If there is anything you were disappointed I didn’t talk about in this video, let me know and I’ll make another video to cover it. Maybe refresh tokens is something I could have covered.

I'm a PHP developer and this topic was one of the most confusing parts for me and I was looking for a simple explanation to understand this concept and you did very well, thank you very much.

Lol I was literally 30 seconds and I had to stop and subscribe to this guy. I already know he's going to be excellent at explaining

You are a legend! After combing through videos with people never quite explaining how to generate/store JWT tokens (securely), this was the video that put it all together. Thanks! My login portal will be built in your honor😆

Amazing! I spent 2 hours trying to understand this simple thing from other videos. Thank you !

hey man long term viewer here! i just wanna say even your old videos really help me out i was trying to get my jwt to work for the last 3 days and i finally got it thanks to you and another youtube ben awad! just wanted to say thank you!

You saved my brain from burning out! Thank you for explaining what JWT does!

I really like your videos, the manner you present the content always catchs my attention. Great work! Could you do a full youtubes series about Authentication/Authorization?

I wont watch your video because in the title has 10 minutes but actually have 10 minutes and 19 seconds. Great video my friend, merry christmas

Wonderfully clarified. Much appreciated!

cookieParser is not for putting jwt in the users' cookie, but instead to read the cookie from incoming users requests for authorizing. When it comes to setting up the cookie initially by the server, that can be done without the cookieParser too

Wondeful! The content was clear and very informative. It helped me figure things out. Thank you a lot!

Dude you are AWESOME! You are helping me to achieve so much! I love your work mate!

I like the way you explain this. thorough and effective. thank you

Thank you so much. Your video saved my application

Chome will not set the cookie. It is received in 'Network' but in the 'Application' Tab it does not.

Best explanation on JWT. TYSM!

That was awesome, quick and to the point! Thanks!

Thank you, you made the things too easy.

This is an amazing example and explanation. Thank you.

this was such a clear explanation

Nice explanation! Earned yourself a sub with this banger

Thanks broo! This is exactly what I was looking for

1 million likes !!!! tnx

Well made video. Got it down instantly!

I think refresh tokens would be cool to go over. Ive been fiddling with them but have not yet figured a 'good' way to refresh a jwt with react

fantastic explanation

Exactly what I wanted. Thanks

Nice one, good overview, thanks!

Thanks, you saved my world!

Such a great lesson!

Really good work man :D

Amazing video man!

Please do the same video video by setting the http only cookie at the frontend in a react app, making the SPA app's routes protected with each request. And also with sameSite set to strict. I'll be thankful.

god tier tutorial

Hello bro! Good video in fact it was for a video of tokens that a subscribed to your channel jeje. A question my bro, how should I store the token? Also why and how I need to use refresh tokens. Thank you very much for your videos they are really useful :)

How did you implement this: could you share link to learn this and the basics too?

Excellent explanation, one question, in localhost everything works fine when connecting frontend with backend, but in production (backend in railway and frontend in vercel) the cookies never arrive to the front and therefore does not start the session, what can I do?

Nice job. May be you can add another section to use an actual oauth issuer like okta

Thank you sir, its awesome 🤝

Very nice, thanks and good job.

With your doing, I wonder if two different account logins are on the same device. How did the server return and manage their cookie & token? Can you explain this situation, many thanks

im a student and i am only developing on localhost at the moment. could you please explain if this requires an actual extablished connection (which i dont know how to yet) or if i can slap this on my project and will work on localhost without issues? i saw you have declared a variable for a port, but thats where my knowledge about connections ends

Thk bro! Thats a great video!

This was great, thank you!

Well explained :)

Great input, thank you

Good job babe!

Thank you do you have the full tutorial?

Do we need to do anything on UI for setting up the cookie? I am receiving the Set-Cookie header but not seeing in the browser

thanks mate, raelly helpful

FIrstly, thank you so much for this video. It helped me so much. I hope you reach your subscribers goal. But I have one question. So, I noticed that you did "req.user". The user contains id, iat, and exp. But you never used this "user" you sent to the request object. So my question is, how and when would you need to use this "user" ? Thank you for your time.

Your hand is freakishly huge😱

very useful tnq

Great job, thanks!

Thanks cookie parser !

Great Video!

In my code, I store the refresh token inside an HttpOnly cookie. Every time a user wants to open the website, it checks if the refresh token cookie is expired. If it is expired, the user is logged out and asked to log in again. If it is not expired, a new access token is created and the user is taken to the homepage without being asked to log in. The access token expires after 15 minutes, and at that point, the refresh token inside the cookie is checked again. If the refresh token is still valid, a new access token is created automatically, and the API request is made. Is there a problem with this approach?

Thank you 💌

Pretty explain ❤️❤️❤️

THANK YOU SO MUCH

Nice explanation

Hello, Im having an issue where there''s a response header for set-cookies, but no cookies ion the application storage, why is that?

I can see the set-cookie in the response headers but cannot see the cookie in the application tab. Why is it so?

awesome video

What is going through my head is if the user guess the secret thats on the server, then they can easilly manipulate the JWT? Would it be valid to use secrets rotation for this purpose?

Thank you.

Just started this video and at 1:28 you have at line 8 you are destructuring the request body into an object. but what is the variable name!?!? …nevermind. i see. it’s not destructuring into an object but two variables. 🙄

why the application tab cookie not setting can you explain

Thanks!

Sir setting req.user = user not working in typescript ? const user = jwt.verify........... how it extract user from jwt automatically?

awesome

so every 15 minutes I have to log back in?

nice video.

Hey man, what's the name of the theme you are using? It looks smooth

Subscribed!..

does this also keep the user logged in?

Do you have a file that works for aptopayments specifically? thanks!

Cookies header is full but cookie is not stored

3:53 Is it the backend, not the frontend, that set cookies on the user's browser? pls answer me :(

I dont understand how does your browser know on how to save the received cookie in the Application -> Cookies tab

can you make a tutorial with refresh token?

can you help me with authorisation through headers

Thanks for this tutorial! Was really helpful but I can't get the "Token" Cookie in the "Application" tab even if I have the "Set-Cookie" in the Network response Headers... I'm looking at some forums but it looks like Chrome don't want to set cookies on URL with port since a few version.. Any idea?

I am getting token in postmen but it is not being saved in cookies in chrome

cookie-parser is not working on production this is working only in local

Hi could you please clarify my doubt if some one steal a valid JWT token and send behalf of us , how it should be validated in this case..

💯

I'm in love with this content. I recently read a similar book, and I was completely in love with it. "Mastering AWS: A Software Engineers Guide" by Nathan Vale

Question why can we still access it in the browser if it’s in http only?

The set cookie is received in 'Network-(response header )' but in the 'Application-(cookie storage)' the cookie is not saved by the browser😔😔 ----help?? anyone??

quick note, YOU DON"T NEED cookie-pareser anymore.

Chrome is not able to fetch Api but Postman can fetch it easily, Can anyone help with this error 😢😢😢😢😢😢😢😢😢😢😢😢😢😢?????

My jwt token not store in cookie

Vs code theme name?

Jones Nancy Lee Kenneth Garcia Cynthia

Davis Matthew Harris Steven Brown Angela

expiration 1 hour, that is so unrealistic. So person needs to login every hour. Come on don't just copy paste tutorials from other people.

Hi when I use local storage to save my jwt, I can easily check if the jwt exists in local storage and protect my SPA pages - if the jwt is in local storage. But when I try check if the httpOnly cookie exists using Cookies.get('myCookie'); I get undefined. But I can see the cookie in the chrome dev tools. I noticed the only work around was to set the httpOnly to false and then I could see my cookie. So yeah my question is if I wanna store as httpOnly: true. How can I access the cookie so I can protect my SPA pages.

Very useful. Thanks!