COUPON Code: *EARLYBIRD20* => Spring Data J PA course: aliboucoding.com/p/the-full-guide-to-master-spring-boot-data-jpa

He is the best Teacher on spring security. i will recommend you anytime and anywhere

Great teacher with clear voice and content, making the life easier for the spring boot developers, great contribution and highly appreciated. Thank you so much 🥰

Thanks for this lecture. With this lecture, I can understand how JWT and Spring Security combines together in order to build the security's structure in Spring Boot. Finally, you are the best teachers, you are a lifesaver with me

These are amazing! Refresh tokens would be very useful !

Thank you so much for these updated videos. You have no idea how frustrated I got due to the out dated ones when working with Spring boot 3. you're helping me in both my full time job and in my freelance projects especially when it came to security of APIs. Bundle of Thanks

Thanks you sir. You explain the hight concept in the simple and amazing way.

You are the best! Thanks a lot! Mentions every side of the JWT. Basics, logout, refresh token, password change etc...

You saved me from my boss's anger.thankyou very much🙏

Excellent videos and playlist! 👍👍👍👍

Thank you so much for this and your other Spring Security videos! You break down overwhelming concepts into clear smaller pieces so easily. I learned so much from just going through a couple of your videos. Looking forward to watching more!

This is the best video about Spring Security and JWT. Thanks a lot for this lesson, it helped me incredibly :)

tbarkallah 3la weld bledi thank you so much Ali you're a lifesaver

Thank you so much, very well explained!

Thanks, your video goes at a very good pace with clear explanations. Apart from a couple of deprecated codes, it was great. Thanks for your help!

you have saved the IT Industry, Sir!!

Hi from Morocco, ur spring security tutorial are perfect, thank you for ur help.

Mashallah, thank you my brother for the clear step-by-step tutorial. Keep it up!

You are so wonderful! you teaching is very easy to understand. I watched your video 4 about spring security and i added more to watch them later!

Just finished watching the previous video implementing JWT, and adding this on top of that I've learnt a lot. Super thanks man 🔥.

the best one teaching spring 🔥🔥

Thankyou Sir for sharing your knowledge.

A lot of videos out there which rarely explain about logout! thanks a lot for this amazing video 🙏

Thaks for your job. These guides save a lot of time for beginners

Thank you for the amazing tutorial

That's soo coool, that you provide such really helpful videos and contents Thank you so much Sir

Hello from Russia, man. Thanks for your very helpful videos.

wonderfull !!! what a enrgy sir. Appriciated....

Such amazing and useful content and a better way to explain it in an easy way. We love your work and efforts. Thank you for such amazing content like this ❤.

It really cool and superb content.

Very useful and clear explanation. Thanks Ali

Amazing please keep going this topic of security is very rare, specially with this updates of spring security 6

Applause to your effort. Need to say this video is really informative and helped me extremely for implementing logout with jwt tokens. It would be really helpful if you could start a youtube series on implementing the microservices with all the features provided by spring cloud.

Thank you so much loved the video. I was stuck and looking for a resource. It helped me alot. Love from India

Amazing, Thank you and please keep uploading videos like this cause we really learn a lot from you .

Thank you so much for this and your other Spring Security videos! Your work is truly wonderful; please keep it up!

Wow broooo u r amazing. This tutorial helped me to solve my problem in my project))

so much thankful to you sir giving this videos very useful for me. Sir pls do video on forgot reset password

Thanks for this video Ali !

it was really a great tutorial. Thanks for sharing your knowledge with us

Bonjour Mr Bouali j'ai cru comprendre que stocker le JWT en Bdd pouvais être vu comme une mauvaise pratique pour des soucis de performance comment contré cette argument ? MERCI A VOUS

Awesome tutorial man! 48:20 was spot on, you got me right there.

These videos are amazing thanks a lot. I searched many videos about jwt security in java spring boot but they wasn't easy to understand but I can learn easily and clearly with your videos thanks. access and refresh token would be great

Топ контент. Дякую

really useful videos, keep going! I appreciate your course videos

excellent Ali, I don't miss any video I learn a lot from you 😎

Thanks Bouali ! this Security vids have been a great help ❤. You are awsome!!! Just wondering if you're going to do a change password vid to? forgotten password and e mail verification ?

Excellent, a video on refresh token would help

Thanks a lot Bouali. It was very beneficial as always. I really admire your high quality work and please continue creating more content.

Thanks for your effort in jwt. But i want to ask you a simple question Should we delete the previous tokens for specific user so we don't have alot of rows that we don't need in the database or not? Thanks in advance.

nice content.thank you

Thank you again, it's very clear !

Well done, keep up the amazing work!

Helpful and useful video , but it could be in easier way, you could create a new method called logout , then decode jwt , then change it date and it is all . Your explaining is very clear . Thank you

Thank you brother, this is inspiring and realy helped me a lot thank you. Can you pls help create a lecture for messaging queues like kafka or rabbitMQ? Stay blessed

Thanks for the video! I just didn't understand why we need to create a token during registration. and what about the refresh token?

great tutorial, and code works fine

Perfection !!!! 👍

Thanks for his sweet video

Thax Sir Realy Helped

Very cool explained everything thank you!!! One question. Isn't it more logical to just delete tokens so as not to store a bunch of invalid tokens in the database?

Thank you. Good job!

16:50 The query will return the tokens for the user that are either not expired or not revoked which means that will include tokens that are expired but not revoked, as well as tokens that are revoked but not expired. Was that the intention or we should return tokens that are neither expired nor revoked? For example instead of: ``` where u.id =:userId and (t.expired = false or t.revoked = false) ``` We can return non-expired and non-revoked tokens: ``` where u.id = :userId and t.expired = false and t.revoked = false ```

Amazing, Thank you

great

Thank you for your tutorial, I have a question that if every time the user authenticates and logs out, the token will be set revoked to false and expired is also false, but if that is the case, the database will contain corrupted fields. It's redundant and makes the database bigger when having to store the data. Can I clean up that extra data?

Awesome tutorial. I have one big doubt, I've seen lots of peopke saying its not secure to store tokens in the database. I am wondering the reason why you are doing this?

Thanks and Keep It Up Bro

Good Job Thanks

Hello Bouali! Great tutorial as always, thank you! Quick question: doesn't revoking the user's token on every authentication forbids them to log in to the application in different devices at the same time?

Thank you for the video! I have a question. When I log out, Are the tokens just left permanently in the database? I am curious about what processing is common in a practical environment.

Good tutorial. I have a question. the way in which this is implemented does it mean a user cant log in many devices ? Because the way I see it every time you log into another device all the other devices are logged out automatically

Great tutorial! Will you create video about refresh token?

Excellence video. Would you create a video using Angular to logout?

great video @Ali Bouali. I have a question. For you what is best for implementing jwt between custom jwt like you did or use Oath2 resource server which hold jwt implementation. In the last case how to implement logout? Thanks

¡Gracias!

thank you so much

Thank you so much!

Nice one :)

Amazing work! Just a question, why we generate jwt token both in register and the authenticate methods? In my understanding, in register the token is generated and then in each coming request user must pass the jwt token. Also, I thought that one user has only one token associated with him, so the relationship between user-token should be one-to-one and not one-to-many? Thanks

1) What is the use of revoking and expiring all tokens during JWT creation ( you have already done it in LogoutService class) Why doing twice ? 2)In this application user can not simultaneously login from two device ? (As soon as he login on another device, you are simply revoking all its previous tokens). Is above questions are valid or am I missing anything ? btw lecture is very helpful. Thank you.

I watched also the prev video about JWT. This videos are very straightforward and to the point. Just a little bit remark: why do you use var declaration instead of naming the proper type?

Good Job !

Thanks for the tutorial. i have some question How allow access to another resource like /api/v1/course when we already been logged (api/v1/auth/) with token. so we will not provide a token any time to another resource ?

Thank you so much AliBou !! This is very helpful. can you make video of logout from Keycloak auth server generating jwt token ?

Thanks for the informative video, the only thing I did not understand is why we do the same checks in LogoutHandler as in the filter, because if there is no Authorization header or it does not start with Bearer, then the filter will not skip this request, and if the filter missed us in EndPoint /logout, it means that the Authorization header is there and the token starts with Bearer and it is also not zero, am I right?

i think that in the LogoutService before clearing the SecurityContextHolder, in addition to checking for the existence of the token in our database, we should also check that it's not been revoked or expired.

thank you!!

good job, keep going ali 🤩🤩

thank you so much

You are awesome

Thanks for the video, a lot of useful info in it! One question though, is with JWT tokens since they are stateless logout part on backend really necessary? Can it present any security issue or is it just enough to stop user from accessing secured resources if it is handled on frontend, invalidated there or deleted from local storage?

Very helpful video. I have only one question, maybe I don’t understand something, but why store expired tokens.

Hi, are we updating the database accessToken expired parameter when the accessTokenExpiration time finish ?

Hi Bouali - Thanks for the amazing videos on Jwt. My question - in the first video, why are you only checking that token belongs to the user and does not expire during validation? Where does the secret key and the signature plays a role during validation? Can't i just create my own token and map to a valid and it will still be marked as valid?

Thank you

Please create a video of how to implement the refresh token, thanks for your work.

Amazing video ,it was so helpful, My question is why we don't delete the old token instead of setting it expired

thanks a lot !

If someone has a problem with LazyInitializationException occuring, in my case it was because i had @Data annotation in both User and Token Entities, that annotation contains @ToString which caused an infinite loop, I just replaced it with @Getter and @Setter.