I'm deep-diving into JWT to learn it completely. Started watching a lot of videos on it, and this one is VERY good! Need to play it on loop for some time I bet
Loved the video.Your explanations were easy to understand and to the point.Loved it.Although I work as a Go Dev and most of your contents are not that relevant to me,I am still subscribing.Keep on the goo work!
I don’t think JWT authentication can work effectively without making some sort of db call with every request. For example to know which tokens have been invalidated when the user signs out
you mention that it validation is done using private-key. That seems odd; generally we should be able to verify the signature using the public key, can you please clarify?
There are various hashing algorithms that use different approaches to signing and verifying tokens. Some use just 1 private key (HS256), and some use both a public key and a private key (RS256). It just depends on the algorithm
Hello ! Thank you for the refreshers ! Great video One question: what do you mean by creating a whitelist for refresh token ? If you use RT rotation, what's whitelisting adding to it ?
The Best Explanation Ever.Thanks For Putting up in a more clear way Nikita !!
Absolutely wonderful clarity and quality ❤️
thank you!
I'm deep-diving into JWT to learn it completely. Started watching a lot of videos on it, and this one is VERY good! Need to play it on loop for some time I bet
Amazing content bro, keep at it already a fan and this is the first video I’ve watched.
Loved the video.Your explanations were easy to understand and to the point.Loved it.Although I work as a Go Dev and most of your contents are not that relevant to me,I am still subscribing.Keep on the goo work!
Great job! So helpful.
Very concise explanation of JWT tokens, Thanks!
Excellent explanation and very easy to understand..thank you
awesome! this explanation is the best out there! thanks man! instant subscriber here 🔥
very clear explanation. I love it . thank you
best explanation on yt, keept the good work my friend
It’s Helpful. Thanks
Excellent explanation. thank you!
The way i see people use JWT is that you would still need to do lookup with the id in the token
Osm man keep doing like this....
Nicely explained dude, keep it up 👍
Thankyou very much.
that's cool, it all make sense right now.
thanks man
Such a great explanation! thank you so much.
Perfect.
I don’t think JWT authentication can work effectively without making some sort of db call with every request. For example to know which tokens have been invalidated when the user signs out
Amazing ❤️🇪🇬
you mention that it validation is done using private-key. That seems odd; generally we should be able to verify the signature using the public key, can you please clarify?
There are various hashing algorithms that use different approaches to signing and verifying tokens. Some use just 1 private key (HS256), and some use both a public key and a private key (RS256). It just depends on the algorithm
Hello !
Thank you for the refreshers ! Great video
One question: what do you mean by creating a whitelist for refresh token ? If you use RT rotation, what's whitelisting adding to it ?
A whitelist would be an alternative to RT rotation-- you wouldn't use both
Can I use personal access token(PAT) as refresh token?
Why not store JWT in secure httpOnly cookie instead, to prevent XSS on local storage?
that works as well 👍
Would not work on mobile app
Thompson Barbara Perez James Thompson Daniel