NestJs Authentication : Login, Signup, Refresh Tokens, JWT, Guards

Поделиться
HTML-код
  • Опубликовано: 24 дек 2024

Комментарии • 47

  • @fsassiv
    @fsassiv Месяц назад +1

    Anything anyone needs to know to get started with NestJS is on your channel. Straightforward, simple and well explained content. Congrats man and Thank you.

    • @Computerix
      @Computerix  Месяц назад +1

      @fsassiv I'm glad you found my content helpful ! Thanks for your comment

    • @shrikantjha5630
      @shrikantjha5630 Месяц назад

      @@Computerix good content.

    • @Computerix
      @Computerix  Месяц назад

      @@shrikantjha5630 Thanks :)

  • @JayTailor45
    @JayTailor45 7 месяцев назад +3

    I recently came across with your videos. I found these videos extremely easy to understand and helpful. Thank you so much for your time and efforts for making such content.

    • @Computerix
      @Computerix  7 месяцев назад

      Thank you so much for your comment Jay!
      More videos coming soon !

  • @LangehMohammed
    @LangehMohammed 3 месяца назад

    Thank you so much for the time and effort you put in to helping us understand the content. It was really helpful.

  • @samueladdisu3729
    @samueladdisu3729 3 месяца назад

    I like How you make it look easy. The best explanation

    • @Computerix
      @Computerix  3 месяца назад

      @@samueladdisu3729 thanks for your comment !

  • @Naya-ss7vs
    @Naya-ss7vs 7 месяцев назад +2

    So useful as usual!

  • @ahsanahmedrakib6450
    @ahsanahmedrakib6450 Месяц назад

    It''s really awesome. Thank you so much.

  • @muhammadfawwad6782
    @muhammadfawwad6782 5 месяцев назад

    Please make full stack apps with nestjs , Really liked your videos they are very easy to understand as compared to other tutorials

  • @SakshamKarnawat
    @SakshamKarnawat 6 месяцев назад

    Amazing explanation. Thanks a lot!

  • @abirkolin4702
    @abirkolin4702 4 месяца назад

    amayzing brother, thanks a lot

  • @amrhussien4334
    @amrhussien4334 7 месяцев назад

    Awsome, thank you for your efforts.

    • @amrhussien4334
      @amrhussien4334 7 месяцев назад

      How can I contact you. I want to discuss something.

    • @Computerix
      @Computerix  6 месяцев назад +1

      @@amrhussien4334 Here is my linkedin : www.linkedin.com/in/charbel-el-helou-6523a5200
      Thanks for the feedback!

  • @RmoviesTN
    @RmoviesTN 2 месяца назад

    thankyou good sir that was very helpfull

  • @juhandvan
    @juhandvan 5 месяцев назад

    I really like your video. Thanks

  • @kraiponnajaroon2206
    @kraiponnajaroon2206 4 месяца назад

    Thanks.

  • @wnheieowz
    @wnheieowz 4 месяца назад

    nice content

  • @ibrahimraad3009
    @ibrahimraad3009 5 месяцев назад

    thanks 😁

    • @Computerix
      @Computerix  5 месяцев назад

      You're very welcome!

  • @testuser-i9e
    @testuser-i9e 8 дней назад

    Hi brother, do you use passport js or do it without it?

  • @HamzahAhmad-db5cy
    @HamzahAhmad-db5cy 5 месяцев назад

    Excellent video. Thank you for your effort.
    is there a particular reason why you used a different package for refresh tokens, instead of using the jwt package here as well?

    • @Computerix
      @Computerix  5 месяцев назад

      Since the refresh token is not a JSON Web Token but rather a random string, we used a random generator

  • @nidhalchelhi2655
    @nidhalchelhi2655 5 месяцев назад

    Very helpful ! can you make a video about authorization (roles: admin, user.. )

    • @Computerix
      @Computerix  5 месяцев назад

      Yes, this is on my list :)

  • @robings6489
    @robings6489 14 дней назад

    With this logic you can only be signed in on a single device with the same user right? So if I want users to be signed in on multiple devices I'd have to run some kind of cron job to delete every refresh token when it is expired?

  • @Computerix
    @Computerix  4 месяца назад +2

    Source code: github.com/charbelh3/nestjs-auth-apis

  • @quang.luu.179
    @quang.luu.179 7 месяцев назад

    👏👏👏👏👏
    Thanks for your video. Can I ask if is there anyway to declare a jwt service for global level and another one in Auth module scope, like: using it for refresh only?

    • @Computerix
      @Computerix  7 месяцев назад

      You're welcome!
      Yes, you can register another Jwt Module in the AuthModule with its own secret and config.. and it would work. However, be careful, your Auth guard will be using one of the two jwt services (Most probably the global one).. So you would need to find a way to dynamically use the correct secret key when verifying your tokens..
      Now if you have the same secret for both modules, but you're using different config options such as expiry etc.. I don't think you would face any issues.. you could also override the default config used in the global jwt module, by simply assigning them explicitly such as : jwtService.verify(token, { ...override-config-here ...}, in case you don't want to register a second jwt module.
      I'm not sure why you would use the jwtService with the refresh however, as the refresh token is a long random string (rather than a Json Web Token)
      Hope my answer helps!

    • @quang.luu.179
      @quang.luu.179 7 месяцев назад

      ​@@Computerix Thanks for your reply! I know I can inject any configuration into the JWT service to achieve this. Just asking for another approach. Regarding refresh tokens, generally, I see two ways in other samples:
      * Using a random string like you suggested.
      * Using JWT format. ( I dont know why)
      Updated: Ah, I guess the jwt can take the advantage of expired date that encoded into the self token without query the db for persistent. I mostly saw it from microservice architecture where a gateway is kinda the first line of token validator,

    • @problemchild959
      @problemchild959 4 месяца назад

      ​@@Computerix a lot of people use a jwt token as the refresh token so that it while lasting much longer (a week or so) still has an expire time. using a refresh token that never expires is considered a bad security practice by a lot of people/companies.

    • @Computerix
      @Computerix  4 месяца назад

      @@problemchild959 Correct about the expiration. BUT, you don't need to have the refresh token as a JWT for it to have an expiry date.
      You can use a random long string, and use an expirationDate field that you check against whenever you're calling your refresh token API to refresh the tokens. If that field has a value date in the past (meaning it expired), you force the user to login again.

    • @sonzaii-x
      @sonzaii-x 4 месяца назад

      ​​@@Computerix I think using jwt for refresh tokens is more secure since you can invalidate all refresh tokens by editing the refresh token secret

  • @ismaelseck
    @ismaelseck Месяц назад

    when i try to execute the localhost:3000 request with the get method in postman i face a 404 Cannot GET /. I'm not using mongoose but typeOrm

  • @LangehMohammed
    @LangehMohammed 3 месяца назад

    Also please can you help with a video showing how to do an email otp verification upon user signup using firebase authentication methods? It will be very much appreciated

  • @duykhanhnguyen9274
    @duykhanhnguyen9274 2 месяца назад

    Why don't you use nestjs/passport for auth?

  • @mrbite9959
    @mrbite9959 5 месяцев назад +1

    The source code plz

    • @Computerix
      @Computerix  4 месяца назад

      I'm sorry for the late response! Here you go : github.com/charbelh3/nestjs-auth-apis (This contains the code for this video and part 2 as well.. Forgot Password / Change Password / Reset Password)