| Video quality | The size | Download |
|---|
 | Thank you Patreon patron for this request and thank you Brad for the tut! Comment from : RealToughCandy |
 | 17:50 "You could use cookies, but that is not recommended anymore. You should use localstorage". I don't konw if that is up to date. dev.to/rdegges/please-stop-using-local-storage-1i04 Comment from : yodawgy123 |
 | Sir really awesome video. Made me understand completely about jwt Comment from : Rupinder Kaur |
 | why isnt the jwt.verify call inside the middleware? Comment from : Ayyash Ayyash |
 | Very nice explanation with working code examples Comment from : Safwan Mohammed |
 | Thank you brad for this awseome tutorial , just a note we should send only the id in the payload as far as read in articles Comment from : Bel's Code |
 | I came from the MERN series part 9 to learn more about JWT before implement it to the project. And I did even it is my first using auth. Thanks, Brad. 👏🏽 Excellent content as always!! Comment from : Vinícius Cerqueira Bonifácio |
 | Your video is amazing. If we will perform the same code steps on goorm ide, then will it work perfectly? Comment from : AJAY SAKSENA |
 | Not prepared Comment from : George Smith |
 | Great video. Why not save JWT in cookie? Local storage seems more unsafe. Comment from : Tyler C |
 | Hi Brad so I came accross and article that said storing JWT tokens in localstorage is a terrible Idea... since it is sensitive data and I'm thinking of incorporating it in my react ecommerce app I'm building... I just want to know how you feel about that point? Thanks in advance for your kind response Comment from : Clement Osuide |
 | i like this example i ' m gonna be implemented this Comment from : Kamalkant Yadav |
 | I have seen both jwt and passport with jwt. And now i am confusing, what are the differences between using jwt only and using passport with jwt ? Please help clear my doubt. Comment from : Ha Thanh Tam |
 | I needed a refresh about JWT functionalities and this little course was very helpful. Just one mention. Token name that we send with res.header can be anything for example 'auth-token', not just 'Authorizatiion'. And token value in a name-value pair doesn't have to start with 'Bearer' word, it's enough to send token only. In that case we do not have to split result into name 'Bearer' and token value. Comment from : Dagg M. |
 | Thank you so much! I’ve been struggling trying to make a protected route with passport for the past month. I couldn’t get it working on a side project I was working on would get super frustrated. I watched this video last night and was able to get it working today! You are a God send! 🙏🏽 Comment from : Devon Marantz |
 | Thank you so much for your tutorials. They are very informative. You are an inspiration to us all. Could you do a refresher for the PostresSQL tut? Comment from : John Gicharu |
 | Out of curiousity, at around 18 minutes you say use local storage and cookies isn't recommended anymore. On the off chance someone XSS's your local storage what's stopping them from just using your token and logging in as you? Comment from : Maximum Cockage |
 | The verifyToken middleware should do the token validation and, in case of, check the token is valid from the DB. Comment from : Jorge Renteral |
 | Thanks dude, question: how the token is secure from a MIM attack or a sniffer? Comment from : Raúl Alejandro Muñoz Araya |
 | Great explanation !!! Thx so much !!! Comment from : Jagdish Shetty |
 | How to secure the values from jwt token? Comment from : Aravind A |
 | Awesome Comment from : Alpit Anand |
 | you shouldn't store the jwt in local storage, as it opens an attack vector for xss. an httponly cookie is the preferred way. now, it means that your rest api no longer is stateless, but it sure makes it way more secure. Comment from : Aron Høyer |
 | Those who wants to know, what next() function is? i.e. In verifyToken(req, res, next). verifyToken is a middleware function in express, which take req, res and next parameters. Calling next will move to succeeding middleware function. More details here: expressjs.com/en/guide/writing-middleware.html Comment from : Zaid Khan |
 | Hi, can you do a video with refresh tokens!? Comment from : Tanmoy Basak |
 | Thank you very much Brad ... Thanks a lot :) Comment from : Chandula Sulakshana |
 | Thank you great tutorial. Helped me a lot. Comment from : RUFF- |
 | Thanks, it helped me a lot Comment from : MOHAMEDNADJI SOUILAMAS |
 | awesome awesome tutorial. Comment from : aryan sharma |
 | Hey Brad, thanks a lot for these videos. Would it be possible to make a tutorial using a real user for authentication (maybe using passport, Firebase, or other methods)? That way we could see how you actually make a request instead of using mock information. Thanks again. Comment from : Alex Yepes |
 | How do you store the token when you open the app in a browser, not in postman? Comment from : Fabian Zhafransyah |
 | i am having a problem when i put the token to the postman authorization header and send post request i still get the forbidden status instead of auth data why is that Comment from : Aitizaz ulhaq |
 | How I can signout?? Comment from : Md Abu Talha |
| expiresIn property doesn't work properly Comment from : Md Abu Talha |
 | great video Comment from : Bautista Chehin |
 | A very nice tutorial sir , you r a role model for all of us , thank you sir !! Comment from : Akshay Shelke |
 | Reaaaaaly liked the straightforwardness of the tutorial. Implemented it on an existing server in under 40min thanks to your tutorial, keep up the good work :D Comment from : Flávio Batista |
 | This turorial was help me solve my problem. Thanks! Comment from : Hường phạm |
 | For anyone watching this presently. It's considered bad practice to store sensitive data in jwt's. In this video instead of generating a jwt from the user object generating it from the id alone would've been better Comment from : pffScrub |
 | do you know export example separate modules? Comment from : Perfil Sistemas |
 | I have seen two of your videos and found this channel very helpful. Thank u :) Comment from : Arpit Agrawal |
 | Awesome explanation. Thanks for it. :) Comment from : Yogendra |
 | i got a hack transfer from vastrangelinks,com they are really good Comment from : agatha helena |
 | At 7:14 he says we could use jwt.sign() synch or asynch. But why would you want to choose either? Could someone explain a sample use case? Like why would we want to make it asynch and run the callback after the file runs it’s execution stack? Rather than running it synchronously ? Comment from : Wonjae Hwang |
 | Man I love this tutorial... Other YouTubers take more than 1 hr to explain just this. But you did it in less than 25 mins.. <3 Comment from : Somsubhra Das |
 | Thanks Brad for such a useful content! Comment from : Husniddin Qurbonboyev |
 | .jtdwgd d pm'ptd'tp.5gtmdajmkmgmgmjmjpwt w. Jtwuru. W Comment from : Delson cayo |
 | I found this video at the right time, thanks Brad Comment from : Bill |
 | Amazing! Comment from : Omer Mindivanli |
 | Awesome tutorial. Thanks for the time and effort put into this. I would rather rename that verifyToken middleware to something else like getToken to better capture what the middleware does. Comment from : Sawyerr Ken |
 | I have an app built on your MEAN stack back to front series which is set up with Passport and JWT, instead of the Passport.authenticate middleware I've replaced it with the verifyToken implementation from this video. Because the 'Bearer' tag in the authorization header kept failing in the Passport authenticate middleware. Is this the correct approach or should I be doing something differently? Comment from : 良仔 |
 | Why cookies are not recommended? Comment from : david grinstein |
 | Waiting for 2019 version Comment from : Glenn D |
 | Is there a difference I'm not seeing between doing: if (typeof bearerHeader != 'undefined') and simply if(bearerHeader)? Comment from : Metruzanca |
 | Wonderful tutorial. Please make a tutorial on Node+Express+Angular+JWT+Socket Comment from : Binayak G Shankar |
 | Love this!!! Comment from : sam |
 | Brad Bhai (brother in India), thanks a lot for the succinct explanation..always love the explanation in code. Comment from : Ajit Singh |
 | You set a standard man Comment from : austin britton |
 | Excellent explanation!! thank you Comment from : Bilal Saleh |
 | Thanks, really clear Comment from : rafael sanchez |
 | This works for me only locally, in heroku I have CORS issues, does anyone know why? Comment from : Oscar Jovanny |
 | You could have handled the JWT verification in the middleware, to keep responsibilities nicely separated. Other than that, nice tutorial :) Comment from : Alex nixi |
 | Hi brad, you make very awesome tutorials it helps me a lot , I like the devconnector very much, If possible I request you to make a tutorial on how to integrate google oauth and facebook oauth in that devconnector application Comment from : Shaikh Shoeb |
 | Good stuff, thanks. Comment from : Razey |
 | So you name the function verifyToken and then say that you need to verify the token after running verifyToken? Kinda confusing. Cool vid though. Learned a lot from it :) Comment from : bobby john |
 | what if anyone got a valid token and has a knowledge of hacking(white hat hacker or black hat hacker) how to prevent it? Comment from : sairam |
 | How we are sending generated token as response? just res.json({token}) ??? Comment from : Santhoshkumar Nagulanchi |
 | Could't we just do the jwt.verify in verifyToken function ? Comment from : Nay Lin Aung |
 | How do you add a form to login to this? can someone send me an example code Comment from : Satenc0 |
 | Thanks..It helps. Comment from : Shery DCouth |
 | Your explanation was perfect. Thank you so much!! You have my like and my sub :) Comment from : Ivan |
 | Really good! Comment from : TM |
 | Nice one, is that possible to make a video for loopback jwt? Thanks in adv. Comment from : Sukanta Sarkar |
 | Awesome Bro, and now I think the token format is only: "authorization:<token>" in headers now, there is no "authorization: bearer <token>" any more. Comment from : Sky Pan |
 | One of the shortest, yet most succinct, useful tutorials I've seen. Brad rocks! Comment from : Des Butler |
 | How would you intercept the JWT token and save it if its in the header ? Comment from : Alex Machin |
 | Ton of thanks Brad for putting up this tutorial. it's really easy to follow and understand the every bit of code. Thank you again. Just a quick question, did you put up any tutorial for Login / registration user flow? If yes, please share link to the same. Comment from : Lokesh Yadav |
 | love your shit smooth and simple Comment from : TutorialSpiller |
 | This video is open path for me to develop custom token in firebase database Comment from : Security guy |
 | Great tutorial as always :D. Comment from : Simonnice |
 | What about change/reset password and invalidate tokens in general? Comment from : Piuccoo |
 | Nicely explained Comment from : kunal pal |
 | Thank you, great tutorial Comment from : isuru dewasurendra |
 | very good, simple and clear tutorial Comment from : Norris Damianus |
 | Hey Traversy, I have a question. How do you create a Auth microservice that supplies JWTs that the client can then use to access other API services? I think I know a way to save it to localStorage but that method according to what I hear is unsafe. However if we attach the JWT to the Auth microservice cookie, that cookie can't be send to the API server. I'm at a loss ! Comment from : Hei Li |
 | According to my understanding, you are also doing here what the module Passport does, but without using it, right? I think the function verifyToken is doing what Passport does.. Comment from : Abdelrahman Mohamadeen |
 | does it will be better to move "jwt.verify(....)" to the middleware function ??? Comment from : לי יהב |
 | Thanks, Really useful. Comment from : Armando Padilla |
 | Thanks!! You 're awesome Comment from : Gonzalo Fonseca |
 | I need help. When I type in NPM INSTALL -G NODEMON, it always always give me an erro. Why why? please help. thanks Comment from : Danilo Miranda Santana |
 | Is this OAUTH2? Or should i use passportjs-local strategy to fulfill oauth2 principles? Comment from : Spoon Liver |
 | Wait wait you said that we should store the token in the local storage, when I asked a question on reddit regarding localstorage and auth everybody lost their mind screaming never to use LS for auth instead always use cookies somewhat safer idk... Unless someone hacks somebodys browsing data and steals his LS there isn't a way user can get hacked, and at the end of the day it's not my fault they download damn keyloggers into their computers lol Comment from : Milos Krstic |
 | Awesome explanation! Thank you so fucking much! Comment from : Sarah |
 | Can I use passport-local with Json ? Comment from : Cristian Script |
| I have seen you are using both angular and react what is the best for you framework vs library? Comment from : Cristian Script |
 | Simple explanation , thank_you; Comment from : Khương Duy Bùi |
 | i love this :3 Comment from : Nattapong Melont |
 | Awesome stuff brad as always! Comment from : Adam F. |
 | Thank you for good tutorial. I learned a lot. Comment from : Richard David |
 | Thank you Comment from : Mohammed Abdul Khaliq |