Basic Authentication vs Session Authentication vs JWT Authentication

Рет қаралды 5,756

Күн бұрын

Пікірлер: 34

@javadmh7827 Жыл бұрын

I'm working on an e-commerce project and I was confused about using JWT-based authentication and session-based authentication. finally, I made my decision. Thanks a lot.

@official.mhm13 Жыл бұрын

What decision you made. Session or JWT?

@javadmh7827 Жыл бұрын

@@official.mhm13 Session

@webhopers3106 Жыл бұрын

can you guide me how you implement session base authentication on realworld project. Please give me Idea or source so I will implement this too.

@forzajuve8088 Жыл бұрын

Welcome back!!! Nice video, thanks for useful content!!

@CodeWithVlad Жыл бұрын

Thank you! Glad to be back :)

@temirlantashbaltaev9248 Жыл бұрын

thank you a lot! You are the one who can explain difficult staff easily.

@CodeWithVlad Жыл бұрын

Thank you for the support!

@filouchar Жыл бұрын

Great informative video, Very well and simply explained, with code examples. Perfect! Already waiting for the next one 😉

@CodeWithVlad Жыл бұрын

Thank you!

@calisgarden Жыл бұрын

very clear video, everything was nicely explained thank you!

@forwork7967 Жыл бұрын

Can you please make a video about session authentication with nest js and prisma?

@teknolovedigital Жыл бұрын

Glad to see u again...

@CodeWithVlad Жыл бұрын

Thank you! Glad to be back

@sagar7929 Жыл бұрын

Thank you for this. Would you be able to make a tutorial on Nestjs role and permission implementation that includes an administrator with full permissions in an admin role, users with limited permissions based on their assigned user role, and the ability for the administrator to add or remove permissions for users? It would be ideal if the tutorial also covers how to create custom or predefined permissions. You are welcome to use any database or ORM for this tutorial. Thank you again.

@CodeWithVlad Жыл бұрын

Glad you found my tutorial helpful! I think your suggestion of a NestJS role and permission system tutorial is great and I'll definitely add it to my list. Thanks for your support!

@saybers-4516 Жыл бұрын

God bless you thank you for this tutorial you are the best

@ian0m Жыл бұрын

Great timing! I found your channel this weekend while trying to implement JWTs w/ refresh tokens. That video is by far the most helpful and thorough video I've seen on the subject! THANK YOU SO MUCH! I have a question though (really to anyone who will answer)... in this video you caution heavily against using JWT necessarily and that makes sense. In my situation I'm going to have many microservices and I thought that by using JWT I could avoid hammering a central auth service. Is this a case that makes sense to use JWT or should I not worry about hammering an auth service? I figured that on logout I could broadcast a logout event (say, over kafka) for the other microservices to pick up on and store an invalidation for the refresh token. ALSO I plan to send back to the user a blank refresh token on logout, does that make sense? Sorry that's so long... thanks again for everything!

@CodeWithVlad Жыл бұрын

Thank you for your comment and support! I'm glad to hear that the video was helpful for you. In regards to your question, I want to clarify that in the video, I was cautioning against the use of JWT as a session token for common web applications and single page applications (SPAs). However, using JWT for microservices can be a valid and efficient approach, especially if you have many microservices and want to avoid hammering a central authentication service. Your approach of broadcasting a logout event over Kafka for the other microservices to pick up on and store an invalidation for the refresh token sounds like a reasonable solution. As for sending back a blank refresh token on logout, that can work, but it's not strictly necessary since the refresh token will be invalidated and can no longer be used to obtain a new access token. I hope this helps clarify the use of JWTs for microservices, and let me know if you have any further questions!

@Noritoshi-r8m Ай бұрын

Your link to the NestJS course is broken here for some reason

@dawidzach6457 Жыл бұрын

Great video! I have a questions. How to use sessions to create a auth in the style of mobile apps? I mean, i login/register once and then app doesn't log me out for, for example: a month

@CodeWithVlad Жыл бұрын

Thank you for the support! You can set a very long cookie expiration using the maxAge property inside the cookie object.

@JoseMedina-xp6vi Жыл бұрын

Hey! Great video! I have a question: for mobile auth cookies are the way to go?

@CodeWithVlad Жыл бұрын

I don't have too much experience with mobile. If you are using a browser on mobile that should work. And I think that it's still possible to use cookies if it's a native app. To use cookies in mobile apps, you can use a library or framework that supports cookie handling, such as the NSHTTPCookieStorage class in iOS, or the CookieManager class in Android. These libraries provide methods for creating, storing, and retrieving cookies within the app's local storage.

@webhopers3106 Жыл бұрын

Please make video on session base authentication in nestjs with production grade code. if it is not possible then pls suggest me other sources where I learn these topics.

@jestemsiedem7481 Жыл бұрын

Thank you for the video! However I have a question. Let's say I have authentication based on session id cookie and i logged from mobile app to my account. I'm using an app and I close it for a while and then open it again. Will I still be logged in or will I have to log in via the form again to get the cookie? If so, how can I keep me logged in after opening the app?

@CodeWithVlad Жыл бұрын

Hey, than you for the support. If you haven't cleared the application cache and if the session id is not expired you should be able to use the app without issues. It is actually the server that will let you know that your session id expired because you will receive a 401 status code. I don't really have experience with mobile apps but what i do is that i have a helper function that does the API requests calling fetch API or axios. If the function detects a response with a code 401 it will redirect the user to the login page and clean the app state.

@webhopers3106 11 ай бұрын

I purchased your nestjs essentials course but now page is not opening error occurred 403 forbidden. Please fix this soon I really enjoyed your lectures

@CodeWithVlad 10 ай бұрын

Thank you for reporting. It should be back now!

@delinuxist4480 Жыл бұрын

Thanks so so much....

@CodeWithVlad Жыл бұрын

Welcome!

@AnthonyDev Жыл бұрын

Hi Vlad, great video, I'm subscribed in your channel since your jwt masterclass with access and refresh tokens, I watched this new video about authentication methods and later I downloaded your ebook about sessions stored in redis, eveything is working fine. Now I have a doubt: In the jwt method we had tokens table and application tables in the same postgres database, but how can I secure an postgres application database while storing user sessions in redis? Do I need only use the ebook code below in all protected routes? Can you help me, please? Or recommend me some good article about this. @Get('me') getMe(@GetSession() session: UserSession) { if (!session.user) throw new UnauthorizedException('Not authenticated'); return session.user; }