26. JWT Explained | JWT vs SessionID | JSON Web Token | Security Challenges with JWT & its Handling

Рет қаралды 22,991

Concept && Coding - by Shrayansh

Күн бұрын

Пікірлер: 60

@AyushiGupta-nv2yq 9 ай бұрын

I just love your explanation. Thank you so much sir.😊😊😊

@ConceptandCoding 9 ай бұрын

thanks

@amitpachghare3238 9 ай бұрын

You explain directly using a screenshot and save time to write down code which is time saving there where lots of videos are basic level but you go one step ahead and explain prior to savings time 🎉🎉🎉

@ConceptandCoding 9 ай бұрын

thanks a lot for the feedback

@amitagarwal779 9 ай бұрын

Just loved the way this topic was explained. Keep up the awsome work Shrayansh !!!

@Sandeep-zd6dq 9 ай бұрын

Hmm interesting so jwt helps in saving additional calls to db and off course space as well but yeah third party reliance is too much in token based authentication btw awesome video as always

@codingwithanonymous890 8 ай бұрын

Sir please upload all topics by this year your content is truly amazing

@DurgaShiva7574 3 ай бұрын

Awesome explanation ❤🎉

@gajananbengre 9 ай бұрын

Great explanation !! Could you please do a video on "Transactional Outbox Design Pattern for microservices"

@RN-jo8zt 6 ай бұрын

very clearly you explained it

@kajoldixit1334 7 ай бұрын

Hi Shrayansh, if each third party has its jwks.json list where they store public key w.r.t Kid in that case can't hacker access the key and decrypt the content? --video timestamp (48:20).

@charankumarvaddepally6580 25 күн бұрын

same doubt.

@vikasrai4915 3 ай бұрын

are we getting more videos, I just finished the playlist, can't wait. Great content.

@saideepak1740 9 ай бұрын

Nice and awesome explanation as usual Shreyansh. Possible to add notes to this

@ConceptandCoding 9 ай бұрын

notes i have shared to member community post.

@saideepak1740 9 ай бұрын

@@ConceptandCoding sure. No issues. Anyways I am planning to take membership 👍

@princepop6922 9 ай бұрын

In JWT you have mentioned that no db is included but how come the application server sends the request to validate the token and the authentication server authenticate it without storing the data somewhere?

@ConceptandCoding 9 ай бұрын

they verify the signature.

@chandanverma4336 9 ай бұрын

Its very useful for me

@sourabhtote8393 5 ай бұрын

@ConceptandCoding can you share the source material you use for creating your videos? Would love to go in depth in many of the topics covered in your videos. Thanks!

@Prodcater 4 ай бұрын

hi @ConceptandCoding can you please start adding the advanced part of this video . will be really helpful .Its a request

@PegasiuuuS 9 ай бұрын

Great video with loads on knowledge in it. But I feel that video pace is too slow and all this info can be conveyed in less than 30 mins.

@ConceptandCoding 9 ай бұрын

noted

@MohammedTajuddin-pz5wd 8 ай бұрын

What is the use of 'n' and 'e' when the public key they are forming can't be used, we are using Kid to find the public key from third party. n and e seem redundant as they can be tampered.

@ConceptandCoding 8 ай бұрын

The 'n' and 'e' components in JWT's public key are used for double verification by the recipient. While the 'kid' header helps locate the correct key, 'n' and 'e' ensure the integrity and authenticity of the key once found.

@mkSlayer9 6 ай бұрын

@@ConceptandCoding oh got it now

@justlc7 8 ай бұрын

Hey guys, are CDNs and their designs covered in any video in this playlist?

@mkSlayer9 6 ай бұрын

yes, in the caching one.

@justlc7 6 ай бұрын

@@mkSlayer9 thanks, ill check that

@nikhilthulaseedharan1525 9 ай бұрын

When will you be adding remaining HLD questions ?

@sumitsehgal5526 3 ай бұрын

Bro will you please make an complete spring security module its very tough to unserstand how its work

@infinity-hu4yk 19 күн бұрын

Why cannot we encrypt the jwt token with RSA so that attacker is not able to see and sign the token on its own.

@saurabhmittal6947 7 ай бұрын

does resource server has to depend on auth-server to verify JWT ?? wouldn't it increase the load on auth-serve ?

@girishanker3796 6 ай бұрын

Same question and also the extra overhead back and forth calls b/w resource and auth server.

@Selvin_raja 7 ай бұрын

I have some doubts spring jwt and spring boot jwt are same or notwhat your cover int this video

@mannuvishwakarma8411 9 ай бұрын

Can we extend the expiry time of the existing JWT?

@ConceptandCoding 9 ай бұрын

bo we can not extend the expiry time, there is something called refresh token you get, by which you can get new token, i have covered the refresh token in OAuth video

@girishanker3796 6 ай бұрын

As he mentioned in this video that will add more vulnerability to the token. So by using a refresh token we can get a new token if the old one expires. Also initially while we are setting the claims, we can set the expiry time of JWT as per our wish.

@Asingh42 9 ай бұрын

I remember JsessionId from servlet and jsp.

@DSA_Coding 7 ай бұрын

hey shreyansh, can you refer some book also for auth

@RN-jo8zt 6 ай бұрын

Symmetric Cryptography: A single secret key is used for both creating and validating the token. Both the issuer and the verifier need to have access to this key. my question how verifier will get this secret key? like i will send him personally or it will store in cloud/DB .so he/she can access it , or i will send in mail,teams....

@elforeyyy 4 ай бұрын

hello brother may you please assist me in my application used springboot security problem is after a successful login it's calling the login page again not redirecting to the specified endpoint. How can I share my classes with you

@FitMitDiary 8 ай бұрын

I have a question regarding how is JWT considered to be stateless? I understood the part that there is not any session maintained as compared to traditional cookie/session-based authentication But 1. If we need a key to decode the jwt token, then the authorization server needs to store the key to decode it right? So will this key be stored in a db? So won't we need to hit the DB to fetch the key.

@chander10980 2 ай бұрын

no need to store and auth server validate using RSA digital signature , (public private key) logic

@abhaytiwari6401 9 ай бұрын

isn't authentication server a Single point of failure?

@ConceptandCoding 9 ай бұрын

its again a distributed microservice.

@abhaytiwari6401 9 ай бұрын

Thanks for the Response Love your videos One more question here are we replicating the same token to every authentication server if it is a distributed system meaning One Microservice calls the authentication server to validate and when I again calls it will get a different server because of load balancer so we will have to replicate same token to every authentication server? Or this is wrong? @@ConceptandCoding

@GeneralistDev 9 ай бұрын

Please keep updating the udemy course also with these free videos

@ConceptandCoding 9 ай бұрын

yes will update udemy

@ShashwatShukla-p8h 5 ай бұрын

is this HLD series over ?

@ConceptandCoding 5 ай бұрын

no, i will start the advance part of it soon

@ShashwatShukla-p8h 4 ай бұрын

@@ConceptandCoding oh , i was so happy that i completed HLD and i am ready for interviews !!!!

@dynamiteSoul2324 9 ай бұрын

Sir if possible after this playlist end , help us making project like book my show , implementing concurrency control as you already explained in one of your video

@ConceptandCoding 9 ай бұрын

noted