your video
![Felix "Unfair" | [Stray Kids : SKZ-PLAYER]](http://i.ytimg.com/vi/Oswujxm2Ag0/mqdefault.jpg)
![Blox Fruits Dragon Rework Update [Full Stream]](http://i.ytimg.com/vi/EqDAp8udhm0/mqdefault.jpg)
![Noob To Max With DRAGON REWORK In Blox Fruits [FULL MOVIE]](http://i.ytimg.com/vi/LnBMOinoOvA/mqdefault.jpg)
I just love your explanation. Thank you so much sir.😊😊😊
thanks
You explain directly using a screenshot and save time to write down code which is time saving there where lots of videos are basic level but you go one step ahead and explain prior to savings time 🎉🎉🎉
thanks a lot for the feedback
Just loved the way this topic was explained. Keep up the awsome work Shrayansh !!!
Hmm interesting so jwt helps in saving additional calls to db and off course space as well but yeah third party reliance is too much in token based authentication btw awesome video as always
Sir please upload all topics by this year your content is truly amazing
Awesome explanation ❤🎉
Great explanation !!
Could you please do a video on "Transactional Outbox Design Pattern for microservices"
very clearly you explained it
Hi Shrayansh, if each third party has its jwks.json list where they store public key w.r.t Kid in that case can't hacker access the key and decrypt the content?
--video timestamp (48:20).
same doubt.
are we getting more videos, I just finished the playlist, can't wait. Great content.
Nice and awesome explanation as usual Shreyansh. Possible to add notes to this
notes i have shared to member community post.
@@ConceptandCoding sure. No issues. Anyways I am planning to take membership 👍
In JWT you have mentioned that no db is included but how come the application server sends the request to validate the token and the authentication server authenticate it without storing the data somewhere?
they verify the signature.
Its very useful for me
@ConceptandCoding can you share the source material you use for creating your videos? Would love to go in depth in many of the topics covered in your videos.
Thanks!
hi @ConceptandCoding can you please start adding the advanced part of this video . will be really helpful .Its a request
Great video with loads on knowledge in it. But I feel that video pace is too slow and all this info can be conveyed in less than 30 mins.
noted
What is the use of 'n' and 'e' when the public key they are forming can't be used, we are using Kid to find the public key from third party. n and e seem redundant as they can be tampered.
The 'n' and 'e' components in JWT's public key are used for double verification by the recipient. While the 'kid' header helps locate the correct key, 'n' and 'e' ensure the integrity and authenticity of the key once found.
@@ConceptandCoding oh got it now
Hey guys, are CDNs and their designs covered in any video in this playlist?
yes, in the caching one.
@@mkSlayer9 thanks, ill check that
When will you be adding remaining HLD questions ?
Bro will you please make an complete spring security module its very tough to unserstand how its work
Why cannot we encrypt the jwt token with RSA so that attacker is not able to see and sign the token on its own.
does resource server has to depend on auth-server to verify JWT ?? wouldn't it increase the load on auth-serve ?
Same question and also the extra overhead back and forth calls b/w resource and auth server.
I have some doubts spring jwt and spring boot jwt are same or notwhat your cover int this video
Can we extend the expiry time of the existing JWT?
bo we can not extend the expiry time, there is something called refresh token you get, by which you can get new token, i have covered the refresh token in OAuth video
As he mentioned in this video that will add more vulnerability to the token. So by using a refresh token we can get a new token if the old one expires. Also initially while we are setting the claims, we can set the expiry time of JWT as per our wish.
I remember JsessionId from servlet and jsp.
hey shreyansh, can you refer some book also for auth
Symmetric Cryptography:
A single secret key is used for both creating and validating the token. Both the issuer and the verifier need to have access to this key.
my question
how verifier will get this secret key?
like i will send him personally or it will store in cloud/DB .so he/she can access it , or i will send in mail,teams....
hello brother may you please assist me in my application used springboot security problem is after a successful login it's calling the login page again not redirecting to the specified endpoint. How can I share my classes with you
I have a question regarding how is JWT considered to be stateless? I understood the part that there is not any session maintained as compared to traditional cookie/session-based authentication But
1. If we need a key to decode the jwt token, then the authorization server needs to store the key to decode it right? So will this key be stored in a db? So won't we need to hit the DB to fetch the key.
no need to store and auth server validate using RSA digital signature , (public private key) logic
isn't authentication server a Single point of failure?
its again a distributed microservice.
Thanks for the Response Love your videos One more question here are we replicating the same token to every authentication server if it is a distributed system meaning One Microservice calls the authentication server to validate and when I again calls it will get a different server because of load balancer so we will have to replicate same token to every authentication server? Or this is wrong? @@ConceptandCoding
Please keep updating the udemy course also with these free videos
yes will update udemy
is this HLD series over ?
no, i will start the advance part of it soon
@@ConceptandCoding oh , i was so happy that i completed HLD and i am ready for interviews !!!!
Sir if possible after this playlist end , help us making project like book my show , implementing concurrency control as you already explained in one of your video
noted
❤
thanks
Bhaya spring boot ka series complete kro please
working on it.
Yes please
👍👍