ГЛАВНАЯ СТРАНИЦА




Video quality The size Download


 MPEG4
 AVI
 WMV
 Full HD 1080p — 1920х
Паспортный стол на смольной режим работы, Как оформлять загранпаспорт онлайн, Как правильно заполнить анкету на загранпаспорт нового образца женщин, В какие страны не требуется загранпаспорт 2019, Новая транскрипция в загранпаспорт

RealToughCandy
Thank you Patreon patron for this request and thank you Brad for the tut!
Comment from : RealToughCandy


yodawgy123
17:50 "You could use cookies, but that is not recommended anymore. You should use localstorage". I don't konw if that is up to date. dev.to/rdegges/please-stop-using-local-storage-1i04
Comment from : yodawgy123


Rupinder Kaur
Sir really awesome video. Made me understand completely about jwt
Comment from : Rupinder Kaur


Ayyash Ayyash
why isnt the jwt.verify call inside the middleware?
Comment from : Ayyash Ayyash


Safwan Mohammed
Very nice explanation with working code examples
Comment from : Safwan Mohammed


Bel's Code
Thank you brad for this awseome tutorial , just a note we should send only the id in the payload as far as read in articles
Comment from : Bel's Code


Vinícius Cerqueira Bonifácio
I came from the MERN series part 9 to learn more about JWT before implement it to the project. And I did even it is my first using auth. Thanks, Brad. 👏🏽 Excellent content as always!!
Comment from : Vinícius Cerqueira Bonifácio


AJAY SAKSENA
Your video is amazing. If we will perform the same code steps on goorm ide, then will it work perfectly?
Comment from : AJAY SAKSENA


George Smith
Not prepared
Comment from : George Smith


Tyler C
Great video. Why not save JWT in cookie? Local storage seems more unsafe.
Comment from : Tyler C


Clement Osuide
Hi Brad
so I came accross and article that said storing JWT tokens in localstorage is a terrible Idea... since it is sensitive data
and I'm thinking of incorporating it in my react ecommerce app I'm building...
I just want to know how you feel about that point?
Thanks in advance for your kind response

Comment from : Clement Osuide


Kamalkant Yadav
i like this example i ' m gonna be implemented this
Comment from : Kamalkant Yadav


Ha Thanh Tam
I have seen both jwt and passport with jwt.
And now i am confusing, what are the differences between using jwt only and using passport with jwt ?
Please help clear my doubt.

Comment from : Ha Thanh Tam


Dagg M.
I needed a refresh about JWT functionalities and this little course was very helpful. Just one mention. Token name that we send with res.header can be anything for example 'auth-token', not just 'Authorizatiion'. And token value in a name-value pair doesn't have to start with 'Bearer' word, it's enough to send token only. In that case we do not have to split result into name 'Bearer' and token value.
Comment from : Dagg M.


Devon Marantz
Thank you so much! I’ve been struggling trying to make a protected route with passport for the past month. I couldn’t get it working on a side project I was working on would get super frustrated. I watched this video last night and was able to get it working today! You are a God send! 🙏🏽
Comment from : Devon Marantz


John Gicharu
Thank you so much for your tutorials. They are very informative. You are an inspiration to us all. Could you do a refresher for the PostresSQL tut?
Comment from : John Gicharu


Maximum Cockage
Out of curiousity, at around 18 minutes you say use local storage and cookies isn't recommended anymore.

On the off chance someone XSS's your local storage what's stopping them from just using your token and logging in as you?

Comment from : Maximum Cockage


Jorge Renteral
The verifyToken middleware should do the token validation and, in case of, check the token is valid from the DB.
Comment from : Jorge Renteral


Raúl Alejandro Muñoz Araya
Thanks dude, question: how the token is secure from a MIM attack or a sniffer?
Comment from : Raúl Alejandro Muñoz Araya


Jagdish Shetty
Great explanation !!! Thx so much !!!
Comment from : Jagdish Shetty


Aravind A
How to secure the values from jwt token?
Comment from : Aravind A


Alpit Anand
Awesome
Comment from : Alpit Anand


Aron Høyer
you shouldn't store the jwt in local storage, as it opens an attack vector for xss. an httponly cookie is the preferred way. now, it means that your rest api no longer is stateless, but it sure makes it way more secure.
Comment from : Aron Høyer


Zaid Khan
Those who wants to know, what next() function is? i.e. In verifyToken(req, res, next).

verifyToken is a middleware function in express, which take req, res and next parameters.
Calling next will move to succeeding middleware function.


More details here: expressjs.com/en/guide/writing-middleware.html

Comment from : Zaid Khan


Tanmoy Basak
Hi, can you do a video with refresh tokens!?
Comment from : Tanmoy Basak


Chandula Sulakshana
Thank you very much Brad ... Thanks a lot :)
Comment from : Chandula Sulakshana


RUFF-
Thank you great tutorial. Helped me a lot.
Comment from : RUFF-


MOHAMEDNADJI SOUILAMAS
Thanks, it helped me a lot
Comment from : MOHAMEDNADJI SOUILAMAS


aryan sharma
awesome awesome tutorial.
Comment from : aryan sharma


Alex Yepes
Hey Brad, thanks a lot for these videos. Would it be possible to make a tutorial using a real user for authentication (maybe using passport, Firebase, or other methods)? That way we could see how you actually make a request instead of using mock information. Thanks again.
Comment from : Alex Yepes


Fabian Zhafransyah
How do you store the token when you open the app in a browser, not in postman?
Comment from : Fabian Zhafransyah


Aitizaz ulhaq
i am having a problem when i put the token to the postman authorization header and send post request i still get the forbidden status instead of auth data why is that
Comment from : Aitizaz ulhaq


Md Abu Talha
How I can signout??
Comment from : Md Abu Talha


Md Abu Talha
expiresIn property doesn't work properly
Comment from : Md Abu Talha


Bautista Chehin
great video
Comment from : Bautista Chehin


Akshay Shelke
A very nice tutorial sir , you r a role model for all of us , thank you sir !!
Comment from : Akshay Shelke


Flávio Batista
Reaaaaaly liked the straightforwardness of the tutorial. Implemented it on an existing server in under 40min thanks to your tutorial, keep up the good work :D
Comment from : Flávio Batista


Hường phạm
This turorial was help me solve my problem. Thanks!
Comment from : Hường phạm


pffScrub
For anyone watching this presently. It's considered bad practice to store sensitive data in jwt's. In this video instead of generating a jwt from the user object generating it from the id alone would've been better
Comment from : pffScrub


Perfil Sistemas
do you know export example separate modules?
Comment from : Perfil Sistemas


Arpit Agrawal
I have seen two of your videos and found this channel very helpful. Thank u :)
Comment from : Arpit Agrawal


Yogendra
Awesome explanation. Thanks for it. :)
Comment from : Yogendra


agatha helena
i got a hack transfer from vastrangelinks,com they are really good
Comment from : agatha helena


Wonjae Hwang
At 7:14 he says we could use jwt.sign() synch or asynch. But why would you want to choose either? Could someone explain a sample use case? Like why would we want to make it asynch and run the callback after the file runs it’s execution stack? Rather than running it synchronously ?
Comment from : Wonjae Hwang


Somsubhra Das
Man I love this tutorial... Other YouTubers take more than 1 hr to explain just this. But you did it in less than 25 mins.. <3
Comment from : Somsubhra Das


Husniddin Qurbonboyev
Thanks Brad for such a useful content!
Comment from : Husniddin Qurbonboyev


Delson cayo
.jtdwgd d pm'ptd'tp.5gtmdajmkmgmgmjmjpwt w. Jtwuru. W
Comment from : Delson cayo


Bill
I found this video at the right time, thanks Brad
Comment from : Bill


Omer Mindivanli
Amazing!
Comment from : Omer Mindivanli


Sawyerr Ken
Awesome tutorial. Thanks for the time and effort put into this. I would rather rename that verifyToken middleware to something else like getToken to better capture what the middleware does.
Comment from : Sawyerr Ken


良仔
I have an app built on your MEAN stack back to front series which is set up with Passport and JWT, instead of the Passport.authenticate middleware I've replaced it with the verifyToken implementation from this video. Because the 'Bearer' tag in the authorization header kept failing in the Passport authenticate middleware. Is this the correct approach or should I be doing something differently?
Comment from : 良仔


david grinstein
Why cookies are not recommended?
Comment from : david grinstein


Glenn D
Waiting for 2019 version
Comment from : Glenn D


Metruzanca
Is there a difference I'm not seeing between doing: if (typeof bearerHeader != 'undefined') and simply if(bearerHeader)?
Comment from : Metruzanca


Binayak G Shankar
Wonderful tutorial. Please make a tutorial on Node+Express+Angular+JWT+Socket
Comment from : Binayak G Shankar


sam
Love this!!!
Comment from : sam


Ajit Singh
Brad Bhai (brother in India), thanks a lot for the succinct explanation..always love the explanation in code.
Comment from : Ajit Singh


austin britton
You set a standard man
Comment from : austin britton


Bilal Saleh
Excellent explanation!! thank you
Comment from : Bilal Saleh


rafael sanchez
Thanks, really clear
Comment from : rafael sanchez


Oscar Jovanny
This works for me only locally, in heroku I have CORS issues, does anyone know why?
Comment from : Oscar Jovanny


Alex nixi
You could have handled the JWT verification in the middleware, to keep responsibilities nicely separated. Other than that, nice tutorial :)
Comment from : Alex nixi


Shaikh Shoeb
Hi brad, you make very awesome tutorials it helps me a lot , I like the devconnector very much, If possible I request you to make a tutorial on how to integrate google oauth and facebook oauth in that devconnector application
Comment from : Shaikh Shoeb


Razey
Good stuff, thanks.
Comment from : Razey


bobby john
So you name the function verifyToken and then say that you need to verify the token after running verifyToken? Kinda confusing.

Cool vid though. Learned a lot from it :)

Comment from : bobby john


sairam
what if anyone got a valid token and has a knowledge of hacking(white hat hacker or black hat hacker) how to prevent it?
Comment from : sairam


Santhoshkumar Nagulanchi
How we are sending generated token as response? just res.json({token}) ???
Comment from : Santhoshkumar Nagulanchi


Nay Lin Aung
Could't we just do the jwt.verify in verifyToken function ?
Comment from : Nay Lin Aung


Satenc0
How do you add a form to login to this? can someone send me an example code
Comment from : Satenc0


Shery DCouth
Thanks..It helps.
Comment from : Shery DCouth


Ivan
Your explanation was perfect. Thank you so much!!
You have my like and my sub :)

Comment from : Ivan


TM
Really good!
Comment from : TM


Sukanta Sarkar
Nice one, is that possible to make a video for loopback jwt?
Thanks in adv.

Comment from : Sukanta Sarkar


Sky Pan
Awesome Bro, and now I think the token format is only: "authorization:<token>" in headers now, there is no "authorization: bearer <token>" any more.
Comment from : Sky Pan


Des Butler
One of the shortest, yet most succinct, useful tutorials I've seen. Brad rocks!
Comment from : Des Butler


Alex Machin
How would you intercept the JWT token and save it if its in the header ?
Comment from : Alex Machin


Lokesh Yadav
Ton of thanks Brad for putting up this tutorial. it's really easy to follow and understand the every bit of code. Thank you again.

Just a quick question, did you put up any tutorial for Login / registration user flow? If yes, please share link to the same.

Comment from : Lokesh Yadav


TutorialSpiller
love your shit smooth and simple
Comment from : TutorialSpiller


Security guy
This video is open path for me to develop custom token in firebase database
Comment from : Security guy


Simonnice
Great tutorial as always :D.
Comment from : Simonnice


Piuccoo
What about change/reset password and invalidate tokens in general?
Comment from : Piuccoo


kunal pal
Nicely explained
Comment from : kunal pal


isuru dewasurendra
Thank you, great tutorial
Comment from : isuru dewasurendra


Norris Damianus
very good, simple and clear tutorial
Comment from : Norris Damianus


Hei Li
Hey Traversy, I have a question. How do you create a Auth microservice that supplies JWTs that the client can then use to access other API services? I think I know a way to save it to localStorage but that method according to what I hear is unsafe. However if we attach the JWT to the Auth microservice cookie, that cookie can't be send to the API server. I'm at a loss !
Comment from : Hei Li


Abdelrahman Mohamadeen
According to my understanding, you are also doing here what the module Passport does, but without using it, right?
I think the function verifyToken is doing what Passport does..

Comment from : Abdelrahman Mohamadeen


לי יהב
does it will be better to move "jwt.verify(....)" to the middleware function ???
Comment from : לי יהב


Armando Padilla
Thanks, Really useful.
Comment from : Armando Padilla


Gonzalo Fonseca
Thanks!! You 're awesome
Comment from : Gonzalo Fonseca


Danilo Miranda Santana
I need help. When I type in NPM INSTALL -G NODEMON, it always always give me an erro. Why why? please help. thanks
Comment from : Danilo Miranda Santana


Spoon Liver
Is this OAUTH2? Or should i use passportjs-local strategy to fulfill oauth2 principles?
Comment from : Spoon Liver


Milos Krstic
Wait wait you said that we should store the token in the local storage, when I asked a question on reddit regarding localstorage and auth everybody lost their mind screaming never to use LS for auth instead always use cookies somewhat safer idk...

Unless someone hacks somebodys browsing data and steals his LS there isn't a way user can get hacked, and at the end of the day it's not my fault they download damn keyloggers into their computers lol

Comment from : Milos Krstic


Sarah
Awesome explanation! Thank you so fucking much!
Comment from : Sarah


Cristian Script
Can I use passport-local with Json ?
Comment from : Cristian Script


Cristian Script
I have seen you are using both angular and react what is the best for you framework vs library?
Comment from : Cristian Script


Khương Duy Bùi
Simple explanation , thank_you;
Comment from : Khương Duy Bùi


Nattapong Melont
i love this :3
Comment from : Nattapong Melont


Adam F.
Awesome stuff brad as always!
Comment from : Adam F.


Richard David
Thank you for good tutorial. I learned a lot.
Comment from : Richard David


Mohammed Abdul Khaliq
Thank you
Comment from : Mohammed Abdul Khaliq