Video quality The size Download

 Full HD 1080p — 1920х
Паспортный стол на смольной режим работы, Как оформлять загранпаспорт онлайн, Как правильно заполнить анкету на загранпаспорт нового образца женщин, В какие страны не требуется загранпаспорт 2019, Новая транскрипция в загранпаспорт

Thank you Patreon patron for this request and thank you Brad for the tut!
Comment from : RealToughCandy

17:50 "You could use cookies, but that is not recommended anymore. You should use localstorage". I don't konw if that is up to date. dev.to/rdegges/please-stop-using-local-storage-1i04
Comment from : yodawgy123

Rupinder Kaur
Sir really awesome video. Made me understand completely about jwt
Comment from : Rupinder Kaur

Ayyash Ayyash
why isnt the jwt.verify call inside the middleware?
Comment from : Ayyash Ayyash

Safwan Mohammed
Very nice explanation with working code examples
Comment from : Safwan Mohammed

Bel's Code
Thank you brad for this awseome tutorial , just a note we should send only the id in the payload as far as read in articles
Comment from : Bel's Code

Vinícius Cerqueira Bonifácio
I came from the MERN series part 9 to learn more about JWT before implement it to the project. And I did even it is my first using auth. Thanks, Brad. 👏🏽 Excellent content as always!!
Comment from : Vinícius Cerqueira Bonifácio

Your video is amazing. If we will perform the same code steps on goorm ide, then will it work perfectly?
Comment from : AJAY SAKSENA

George Smith
Not prepared
Comment from : George Smith

Tyler C
Great video. Why not save JWT in cookie? Local storage seems more unsafe.
Comment from : Tyler C

Clement Osuide
Hi Brad
so I came accross and article that said storing JWT tokens in localstorage is a terrible Idea... since it is sensitive data
and I'm thinking of incorporating it in my react ecommerce app I'm building...
I just want to know how you feel about that point?
Thanks in advance for your kind response

Comment from : Clement Osuide

Kamalkant Yadav
i like this example i ' m gonna be implemented this
Comment from : Kamalkant Yadav

Ha Thanh Tam
I have seen both jwt and passport with jwt.
And now i am confusing, what are the differences between using jwt only and using passport with jwt ?
Please help clear my doubt.

Comment from : Ha Thanh Tam

Dagg M.
I needed a refresh about JWT functionalities and this little course was very helpful. Just one mention. Token name that we send with res.header can be anything for example 'auth-token', not just 'Authorizatiion'. And token value in a name-value pair doesn't have to start with 'Bearer' word, it's enough to send token only. In that case we do not have to split result into name 'Bearer' and token value.
Comment from : Dagg M.

Devon Marantz
Thank you so much! I’ve been struggling trying to make a protected route with passport for the past month. I couldn’t get it working on a side project I was working on would get super frustrated. I watched this video last night and was able to get it working today! You are a God send! 🙏🏽
Comment from : Devon Marantz

John Gicharu
Thank you so much for your tutorials. They are very informative. You are an inspiration to us all. Could you do a refresher for the PostresSQL tut?
Comment from : John Gicharu

Maximum Cockage
Out of curiousity, at around 18 minutes you say use local storage and cookies isn't recommended anymore.

On the off chance someone XSS's your local storage what's stopping them from just using your token and logging in as you?

Comment from : Maximum Cockage

Jorge Renteral
The verifyToken middleware should do the token validation and, in case of, check the token is valid from the DB.
Comment from : Jorge Renteral

Raúl Alejandro Muñoz Araya
Thanks dude, question: how the token is secure from a MIM attack or a sniffer?
Comment from : Raúl Alejandro Muñoz Araya

Jagdish Shetty
Great explanation !!! Thx so much !!!
Comment from : Jagdish Shetty

Aravind A
How to secure the values from jwt token?
Comment from : Aravind A

Alpit Anand
Comment from : Alpit Anand

Aron Høyer
you shouldn't store the jwt in local storage, as it opens an attack vector for xss. an httponly cookie is the preferred way. now, it means that your rest api no longer is stateless, but it sure makes it way more secure.
Comment from : Aron Høyer

Zaid Khan
Those who wants to know, what next() function is? i.e. In verifyToken(req, res, next).

verifyToken is a middleware function in express, which take req, res and next parameters.
Calling next will move to succeeding middleware function.

More details here: expressjs.com/en/guide/writing-middleware.html

Comment from : Zaid Khan

Tanmoy Basak
Hi, can you do a video with refresh tokens!?
Comment from : Tanmoy Basak

Chandula Sulakshana
Thank you very much Brad ... Thanks a lot :)
Comment from : Chandula Sulakshana

Thank you great tutorial. Helped me a lot.
Comment from : RUFF-

Thanks, it helped me a lot

aryan sharma
awesome awesome tutorial.
Comment from : aryan sharma

Alex Yepes
Hey Brad, thanks a lot for these videos. Would it be possible to make a tutorial using a real user for authentication (maybe using passport, Firebase, or other methods)? That way we could see how you actually make a request instead of using mock information. Thanks again.
Comment from : Alex Yepes

Fabian Zhafransyah
How do you store the token when you open the app in a browser, not in postman?
Comment from : Fabian Zhafransyah

Aitizaz ulhaq
i am having a problem when i put the token to the postman authorization header and send post request i still get the forbidden status instead of auth data why is that
Comment from : Aitizaz ulhaq

Md Abu Talha
How I can signout??
Comment from : Md Abu Talha

Md Abu Talha
expiresIn property doesn't work properly
Comment from : Md Abu Talha

Bautista Chehin
great video
Comment from : Bautista Chehin

Akshay Shelke
A very nice tutorial sir , you r a role model for all of us , thank you sir !!
Comment from : Akshay Shelke

Flávio Batista
Reaaaaaly liked the straightforwardness of the tutorial. Implemented it on an existing server in under 40min thanks to your tutorial, keep up the good work :D
Comment from : Flávio Batista

Hường phạm
This turorial was help me solve my problem. Thanks!
Comment from : Hường phạm

For anyone watching this presently. It's considered bad practice to store sensitive data in jwt's. In this video instead of generating a jwt from the user object generating it from the id alone would've been better
Comment from : pffScrub

Perfil Sistemas
do you know export example separate modules?
Comment from : Perfil Sistemas

Arpit Agrawal
I have seen two of your videos and found this channel very helpful. Thank u :)
Comment from : Arpit Agrawal

Awesome explanation. Thanks for it. :)
Comment from : Yogendra

agatha helena
i got a hack transfer from vastrangelinks,com they are really good
Comment from : agatha helena

Wonjae Hwang
At 7:14 he says we could use jwt.sign() synch or asynch. But why would you want to choose either? Could someone explain a sample use case? Like why would we want to make it asynch and run the callback after the file runs it’s execution stack? Rather than running it synchronously ?
Comment from : Wonjae Hwang

Somsubhra Das
Man I love this tutorial... Other YouTubers take more than 1 hr to explain just this. But you did it in less than 25 mins.. <3
Comment from : Somsubhra Das

Husniddin Qurbonboyev
Thanks Brad for such a useful content!
Comment from : Husniddin Qurbonboyev

Delson cayo
.jtdwgd d pm'ptd'tp.5gtmdajmkmgmgmjmjpwt w. Jtwuru. W
Comment from : Delson cayo

I found this video at the right time, thanks Brad
Comment from : Bill

Omer Mindivanli
Comment from : Omer Mindivanli

Sawyerr Ken
Awesome tutorial. Thanks for the time and effort put into this. I would rather rename that verifyToken middleware to something else like getToken to better capture what the middleware does.
Comment from : Sawyerr Ken

I have an app built on your MEAN stack back to front series which is set up with Passport and JWT, instead of the Passport.authenticate middleware I've replaced it with the verifyToken implementation from this video. Because the 'Bearer' tag in the authorization header kept failing in the Passport authenticate middleware. Is this the correct approach or should I be doing something differently?
Comment from : 良仔

david grinstein
Why cookies are not recommended?
Comment from : david grinstein

Glenn D
Waiting for 2019 version
Comment from : Glenn D

Is there a difference I'm not seeing between doing: if (typeof bearerHeader != 'undefined') and simply if(bearerHeader)?
Comment from : Metruzanca

Binayak G Shankar
Wonderful tutorial. Please make a tutorial on Node+Express+Angular+JWT+Socket
Comment from : Binayak G Shankar

Love this!!!
Comment from : sam

Ajit Singh
Brad Bhai (brother in India), thanks a lot for the succinct explanation..always love the explanation in code.
Comment from : Ajit Singh

austin britton
You set a standard man
Comment from : austin britton

Bilal Saleh
Excellent explanation!! thank you
Comment from : Bilal Saleh

rafael sanchez
Thanks, really clear
Comment from : rafael sanchez

Oscar Jovanny
This works for me only locally, in heroku I have CORS issues, does anyone know why?
Comment from : Oscar Jovanny

Alex nixi
You could have handled the JWT verification in the middleware, to keep responsibilities nicely separated. Other than that, nice tutorial :)
Comment from : Alex nixi

Shaikh Shoeb
Hi brad, you make very awesome tutorials it helps me a lot , I like the devconnector very much, If possible I request you to make a tutorial on how to integrate google oauth and facebook oauth in that devconnector application
Comment from : Shaikh Shoeb

Good stuff, thanks.
Comment from : Razey

bobby john
So you name the function verifyToken and then say that you need to verify the token after running verifyToken? Kinda confusing.

Cool vid though. Learned a lot from it :)

Comment from : bobby john

what if anyone got a valid token and has a knowledge of hacking(white hat hacker or black hat hacker) how to prevent it?
Comment from : sairam

Santhoshkumar Nagulanchi
How we are sending generated token as response? just res.json({token}) ???
Comment from : Santhoshkumar Nagulanchi

Nay Lin Aung
Could't we just do the jwt.verify in verifyToken function ?
Comment from : Nay Lin Aung

How do you add a form to login to this? can someone send me an example code
Comment from : Satenc0

Shery DCouth
Thanks..It helps.
Comment from : Shery DCouth

Your explanation was perfect. Thank you so much!!
You have my like and my sub :)

Comment from : Ivan

Really good!
Comment from : TM

Sukanta Sarkar
Nice one, is that possible to make a video for loopback jwt?
Thanks in adv.

Comment from : Sukanta Sarkar

Sky Pan
Awesome Bro, and now I think the token format is only: "authorization:<token>" in headers now, there is no "authorization: bearer <token>" any more.
Comment from : Sky Pan

Des Butler
One of the shortest, yet most succinct, useful tutorials I've seen. Brad rocks!
Comment from : Des Butler

Alex Machin
How would you intercept the JWT token and save it if its in the header ?
Comment from : Alex Machin

Lokesh Yadav
Ton of thanks Brad for putting up this tutorial. it's really easy to follow and understand the every bit of code. Thank you again.

Just a quick question, did you put up any tutorial for Login / registration user flow? If yes, please share link to the same.

Comment from : Lokesh Yadav

love your shit smooth and simple
Comment from : TutorialSpiller

Security guy
This video is open path for me to develop custom token in firebase database
Comment from : Security guy

Great tutorial as always :D.
Comment from : Simonnice

What about change/reset password and invalidate tokens in general?
Comment from : Piuccoo

kunal pal
Nicely explained
Comment from : kunal pal

isuru dewasurendra
Thank you, great tutorial
Comment from : isuru dewasurendra

Norris Damianus
very good, simple and clear tutorial
Comment from : Norris Damianus

Hei Li
Hey Traversy, I have a question. How do you create a Auth microservice that supplies JWTs that the client can then use to access other API services? I think I know a way to save it to localStorage but that method according to what I hear is unsafe. However if we attach the JWT to the Auth microservice cookie, that cookie can't be send to the API server. I'm at a loss !
Comment from : Hei Li

Abdelrahman Mohamadeen
According to my understanding, you are also doing here what the module Passport does, but without using it, right?
I think the function verifyToken is doing what Passport does..

Comment from : Abdelrahman Mohamadeen

לי יהב
does it will be better to move "jwt.verify(....)" to the middleware function ???
Comment from : לי יהב

Armando Padilla
Thanks, Really useful.
Comment from : Armando Padilla

Gonzalo Fonseca
Thanks!! You 're awesome
Comment from : Gonzalo Fonseca

Danilo Miranda Santana
I need help. When I type in NPM INSTALL -G NODEMON, it always always give me an erro. Why why? please help. thanks
Comment from : Danilo Miranda Santana

Spoon Liver
Is this OAUTH2? Or should i use passportjs-local strategy to fulfill oauth2 principles?
Comment from : Spoon Liver

Milos Krstic
Wait wait you said that we should store the token in the local storage, when I asked a question on reddit regarding localstorage and auth everybody lost their mind screaming never to use LS for auth instead always use cookies somewhat safer idk...

Unless someone hacks somebodys browsing data and steals his LS there isn't a way user can get hacked, and at the end of the day it's not my fault they download damn keyloggers into their computers lol

Comment from : Milos Krstic

Awesome explanation! Thank you so fucking much!
Comment from : Sarah

Cristian Script
Can I use passport-local with Json ?
Comment from : Cristian Script

Cristian Script
I have seen you are using both angular and react what is the best for you framework vs library?
Comment from : Cristian Script

Khương Duy Bùi
Simple explanation , thank_you;
Comment from : Khương Duy Bùi

Nattapong Melont
i love this :3
Comment from : Nattapong Melont

Adam F.
Awesome stuff brad as always!
Comment from : Adam F.

Richard David
Thank you for good tutorial. I learned a lot.
Comment from : Richard David

Mohammed Abdul Khaliq
Thank you
Comment from : Mohammed Abdul Khaliq