If there is anything you were disappointed I didn’t talk about in this video, let me know and I’ll make another video to cover it. Maybe refresh tokens is something I could have covered.

I'm a PHP developer and this topic was one of the most confusing parts for me and I was looking for a simple explanation to understand this concept and you did very well, thank you very much.

You are a legend! After combing through videos with people never quite explaining how to generate/store JWT tokens (securely), this was the video that put it all together. Thanks! My login portal will be built in your honor😆

Amazing! I spent 2 hours trying to understand this simple thing from other videos. Thank you !

You saved my brain from burning out! Thank you for explaining what JWT does!

I really like your videos, the manner you present the content always catchs my attention. Great work! Could you do a full youtubes series about Authentication/Authorization?

hey man long term viewer here! i just wanna say even your old videos really help me out i was trying to get my jwt to work for the last 3 days and i finally got it thanks to you and another youtube ben awad! just wanted to say thank you!

Lol I was literally 30 seconds and I had to stop and subscribe to this guy. I already know he's going to be excellent at explaining

I like the way you explain this. thorough and effective. thank you

simple explanation for such an confusing topic, Thank you

Chome will not set the cookie. It is received in 'Network' but in the 'Application' Tab it does not.

cookieParser is not for putting jwt in the users' cookie, but instead to read the cookie from incoming users requests for authorizing. When it comes to setting up the cookie initially by the server, that can be done without the cookieParser too

im a student and i am only developing on localhost at the moment. could you please explain if this requires an actual extablished connection (which i dont know how to yet) or if i can slap this on my project and will work on localhost without issues? i saw you have declared a variable for a port, but thats where my knowledge about connections ends

With your doing, I wonder if two different account logins are on the same device. How did the server return and manage their cookie & token? Can you explain this situation, many thanks

Wondeful! The content was clear and very informative. It helped me figure things out. Thank you a lot!

Dude you are AWESOME! You are helping me to achieve so much! I love your work mate!

Best explanation on JWT. TYSM!

That was awesome, quick and to the point! Thanks!

Do we need to do anything on UI for setting up the cookie? I am receiving the Set-Cookie header but not seeing in the browser

I wont watch your video because in the title has 10 minutes but actually have 10 minutes and 19 seconds. Great video my friend, merry christmas

Thank you so much. Your video saved my application

In my code, I store the refresh token inside an HttpOnly cookie. Every time a user wants to open the website, it checks if the refresh token cookie is expired. If it is expired, the user is logged out and asked to log in again. If it is not expired, a new access token is created and the user is taken to the homepage without being asked to log in. The access token expires after 15 minutes, and at that point, the refresh token inside the cookie is checked again. If the refresh token is still valid, a new access token is created automatically, and the API request is made. Is there a problem with this approach?

This is an amazing example and explanation. Thank you.

this was such a clear explanation

What is going through my head is if the user guess the secret thats on the server, then they can easilly manipulate the JWT? Would it be valid to use secrets rotation for this purpose?

Excellent explanation, one question, in localhost everything works fine when connecting frontend with backend, but in production (backend in railway and frontend in vercel) the cookies never arrive to the front and therefore does not start the session, what can I do?

Nice explanation! Earned yourself a sub with this banger

I can see the set-cookie in the response headers but cannot see the cookie in the application tab. Why is it so?

Thanks broo! This is exactly what I was looking for

Nice one, good overview, thanks!

I think refresh tokens would be cool to go over. Ive been fiddling with them but have not yet figured a 'good' way to refresh a jwt with react

Hello, Im having an issue where there''s a response header for set-cookies, but no cookies ion the application storage, why is that?

Please do the same video video by setting the http only cookie at the frontend in a react app, making the SPA app's routes protected with each request. And also with sameSite set to strict. I'll be thankful.

fantastic explanation

Thanks, you saved my world!

Well made video. Got it down instantly!

Exactly what I wanted. Thanks

Sir setting req.user = user not working in typescript ? const user = jwt.verify........... how it extract user from jwt automatically?

Thk bro! Thats a great video!

Hello bro! Good video in fact it was for a video of tokens that a subscribed to your channel jeje. A question my bro, how should I store the token? Also why and how I need to use refresh tokens. Thank you very much for your videos they are really useful :)

FIrstly, thank you so much for this video. It helped me so much. I hope you reach your subscribers goal. But I have one question. So, I noticed that you did "req.user". The user contains id, iat, and exp. But you never used this "user" you sent to the request object. So my question is, how and when would you need to use this "user" ? Thank you for your time.

Such a great lesson!

3:53 Is it the backend, not the frontend, that set cookies on the user's browser? pls answer me :(

so every 15 minutes I have to log back in?

Nice job. May be you can add another section to use an actual oauth issuer like okta

The set cookie is received in 'Network-(response header )' but in the 'Application-(cookie storage)' the cookie is not saved by the browser😔😔 ----help?? anyone??

cookie-parser is not working on production this is working only in local

god tier tutorial

Really good work man :D

Amazing video man!

Do you have a file that works for aptopayments specifically? thanks!

Thank you sir, its awesome 🤝

Cookies header is full but cookie is not stored

This was great, thank you!

1 million likes !!!! tnx

I am getting token in postmen but it is not being saved in cookies in chrome

Great input, thank you

Very nice, thanks and good job.

Very useful. Thanks!

Thank you do you have the full tutorial?

Good job babe!

does this also keep the user logged in?

can you help me with authorisation through headers

Well explained :)

Thank you 💌

Thanks for this tutorial! Was really helpful but I can't get the "Token" Cookie in the "Application" tab even if I have the "Set-Cookie" in the Network response Headers... I'm looking at some forums but it looks like Chrome don't want to set cookies on URL with port since a few version.. Any idea?

Your hand is freakishly huge😱

thanks mate, raelly helpful

Hi could you please clarify my doubt if some one steal a valid JWT token and send behalf of us , how it should be validated in this case..

Great video!

I dont understand how does your browser know on how to save the received cookie in the Application -> Cookies tab

Hey man, what's the name of the theme you are using? It looks smooth

Nice explanation

Thanks cookie parser !

very useful tnq

THANK YOU SO MUCH

Pretty explain ❤️❤️❤️

Question why can we still access it in the browser if it’s in http only?

quick note, YOU DON"T NEED cookie-pareser anymore.

Thank you.

awesome

awesome video

can you make a tutorial with refresh token?

My jwt token not store in cookie

Thanks!

Just started this video and at 1:28 you have at line 8 you are destructuring the request body into an object. but what is the variable name!?!? …nevermind. i see. it’s not destructuring into an object but two variables. 🙄

💯

Subscribed!..

nice video.

I'm in love with this content. I recently read a similar book, and I was completely in love with it. "Mastering AWS: A Software Engineers Guide" by Nathan Vale

Vs code theme name?

Jones Nancy Lee Kenneth Garcia Cynthia

Lopez Frank Smith Kenneth Harris Eric

Davis Matthew Harris Steven Brown Angela

expiration 1 hour, that is so unrealistic. So person needs to login every hour. Come on don't just copy paste tutorials from other people.

Hi when I use local storage to save my jwt, I can easily check if the jwt exists in local storage and protect my SPA pages - if the jwt is in local storage. But when I try check if the httpOnly cookie exists using Cookies.get('myCookie'); I get undefined. But I can see the cookie in the chrome dev tools. I noticed the only work around was to set the httpOnly to false and then I could see my cookie. So yeah my question is if I wanna store as httpOnly: true. How can I access the cookie so I can protect my SPA pages.

Great job, thanks!

Great Video!

Johnson Jessica Lee Susan Thomas Timothy

Moore Sandra Perez Timothy White Donna