Just noticed something around 2:04:23. Make sure that when you're deploying APIs on Linux that you are not using root to run services. In the event that your API gets compromised, the bad guys will have root access to everything on the system. Most likely scenario, they rack up thousands in charges turning your VM into a Bitcoin miner. Best practice is to create a non-sudo user for each API service you run on a VM, that way the baddies can't pivot to other services without being noticed first. Thanks for always making great videos!

Koin was released the version 3.2.0 (stable) two days ago and now it's finally working with Ktor 2.0.1

I suggest a second small part where you build on top of that, a refresh token and an interceptor with the header token. You explain like a genius, as always

I was creating Android Auth with spring security and you couldn't have dropped this at a better time. Thanks ❤

I don't know how I thank you enough I start wanting your video on pins and needles 🤩

This is what I have really been waiting for. Thanks Philipp

hello Philipp. Your channel is a go-to for ktor backend. This is just a request that would be helpful to many. Would you kindly make a video of Role-based authorization in ktor. Thanks phill.

Thank you for this wonderful course. I have been planning to create my custom backend. But, I am scared handling authentication or even web sockets. You are truly a blessing to the developers' community 😁

Yes more backend videos please.

thank the gods for you sir. I might make something of myself just because your channel exists

Nice! Can we continue with authentication and look at OAuth 2 as well as OpenID Connect (which can use JWT) in a future video?

Dr. Phil!!! Keep up the great videos fam!! 🐐 ❤️

As we are on internet, I can't help by myself but to correct you, Rainbow Table are Table that offer a trade-off between cpu (calculate all hash possible for all password until find the correct one on demand) and memory (calculate all possibility and store it in advance) to reverse a hash result, so it provides a string that has the same hash as the password. So it's not just common used password, but all passwords. This table provide at least one answer for one hash asked, but what we want is the password without the hash and not just a string that provide the same hash

Thanks Philip well done.would you mind talk about certificate pinning in android

Great ... informative as always... 🎉

Thanks for the great video. Please create more of these.

bro you are insane xD but thanks you for so much, and sorry for so little ❤

nice video sir. Kindly do make a video on how one can insert an image or multiple images from android to ktor on a deployed server. Thanks

Great vid as always! One question though, how would you handle the token refresh logic?

thank you! sorry if I just watch the Android part. Wish you could continue the next part of Android for more complex handling like just you said, get error response, token expired, put the token in Interceptor, etc.. see you the next video

But if the saltHex is shown on the database, couldn't someone who has acces to the database and can see the unhashed salt field try to concatenate that value and one of the common passwords and convert ir throgh the algorithm???, i've tryed it myself and the result hash matched the one on the database... maybe something is missing??? Awesome video btw, thankyou

Hello Philip can you make a tutorial on creating an app ( MVVM ofcourse ) written using jetpack compose which uses system services such as bluetooth or wifi in place of an api.

Great video! One note though, prefer EncryptedSharedpreferences to shared preferences for security reason.

Hi Philipp, if instead of having the Authorization Bearer as a parameter for the api we implemented an okhttp interceptor, the logic for accessing shared preferences would necessarily move out of repository. Isn't it a bit weird from an architectural point of view?

"You're not dependent on Firebase anymore." Thanks man

Amazing tutorial ♥♥♥♥♥

In another video you kind of took the same approach with validating the input fields, where you used the result of the flow in a LaunchedEffect. Do you make 2 LaunchedEffect's in a form composition, one to deal with validation and one to deal vith authentication, or you make only validation LaunchedEffect and inside it you say something like "If validationSuccess then suignup"? It makes sense when I think about them individualy whle watching your vide but I don't understand how this would work together.

Got it working, nice! But now I wonder how I can get HTTPS working on the VPS

Whao you are great teacher, Philip, What do think about using msql instead of mongodb for the database

Hi Philipp, how can we send the users a request to verify their email address when using Ktor? Do you plan to make a video about this?

Wonderful!

Nice tutorial, thanks a lot!!! So here you use hostinger only for ip and executing code which writes data to aws behind the scenes? And mongo is used as an abstraction in order to do all setup through code without playing directly with aws?

Hello, I'm looking for guidance on implementing a Ktor server in an Android project with the latest Jetpack components. Any insights or examples would be greatly appreciated. Thank you!

How do i login users with the email instead and then send a verification email?

Why you don't use dependency injection in the backend for interface Implementations, and you use it only in the Android App? Great vid btw!

I faced problem with algorithm failed, i try to use another kex algorithem but its also failed what can i do i don't know.

Thanks, what to do if there are google sign_in or another provider?

where is ssl configuration, please make a video on that

Where we can find AuthScreenDestination and SecretScreenDestination in your code?

17:40 "they wanna earn money , we dont wanna give them our money " 🤣🤣🤣🤣🤣🤣🤣🤣🤣🤣🤣🤣🤣🤣🤣🤣🤣

sorry if the question is not right, but this framework doesnt have a jwt and auth package to implement this instead of writing it? just learning here

Hi Phillipe, can you refactor or make tutorial of this application using MVVM pattern, keep KITOR as it is, only the android application 🎉🎉

verifying hashing function returning false everytime. I think it is because while generating the password hash, we are generating using salt value but, while verifying we are verifying using saltAsHex value. can anyone explain?

Can you explain which ip address i use in MongoDb Atlas Database.

Can you please provide some direction on how to support https traffic and how not to use usesCleartextTraffic ?

Thanks Philip. Can you please do a video on use cases with clean architecture?

For some reason gradle script not working now( It was working 1 great year.... Just stuck on scp command and that's all. No logs, nothing, just endless deploy/....

I did everything like you do, but I'm adding some upload file staff, it works perfect locally, but when I'm trying to push it to server, it return 500 error without any clarification, someone can help?!

Hey.. thank you for all these great pitches and times you spend on them. I had a question i needed your help. It's actually related to dependency injection. I was doing these things and i was tryna use Data Api but then i got to do it with Mongodb Driver. I started to work with it but i jumped into dependency problems. I'm using Koin for dependecy injection and just don't fucking know how to do it. No matter what i do and how i do it, it just WON'T WORK and koin throws exception that it can't find the definition for that. I don't know how to provide its dependency and inject it. And what if i'm using KMongo? appreciate it if you could give me a hand..!

Can I use other vps hosting instead of hostinger?

I really get excited about kotlin js + react but I don't find proper tutorial on it ..?do you guys get excited about it

How do we update user by bson id in kmongo ? Can someone please help ?

As of July 2023, KMongo has been marked as deprecated. The MongoDB Kotlin driver is the officially supported and maintained MongoDB driver for Kotlin. It is developed by the MongoDB team.

*where is the line you pasted?*

hello Philipp. This is quite a great video that has helped. Am following along an everything is fine. Are there adjacements that we need to do to server https. or do you have a video showing how to add ssl certificates after deployment. What adjacements o we need to make on this 15. Make sure, your ports are open and you forward the traffic from the standard HTTP port to 8080: iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080 iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp --dport 8080 -j ACCEPT Thanks Phillip

😱😱🤯🤯🤩🤩

Hi Philipp, can you please make a video on Pagination in Ktor and Mongodb

I still working out how to setting mongodb on kor Phillip please do a short video how to do it.

How do you revoke tokens?

Hello sir... great videos I've been learning a lot from you...can i request something...a wallpaper app project using fire database i thing it's going to be a great opportunity to see a full functioning app with fire database.

😍😍🥰

Hi Philipp, could you please make some videos on Ktor and Mongodb

I can see the pain in your eyes at the deployment part 😅

I followed your tutorial and I am getting an error when deploying, * What went wrong: Execution failed for task ':deploy'. > com.jcraft.jsch.JSchException: Auth cancel

If, for whatever reason you don't want to use the apache commons dependency at all. The hashing can be done the following way using only functions from the ktor.util package: in generateSaltedHash //... val saltAsHex = hex(salt) val hashBytes = getDigestFunction("SHA-256"){ saltAsHex } val hash = hex(hashBytes(value)) //... in verify val hash = hex(getDigestFunction("SHA-256", salt = { saltedHash.salt })(value)) return hash == saltedHash.hash It will generate the exact same hashes as the apache lib. getDigestFunction also uses java MessageDigest under the hood.

Hey Phillip, Isn't it "$saltAsHex$value" instead of "$salt$value"? val hash = DigestUtils.sha256Hex("$saltAsHex$value") 51:17