❤Please Support me by subscribing to my channel 👉🏻www.youtube.com/@sakuradev?sub_confirmation=1

A masterclass. Your video is the most complete on KZbin. Most of them always skip an important step, so their video become useless. You've made everything from A to Z, thanks a thousand time 🙏

Not an easy transition to the NextJS section if you're following along with code, but if you can figure it out, hands down one of the best tutorials out there for refresh tokens for both client and server.

Thanks!

This was insanely helpful for me. Thank you!

I can assure you, this is one of the best explanations on implementing authentication in Nest/NextJs

Terima kasih.

wow... this is the video I've been waiting for, thanks man

Very good tutorial, perfect u said a lot of things can not find in others tutorials, especially how to refresh the accessToken silently.

Hey thank you so much, you made this very clear to me, I'm using session and not JWT, but your content is currently helping me a ton to setup all this stuff ☺

I was looking for a tutorial, not for a mayor! (brazilian meme to show how grateful I was for find this!)

I will also learn this Tutorial, The combination in this tutorial is awesome ! I see how amazing things NestJS can do ! I am still waiting for NestJS Postgres TypeORM, JWT Token, Key Cloak authentication, user role and OTP login !oo

Amazing video tutorial. Everything explained and detailed to its core perfection!

Thank you so much, NextJS Auth explained well with external BE... amazing

good job bro ! A most comprehansive tutorial I've seen.

🤗Obrigado amigo! Você é um amigo!

This is far better than those paid courses out there 😍

Thanks a lot 🙏🏻🙏🏻 You have made it super clear.. and you managed to talk about i guess everything that related to authentication and authorization unlike other youtubers

You're the best, Brother! Hope you have a wonderful life ahead of you!

i'm wordless, you helped me alot. thank you so much for posting this content!!!!

Thank you, a very clear and useful tuto ❤

just thank you! You achieve new spectator!

Thanks for the great tutorial. I just want to make one clarification for those who are not familiar with JWT authorization. The refresh token must be implemented in such a way that it cannot be used more than once. And if an malicious user gets your refresh token and uses it, you will notice it immediately when you try to use it on your side. But in your implementation, if I understand correctly, the refresh token is reusable, since it is hardly possible to implement it without saving the token value itself to the database.

that is realy what i was looking for a while... thank you a lot

Thank u, one of underrated awesome content out here.

thank you so much! A real masterclass.

Great Content ! Keep Up The Good Work !

coming here again, very useful video

thanks bro you are the best teacher!

Thank you so much friend it's been really useful tutorial!

This is .... damn! so goooood. thank you a lot ....couldn't help subscribing :)

Cant wait the next video

You are awesome as always :) ! Thank you.

Thank you so much for the video

Hi, I have a question. The refresh token is only use when you reload the page or re-login. What's happen if the access token is expired then you call an API without reload the page? I'm so confused, please help me awnser this. Thank you!

In CreateUserProfile section you can also replace id with +id so it will convert the string to number

best video ever. love from Bangladesh.😍😍

Greate video , Thank you for sharing 🥰

Amazing tutorial. Thanks a million

Great job sir 👏

At 1:23:44 when you refresh it still has the username in the sessions (top right). How is a good way to have all of this updated as well when the accessToken expires?

Nice effort. we have learned a lot

Thank you very much. This video was very helpful.

Definitely great!

valuable tutorial! thank you

Hey ! Nice video! I've just got one question: how do you ensure that, on the Next side, the user is automatically logged out when their token expires?

Thank you so much this video is awesome I have a question. at the 1:41:30 mark in the video, there's a question about how to hide the session information that appears in the network tab every time you access the web, specifically the "GET /api/auth/session" request, which shows session details such as user and backendTokens. Is there a way to conceal this information? The reason for wanting to hide it is that the token values are being exposed. Do you have any advice on this matter?

Hi thanks for the video, I have a question, at the 47:17 mark in the video, I have an error that "Parameter 'req' implicitly has an 'any' type." so it's really an any type or something other type? I'm fixing it by add ''@Request() req: any" but do you have any better idea?

Hi, thanks for your work! I have a question: how can I synchronize the main backend tokens with the token created by NextAuth?

With this implementation if i provided a correct token i can Access any endpoint with all the ID's.. that means that i can access any profile i want if i have its id

In your components you have manually added the Bearer totken which is not a easily maintainable approach, what if refresh token in invalid?

thanks for the video 🙏🙏❤❤, I was curious how to handle role base authorization, at 1:25:07, you created middleware only for those who have sessions, but what if I have a dashboard for users and a dashboard for admin or maybe a dashboard for sellers? I like the way you solved the refresh token problem. I usually use axios interceptors like you taught me in the past.

Amazing ❤❤❤

Sir , your tutorial was amazing, i have an one question, my question is when you try to refresh the token at that point is it possible to clear the session with sign-out and redirect to the login page?

Hey can you make a video with both google and oauth provider like google with capabilities of storing both of these in a database

Hey, Thanks it's realy cool tutorial!

Thanks alot for the amazing videio but now what will happend if the refreshToken expired? How I can force the user to logout ? That the main issue i faced when i tried many times to implement the NextAuth.

Thank you so much. your tutorials helped me on my own project. A project idea if its ok, users triggers long running job from client side seeing live status of the said job. Something that can handle lot of users kicking off long running job/script etc

When the session expires and the tokens refresh, if you don't press F5, it keeps calling the API thousands of times and when the Refresh expires it gives a lot of errors.

This was a nice tutorial... what if a user change their system time won't it keep their token from expiring

Briefly skimmed through the vide and it look like exactly, what I was looking for. Just had a quick question, my backend for user authentication is developed in Django, but this will be the same right? Thanks!

excellent video just I dont know where is login page located

I have one doubt. How to logout user when refresh token is expired?

Monorepo with nextjs + nestjs using drizzle and next-auth with the drizzle adapter would be cool video to watch. Where both next and nest share this drizzle db

Awesome👍👍👏😊😊

Thank you so much for this video.I have done authentication with cookies using nestjs and using the api with nextjs 13.on my local host , it works very well and sets the cookie and persists on page refresh.but when i deployed the nestjs api the cookies does not set at all.the login is successful but the cookies dont set.I have tried several solutions but i still get same issue.any idea on how i can go about this? i will really appreciate help on this.Once again thank you so much

Nice video!

hello, i noticed that in your tutorial when you return from the signIn screen the user data is already loaded, how did you do that? i'm following the tutorial but when i return from the signIn page the signIn and signUp buttons appear for a brief moment until getSession() puts the data in the react state, thanks for your attention (sorry if it seems confusing, I'm from Brazil and I used the translator to write this LOL)

Great tutorial! How can i implement both Credentials and oAuth providers in Auth.js, but with my backend logic in NestJs? That is, store my users in DB, but only NestJs can read/write database?

I love this tutorial! I have been looking for something like this but then I have an issue. I started following the tuorial as I did not have any issues on the backend setting up the things I set up but then I had serious issues with the Next.js next-auth. I am hitting the endpoint but then I am not getting results. I have tried to log the response to see what it contains but then I see nothing in the console. I suspect that it does not log anything because the page refreshes everytime I enter the credentials. Also my return object from the backend is different yours in the video but I was under the impression that I should be able to customixze it to do what I want to, but back to my question, what do you think could be the reason for this?

tks for your kindness sharing this nestjs, this is i am looking for.. please make another video full stack using nest js and next js, like marketplace or airbnb or linked in.. tks

Hi there, Nice video... but i have a question, when you navigate into other tabs and came back, it really does the refresh token, but it does not work well while navigation into others routers and reloading page (f5, and others reloads methods) there is an method to solve this problem, to when it reloads the page it does the refreshToken, if accessToken expired? I know in other video that you made, it works but in the client side, but i want to know if there is an way to do in the server side, thanks

in min 22:00, why you didn't provide the hash salt (which you set to 10 breviously) while comparing the given password and the stored password hash? N.B: here is the code snippet I am asking about : await compare(dto.password, user.password)

why use nest for back-end? is this for educational purpose or next can't handle back-end services?

İ have a small and important question. We have an api that lists one product. We will ensure that the products are listed by using this api in the admin panel. Let's assume that we get the token information thanks to NextAuth, so we need to use it in the api as headers: {Authentication: 'Bearer {token}'}. When the page is first loaded, NextJS does not know what this "token" information is, so it crashes while fetch. And the products unfortunately do not appear on the screen. Is there any chance we can do this without putting a talk like if(token) ?

awesome ! but I got issu when I refresh the token for the first time it's work but then will refresh secend time it's send the same old refresh token

Good video except that you left out an important part: Checking if the refresh token is expired. In a comment below u mentioned that you should just call the sign out function in this case but inside the jwt callback it is not possible to call that function. Yes you could run it inside the protected page but that is also not practical if there are multiple protected pages. Then there is also the middleware.ts but when calling the sign out function there and redirecting the user, a window is not defined error is being thrown...

Appreciate your dedication! I have a question about the token stuff! In real-world projects I think, refresh token stuff works like when accessToken expires then again call for access token (till refresh token not expire), and when refresh token expire then user should logged out meaning need to login and new refresh token add. But in your case, it's not working like that, may I know why?

can we save user records from Next Auth google provider to nestjs and then database?

what about the deprecation warnings for bcrypt dependecies? You didn't get that on your installation but I saw more people with this issue

Hello Sakura Dev, today I watched a lot of videos of you. But I still have some questions, please help me :((. I'm building a fullstack website with NextJS. I'm using NextAuth for authentication. And now I can login by credentials and some third app, but I want to have a jwt token to middleware protect when success logged in. But in my session, I don't have any jwt token. How can I achieve it or Do I have to do it? Is safe when return the id in the session? I have tried to return the public information of user in session, and they id I save in jwt, is that right?

Hi, There is a small issue with the current Nextjs setup. Say that an endpoint is going to be hit on a button click in client side. If the token has expired, the jwt callback does not get called. It gives a 401 unauthorized. Any suggestions on how to fix it? I apprecaite your content. ♥

thank you so much!

i have a question , we have the api for auth using nestjs why we must do the nextjs server api ? is this because the next-auth package want it that way ? i never use the next auth package so i need some explain about that

Very nice tutorial. I tried to follow up the client side with Next-Auth, cause my authentication backend is already running in ASP. I noticed one issue, and maybe you can explain what is going on. When I authenticate, I'm having correct user data, access token, refresh token and expires in values, till the first refresh call. Refresh endpoint returns correct data, and the same way I'm returning new token with modified backendTokens, but then on every jwt callback, there are still the same values. So it keep refreshing token on every request. But what funny is, when I use getServerSession in Server Action, there the token is correct (refreshed one). So I ended up refreshing token on each and every request after first one expires. Has anyone noticed anything like that before?

How to use Google Provider with it? Client is not sending password to check the authenticity of the user.

Great tutorial! How do we generate random SSL Keys on Windows machines?

Is this better than using passport ? and how can I fix the issue of importing the JwtService in every module i have ?

Thank you very much

Hey, can you please make the video where you combine custom credentials and Google Provider for example? It works cool for now, but in my app, I want to add OAuth and I can't figure out how I need to combine these 2 flows. Like we need a password for user creation, right? Do we need to create a separate model for OAuth users? Thank you again friend!

آقا وحید من یه چالش تو پروژه شرکتمون دارم که ساخت فرم ساز هستش بک اندمون لاراول هستش ورودی های فرم همون اینپوت هاش ساختار جی سان ذخیره میشه مثلا تایپ اینپوت تکست یا نامبر خیلی هم ابتدایی ینی ایونتارو فعلا ذخیره نمیکنیم من خواستم با formbuilder پیادش کنم متاسفانه پکیجش جی کوئری هستش برا ری اکت شما چه پکیجی رو توصیه میکنید من هرچی گشتم چیزی پیدا نکردم که خوب پوشش بده مسئله ساخت فرم انگار باید از اول چرخ بسازم و ددلاینمون همش یک هفتش مونده از تایپ اسکریپتم استفاده میکنم و نکست جی اس

Thanks

How can users who have been authenticated no longer be able to log in to the login page? and automatically redirect to the dashboard. I can't use getServerSideProps and I don't want to use useeffect because it's very delayed please help me, thankyou

i have a question. like we know next auth is default to 7d but when we use refresh token like this that back end token will more than 7d right . so if the nextauth session was expire what happen here ?

How can I add google-provider with this method

I 'd faced the problem of CORS Error when sends POST request by await fetch(Backend URL + "/auth/register" {...}) from the client side. Will be very thankful for answer.

hello sakura how to authenticate nextjs with nestjs backend with oauth nextauth

How do i implement google auth using nestjs as backend and nextjs as the frontend?

Awesome Tutorial........... Can you make one with GRAPHQL please

Wonderful tutorial! I would like to ask a question that i couldn't understand in the NextAuth docs: Lets say that we have two computers: "A" and "B". - I log in with with my account in computer "A" - Then i log in with the same account in computer "B" I understand that computer "B" should have the refreshed token, and computer "A" should have it's own token as invalid (therefore the refresh endpoint would give an error). But how does NextAuth deals when the HTTP call inside the refreshToken function gives an error? Does it erases the cookie? Sorry for the bombarding of questions, and again, many thanks for the tutorial! EDIT: I think the problem of my question is more about the business model of the api (if the backend allows two active tokens at the same time for example), but i still would like to know what should happen if that refreshToken gives an error hehehe