dropping in to say hi, the Odin project directed me here.
@forbiddenumbrella4 жыл бұрын
The amount of hard work he puts is commendable.
@armaandhanji71514 жыл бұрын
Zach, thanks for taking the time to continue unraveling the "black box" behind passport and alot of it's functions. I am certain your videos will be very useful in the future for companies considering passport for authentication. Thanks again for the incredible content. Looking forward to your next upload!
@joshuataylor417710 күн бұрын
I can't tell you how helpful this was! I have been trying to implement passport for my capstone project for over a week now, and although some of the code is outdated at this point, he explained it well enough that I could find the proper documentation to easily amend it.
@sanilkhurana39914 жыл бұрын
Such an amazing series. The documentation is so shit for passport, they should just link this playlist in their doc. That's the least they can do
@inuke4fun8323 жыл бұрын
This whole series so far has proven to be extraordinarily helpful, I genuinely respect the hell out of you for taking your time with this and making it so good whilst it still being free and accessible. no idea how you "only" have 5k subs but with this quality of content I cant see a world where you dont blow up in this space on youtube. Most people when they are explaining things at least on youtube just rush thru not really making you understand but you are different by far one of the best teachers I have seen on this platform.
@zachgoll3 жыл бұрын
Thanks for the compliment! Means a lot to me and definitely makes me want to keep creating this stuff (for free of course 💪)
@drakecoleman93643 жыл бұрын
I can not believe you've given this out for free. The way you baby step each part and make it so easy to understand is amazing. I owe you, I really do. I'm in debt to you friend.
@muratkaradas1483 Жыл бұрын
Zach does an excellent job of demystifying the inner workings of a software library that lacks an easy to follow and beginner friendly documentation. It's refreshing to see someone tackle a complex subject and break it down into understandable chunks. Thank you for shedding light on these topics and making it accessible to everyone!
@nabsteve3 жыл бұрын
I'm in video 5 of 11, and so far this series has taught a WHOLE LOT. I'm already by far a better programmer before getting halfway done.
@julesgilson.3 жыл бұрын
well done for making an educational video and not just verbalising a boiler plate like most others. This is how you learn development
@zachgoll3 жыл бұрын
Thank you for your comment! I always worry that I'm getting too detailed but really try to explain the "why" behind things.
@julesgilson.3 жыл бұрын
@@zachgoll Some people like the demonstrations and other people like to learn exactly what things do - so they can fix them when they go wrong. You can't please all the people - especially on KZbin! Just make the videos as you see fit
@in-loco26674 жыл бұрын
I used to listen to some tutorials but Zach Gollwitzer has became my favourite after this series he really explain things in simplified form
@stiventson44643 жыл бұрын
I like the fact that you took care of explaining things detailed, like the password verifycation and generation, there is a easier way of doing it but the way you did it makes it clear about how does it work, I really like that becouse I feel like I have more controll about what I'm doing
@bryanurizar3 жыл бұрын
I’ve been reading your article on Medium all week. Didn’t realize there were videos! I need to watch these. Thanks!
@zachgoll3 жыл бұрын
Hope you enjoy!
@tricky44 жыл бұрын
Amazing Zach, thank you. Best express +Passport explanation I saw
@atiqkhawaja81744 жыл бұрын
zach, i am extremely thankful for making such kind of stuff.
@thatguy66642 жыл бұрын
I gave you a like simply because you have a starter branch that includes all of the imports so we can start coding ASAP...the first videos have been very informative so thank you very much!
@ReelDealBMX4 жыл бұрын
This video was super helpful especially considering how much explanation the documentation lacks. Subbed
@siamak.hatami4 жыл бұрын
the most clear and fantastic teaching and presentation. thank you.
@4spuhrbar8863 жыл бұрын
Thank you very much helped me a lot! :)
@rockwu63763 жыл бұрын
I have never seen such a handsome coder! I think you are a bit like Leonardo. BTW, the way you speak is really gentle.
@LfCarra233 жыл бұрын
You sir, deserve a million views. Thanks a whole lot.
@maxhofer85583 жыл бұрын
love it
@maxhofer85583 жыл бұрын
i got some err. IDE cant resolve variable User in this line. "const User = connection.models.User;" -> Unresolved variable User
@kim92se644 жыл бұрын
what a great explanation !!!!!!! hey buddy you made a difficult thing to so much easy !!!!! awesome TC
@therobotious94082 жыл бұрын
The best video series on the topic, thanks very much.
@johnyanastacio11074 жыл бұрын
The best tutorial about this subject that I have ever seen. Thank you so much man.
@elianbarci4 жыл бұрын
Thank you Zach, actually the best tutorial of this subject
@abdurrahmanibnhamdan89104 жыл бұрын
Thank you Zach, I just want to point out you did't mention to change the value of username and password HTML input name attribute.
@sezif31573 жыл бұрын
Bro your tutorials are awesome!! , its hard to find something at this level. Thanks!!
@marcossalvo75033 жыл бұрын
Amazing work, you have a new fan! Regards from Spain!
@rickfearn36633 жыл бұрын
Outstanding in clarity.
@dbr_1994 жыл бұрын
Very helpful videos. Thank you!
@bitcooin4 жыл бұрын
Zach, I'm very thankful for these videos. :)
@prateekpandey47813 жыл бұрын
Please do more videos on xpress Zach your videos are really good
@chiragkamatkamat2 жыл бұрын
Super thank you for the efforts, this will definitely help in the interviews.
@merakli20223 жыл бұрын
Awesome. Great tutorial. Keep up the good work.
@stiventson44643 жыл бұрын
this dude is like so lovely, amazing job
@dawid_dahl4 жыл бұрын
Love this channel!
@NickCarboneDrum3 жыл бұрын
YOU ARE A HERO!
@prabhsharansingh61503 жыл бұрын
Good work man!
@mackynikat88333 жыл бұрын
. your bos and i have the same thinking , the words, declaration etc, is what is already done in my plain text editor
@TheNinad224 жыл бұрын
it gives error cant read property hash of undefined. though I have followed the code. it gives error at signup method
@ShubhamPalriwala4 жыл бұрын
Change the name of form fields 'username' to 'uname' and 'password' to 'pw'
@theadrix924 жыл бұрын
@@ShubhamPalriwala thank you
@MinigunHarcos3 жыл бұрын
Awesome video!
@skverskk4 жыл бұрын
Great tutorial. Just curious why you chose node crypto library vs bcrypt.. Or just a personal preference.
@zachgoll4 жыл бұрын
In short, it was mainly to keep things as simple as possible. Most would argue that bcrypt (currently) has a better password hashing algorithm that is more resistant to brute force attacks. That said, NodeJS is a very robust framework and it is definitely in the best interest of the maintainers of the project to keep the Node crypto library secure. For most people watching this video, I don't think the choice will have any profound effects on the outcome of their project.
@sruthyml76564 жыл бұрын
Why not use passport local mongoose package??
@nonameara23213 жыл бұрын
Dude, thanks for the videos :)
@jamshidtashkent1976 Жыл бұрын
thank you Zach.
@Sinha.ritesh4 ай бұрын
beautifully explained ..
@benki129 Жыл бұрын
Great job buddy
@JoonhwanLee3 жыл бұрын
logical clear incredible!
@HDSourZ4 жыл бұрын
Do you have a repo of the finished project? That would be really helpful
@johnnyboghean22423 жыл бұрын
Thank you very much for this. It really taught me how to implement a basic login for an app I am building. I am using postgreSQL and bcrypt and passport with local strategy after watching this series. My question is, how secure is passport with local strategy and express session ?
@zachgoll3 жыл бұрын
These strategies are used in tons of production apps, so they are pretty secure. That said, there’s a lot more considerations to make on a security front than just the authentication side of things, but likely aren’t going to apply unless you’re working on a mature project that would be a target of hacking
@johnnyboghean22423 жыл бұрын
@@zachgoll Thank you for replying. I am going to look into security more at some point to learn about different types of attacks and how to build defenses for them. For now, I wanted to make sure the authentication part is decently secure and my mind is at ease.
@Tesseract96304 жыл бұрын
best explanation.
@samuelemyrs2 жыл бұрын
You are the best
@bob-pk2ly4 жыл бұрын
thank you for this tutorial, gonna get started. but one question. can i still follow thru while i use the mongo atlas database?
@ananyasharma52223 жыл бұрын
yes u can
@kllokoq2 жыл бұрын
I really don't know why customFields are not working for me. I still keep getting the same value as defined on the input tag? I had to work around it by extracting the keys from req.body with Object.keys(). Does anyone have any idea why? Is it possible that a library we're using has been updated in some way and they failed to document the change, and now we're left here melting our brains with useless things.
@jefferiushere2k7 Жыл бұрын
Did you figure this out? Mine also didn't work and I had to have verifyCalback as a function not a variable
@lidera2006 Жыл бұрын
@@jefferiushere2k7 the name field on username and password inputs need to be "pw" and "uname" for those to work.
@AtmaniChouaib7 ай бұрын
thank you, but i faced an issue when submitting the password bcz the password data type in the schema is string, but in the input type is password, so an error of unrelated dataTypes occured to me i fixed it by changing the input to string type but now its exposed when typing is it correct ?
@AtmaniChouaib7 ай бұрын
i fixed it i just had to drop the collection and regenerate it no problem now thank you
@gouravbatra36563 жыл бұрын
What happens to session object when cookie storing its sessionId is expired ? does it remain stored in the database or it gets deleted from it automatically ?
@zachgoll3 жыл бұрын
Would you mind telling me the time stamp of the video you are asking about? Would love to help but I made this video a while ago and can’t remember
@kag36703 жыл бұрын
session record gets deleted from db automatically when cookie gets expired
@sam-zy2dn4 жыл бұрын
Thanks Zach for your great tutorial. Do you have any idea why in bcrypt we do not save the salt? as far as I know even the salt is a random but at the end you only need to know by how many random bytes the salt is generated and you do not need to know the exact salt value to decrypt it ( please consider that I am talking about the salt and not the hash). Basically if you use bcrypt.hashSync(password, bcrypt.genSaltSync(10), null) without saving the salt, you still could decrypt it with bcrypt.compareSync(password, this.password)
@zachgoll4 жыл бұрын
From my understanding, you DO need the exact value of the salt to decrypt. bcrypt stores the salt within the "hash" as opposed to the Node crypto library, which requires them to be passed separately. See this post - stackoverflow.com/a/6832628/7437737 The salt is not meant to be hidden, so it doesn't matter where you store it as long as you can retrieve it when it comes time to decrypt the hash. The reason we have salts in the first place is to prevent a "rainbow table attack", which is basically where an attacker pre-computes the hashes of millions of plaintext passwords and then simply loops through the table to try and brute-force attack a password. If you use a salt, that hacker would need to re-compute that entire table for EACH salt. Computationally, this makes it far too expensive for the hacker to brute force attack a database of passwords.
@sam-zy2dn4 жыл бұрын
@@zachgoll Sorry for the late answer Zach. Honesly, in my implementation I did not record salt in db and still I could decrypt it with compareSync. But as I wrote the codes long time ago I need to double check it and back to you. Still thanks for your effort to clear passport mess!
@IPS4232 жыл бұрын
@@zachgoll I thought that salt was meant for the case where a hacker (or even developer) has gotten access to hashed passwords. In case of bcrypt, this hacker will not have access to salt - because its generated, never stored. The salt can be easily removed from de-crypted string - because its of fixed length - you don't need to know it (I think). BUT the hacker will need the salt for "rainbow table attack" - things won't match otherwise - he has to compare the resulting hash. SO after this, even a developer who has access to password hash will not be able to match the hashes to the ones from a "rainbow table" even if the original password matches. Am I right?
@tanveerulhoque68032 жыл бұрын
thanks mate :)
@aravindsaipanasa473 жыл бұрын
Bro plz provide entire code also in github repository love from INDIA
@arvindchauhan84393 жыл бұрын
Thankyou!!!
@yogeshbhatt3883 жыл бұрын
thank you
@mateogomez-randulfe73943 жыл бұрын
sha512 no please, use bycrypt instead
@zachgoll3 жыл бұрын
While I’m not disagreeing, what is your reasoning for this?
@mateogomez-randulfe73943 жыл бұрын
@@zachgoll I think it is way better to use a key stretching algo such as bycrypt. Couldn't explain it better than this post why SHA512 has some flaws compared to bycrypt dusted.codes/sha-256-is-not-a-secure-password-hashing-algorithm
@mateogomez-randulfe73943 жыл бұрын
PS: loving your introduction to passport videos, keep it up ! :D
@zachgoll3 жыл бұрын
@@mateogomez-randulfe7394 nice! Thanks for the resource. I think the consensus among the developer community is definitely bcrypt, but I wanted to show that it was possible (and probably okay for most smaller apps) using Node alone
@creaatiive17184 жыл бұрын
speedx1.5 *perfect
@evilpollination19162 ай бұрын
4 years later and that example page still leads to a 404.
@evilservo4 жыл бұрын
giving me a error , cannot create property 'generate' of string 'sessionStore' EDIT: Opps my bad was passing variable as a string lol such a stupid mistake
@PatrickSierak4 жыл бұрын
He said "pass the salt"
@we_tech_bros2 жыл бұрын
Why cant you use ajax ? teach node with ajax and when it comes to passport no more ajax... this is crazy
@damanm4146 Жыл бұрын
46:00
@anasouardini2 жыл бұрын
if I do all of that manually, wtf is the job of passport-local LOL