Відео

Thanks

You lost me at "7*4 = 24 chars..." ?? (3:48) but thanks for trying.

well explained thanks

BEST VIDEO EVER PRODUCED! ON AUTH

What a great video, clears many questions I had!

It would have been better if you have shown an example to that instead of reading all the lines which is kind of boring.

Can somebody explain please why stateless JWT contains user data when stateful contains user id only? It sounds confusing

Let's always do alot of good 🔥

Finally, an explanation for web authentication for people who are not 5 years olds.

Exactly what ive been looking for. 🚀 thank you so much!

great explanation. thanks.

This video is my top pick for the year. Thanks for the awesome content - it really made a humongous difference for me!

Hello Alex, Thank you for this content. I want to see it on localhost while coding. how to bundle and serve it

thz, so useful

Awesome very cool

absolut fantastic! <3

awesome tutorial. Thank you so much

Hey I know this is an old video, but this video is what secured these concepts in my head. Every second of the video is high quality information with very little noise. Thanks!

I don't get the point from 26:50. Why would a server need a blacklist of revoked tokens? If the token has an exploration field and a signature, isn't it enough to prevent users from using expired tokens? Thanks!

Bro is robot

Thank you.

Thanks for the excellent video. Clarified few doubts I had. Keep it going.

That was a very helpful approach of explanation. I managed to debug and fix my environmental variables issue I had. Thank you sir.

concise!

Thank you!

Just to say : Session are Cookie. There is also alternative where you take a Cookie in order to wrap a JWT Token (to have the Pro of both world). To deal with the Cons of token and multi website authentication the use of an intermediate website in order to handle the connection is possible and the website will have his own mecanism for authenticate using Cookie. This website will redirect to your website with a Token at the end (I simplify the workflow since there is more exchange than that beetween your server and this auth server) but it's simply SSO, OAuth/Oidc mecanism. It's not that hard to implement your own Oauth mecanism using jwt. So basically you can do it, and if you have A, B, C website + one website to handle the auth using SSO then if you connect on A you will obtain a jwt for A that you wrap inside a cookie + the same for your auth website, next time when you will try to connect to a website you will already be connected to the website and receive the jwt token for the website B for example even it you are not connected to B yet, so you could wrap it inside a cookie.

We can mitigate with XSS attack by storing the JWT token in a cookie instead of local storage and now JS clients have no access to the token. furthermore, the cookie should only be sent on HTTPS only with the sameSite strict option to prevent CSRF attack.

I really saw a lot of videos, but the way you've summarized is just amazing! Keep up the excellent work! Definitely subscribing!

You are the best🤗

Thank you.

Alex you are a great developer. Congrats!

Finally. An explanation that actually MAKES SENSE.

Thank you for the thorough presentation. However, I would like to propose a correction. Rails stores the session in a cookie. NOT the session id, but the session object. It's Rails' default session storage (CookieStore). This storage is always on the client. In the video, you say every session is stored server-side (min 2:26), which is not true in the case of the session cookie Rails deals with.

I m watching you in 2023 Keep going 💪💪💪 dont stop🌹🌹

I like you way of teaching

Wow you explain very well! thanks

mongosh -- "$MONGO_INITDB_DATABASE" <<EOF db.createUser({ user: "$MONGO_USERNAME", pwd: "$MONGO_PASSWORD", roles:[{ role: 'readWrite',db:"$MONGO_INITDB_DATABASE" }] }) EOF

This is amazing. Very clearly explained ❤

After I have authenticated and the user is logged in, can I now send requests directly using axois? Or should I continue to do this with the help of TOKEN?

Thanks for these videos man! But eslint and prettier commands are not working any more :(

Excellent explanation. It covers everything you need to now about web auth. It saved me a lot of time and effort to learn it on my own. Very compact and clear. Thank you!!

One of the best video on the JWT and session token management. Great work!

What happended? It's been two years since the last vide uploaded.

Timestamps: Authentication: 0:16 Session Auth/Flow: 1:24 Session Auth/Features: 2:21 Cookies: 4:10 Cookies/Security: 5:50 Cookies/Attributes: 7:14 Cookies/Flags: 8:02 CSRF: 8:47 Tokens/Flow: 9:35 Tokens/Features: 10:53 JWT: 13:04 JWT/Security: 16:23

Very informative.

am just exhausted please tell me how to make my react app seo friendly

Great video!

Thank you so much sir for this detailed session on client side web security and cookies session things .

Thank you so much for this. one question what is this session ID used for? do I use that to reference a user in the database instead of a user ID. (For security)