UPDATE: at 55:20 the correct import syntax would be "import { jwtDecode } from "jwt-decode";". Then also update the initialization of the decodedToken later on by replacing "const decodedToken = jwt_decode(user.accessToken);" with "const decodedToken = jwtDecode(user.accessToken);"

After hours of googling and looking at other guides this is by far the best one. Straight to the point and covers exactly what you need to know about how to use JWT. Thank you.

you're the MAN... long live Lama Dev

You are the best teacher I ever seen In my school and KZbin. So easy, so clear. This is the best tutorial I ever seen in my life. thanks my friend. You really saved my life from struggling with jwt for months. Really THank you man.

A very easy-to-follow tutorial on JWT Authentication in Node/React. Thank you, Lama Dev {2023-03-22}

Best channel on KZbin for MERN stack mastery.

dude wtf, best tutorial of jwt, after checking like 10 Thanks!

YOU TOOK MY REQUEST THANKS, DUDE! ALWAYS WILL GET SUPPORT.

Thanks Man, I am from Venezuela, I don't understand much English, but I can tell you that your video is the best, coz there are not videos in Spanish that explained as I can refresh the access tokken.

Really helpful tutorial, I couldn't find a good one for some time and yours is perfect!

Simple clear and concise, thank you very much lamadev !

thank you for tutorial, JWT is mandatory nowadays.

best tutorial to learn understand and implement JWT. Great work!

The only insightful video on jwt, THANKS!

Thank you ! I was waiting for the full reactjs+nodejs make e-commerce website

Why is there a different endpoint to exchange the refresh token for a new access token? This seems like it would make building the UI very difficult as you need to try to hit the endpoint, see if the error is unauthorized, if it is, get a new access token and try again. I think this should be done automatically on every request. If the access token is expired, given them a new access token and continue processing the request.

I was waiting for the jwt tutorial. It's the best as always

5 Minutes in I knew it's gonna be a great tutorial. Was right. Thank you!

Your content is the best on internet, thank you very much

Hi I have a question. It seems like in this tutorial, you are always logged out after you refresh. In your React Social Media tutorial, you stored your user object in localStorage to let the user remain logged-in after page refresh. My question is, since you need accessToken to do stuff like delete posts etc, wouldn't you need to store accessToken in localStorage also? If you don't store accessToken in localStorage (only store in useState or useContext), after the user refresh the page he/she cannot delete post anymore since the accessToken state/context will be null. But if you store it in localStorage, doesn't this defeat the purpose of jwt, because hackers can see it from localStorage. So how do I use JWT, and at the same time, pass down this accessToken if my user refreshes the page?

really awesome tutorial, love the way you explain things

Hi Lama, Thanks for this great Tutorial, I want to specially request if you'd explain how to store the refreshToken in real Mongodb Database and not locally as an Array. I also would love to see what the refreshToken model looks like. would you create a separate schema for the refreshToken or just add it to the existing user model as type "Array" Please anyone can help me in this area, it's really challenging me.

i didn't understand "req.user = user", req.user stand for what? in 23:30

You are the best Lama~!! The content is so informative!! Thank you so much~!

Thank you very much, I really love your videos, thank you for making us better everyday

I love you so much. I want to support you but I lost my job for 4 months.

when do we use JWT over something like Auth0 or Google Firebase Authentication?

why you dont use refresh token in ecommerce project.I am little bit confuse with that

I love your videos. Thank you for this!!

I love your videos!. Thank you so much, greetings from Colombia

very well explained !! thank you for JWT tutorial

Thanks very much, tutorial was very helpful.

It seemed really easy thanks for the tutorial.. Gonna revise again while making netflix clone (streaming platform) ☺️☺️

Thanks for your great tutorial

i faced a problem in auth so i am writing this to help other : if your access token expire after some time then In axios Instance interceptor add "" config.headers["authorization"] = "Bearer " + accessToken; "" because after the token is refresh the axios instance headers will not update automatically . I Hope i was able to explain what i want to say.

Love your videos, thanks for the uploads

Nice work. Just want to know why not making use of cookies ?

You are doiing an amazing Job. Thanks

i have a question. When i reload the page... it will ask for login credentials again and again.... How do i tackle that?

why should we use the word Bearer before the token? , thanks :)

Helpful information, thanks

Why you are using state variable to store the user Data ? Can we store it in cookies/local storage ?

Okay I have a question.anyone help ? When logging out why do I need to verify?I mean the goal is to delete the refresh token from the array.Its all about the refresh token! So why bother sending the access token as well?? We did not send the access token when refrshing,,because that was also about the refrsh token!

Do you have a project to configure interceptors for the entire app?

How am I supposed to store the refresh token in my mongo database? should every user have their own refresh token so i call it like 'user.refreshToken' or should they be completely separate from users ?

But, we miss logout from react. How can we stay logged in. Should I store refresh token in browser cookies or local storage

Abi videoların baya güzel yeni fark ettim kanalı. :) Teşekkürler videolar için.

hocam selamlar, ben daha yeni başladım kodlamaya, videonuzu izledim teşekkür ederim sonra, uyguladım kendi uğraştığım bir siteye, access token ve refresh token elde ediyorum. refresh tokenları backende yönlendirdim orada tutuyorum. örneğin bir post atma işlemi yaparken kullanıcının access tokena erişimi olduğunu kontrol ediyor ekstra olarak, backende bakıp refresh tokenlede eşleşme şartı koydum. video başında dediğiniz gibi kullancı 2 nin sadece ismini bulup işlem yapamıyor. yeterli midir basit bir websitesi için

Why did you have to put Bearer in the request header value? I don't understand. Why can't we just put the token there without the bearer.

What do delete user means? If the user is deleted how were we getting the access token with new refresh token even after deleting when we refresh?

hi, I want that when a person reload page then it still logged in. How to implement this in jwt. I implemented in using local storage but its not good as discussed.

Very helpful content thanks👍

I have a confusion. While logging out since we are only removing the refreshToken and not the accessToken, wouldn't they be technically logged in for the duration of the access token?

Thanks for your great tutorial Şafak. Should we use NextJs framework for fullstack javascript applications? what do you suggest ?

Thank you Lama, you are the greatest

Awesome explanation. Thanks.

help, I'm doing this for my website but when user refreshes the page, the status is gone... wtf? Also, what's the point of a refresh token if you only bind it to a specific axios instance. So, if I go afk for 15 mins, I'll still get logged out, unless i delete a user.

Lama we can't add new lines in the blog description. Can you please see to it?

lama please make video on otp and email verification. You have helped us alot thank you so much

super nicely done tutorial

So with refresh everything will be lost beacuse of the state?

Should i save refreshTokens in my User model on mongodb?

Thanks for this great Tutorial...

Is it possible to store JWT token on Server side not on Client side Cookies???

Hi Lama, Thanks for the tutorial. I'm however stuck when logging out. I'm trying to log out by redirecting back to another page but it keeps failing. Kindly assist

Who can tell me why we create a new instance axios please i can't understand that

so refresh token is only there for refreshing access tokens?

Hi,i tried using it with the blog project i'm stuck. Could you do the jwt tutorial with the blog project please

you are my best teacher.

23:42 what does next() does?

what keyboard you are using?

Shouldn't the access tokens be stored in a HTTP only cookie?

my brain explode XD ,ty for the great content

It would be wonderful if you could use this tutorial on blog project. I really confessed. I can do only Auth . But i can not implement on blog project.

This is a really straightforward tutorial. Thanks Lama. Is there a reason why we must include "Bearer" in the authorization string?

could this also be implented into vue?

thank you sir i was wating for this

Awesome JWT tutorial

Perfect!!!!!! i will buy u a coofe! cheers from Perú btw you should make an example like Google auth i mean when you login from other country or device and google send you an alert if you are loggin from there... i hope you can understand thanks!

the proxy doesn't work, any advice? :/

Please can some one tell me how to link backend with React?I tried to login many times but nothing happened :(

You are amazing. Love you.

How can I make the client part tho..

best explanation

You are just fantastic

blog is responsive or not??

can you do some MERN Ecommerce tutorial with authenticatiom

Thanks for this tutorial

Really good tutorial although not all functions are then replicated on the front end, such as the Logout function. Is there a reason for this?

awesome tutorial

I'm beginner share command for creating api file ... Please

How to connect react js and node js?

thank you ,great tutoriel

how about the logout ?

thank you for this great tutorial ❤❤❤🫡🫡

Hi Lama, very appreciate for your tutor, If possible can you teach us how to pass axiosJWT in this video to contextAPI

Are you from nepal coz you have name started with lama and here we have lamas and sherpas in himalaya😊

You are the great 👍👍 man

Great tutorial thx! For registering, could you show how to implement admin approval needed before users can log in? This way only approved friends can create an account and sign in.

What i was looking for was req.user = user;