Good video, despite the terminology confusion about authorization and authentication (these terms are used incorrectly in many occurrences)

You know what? I usually never like and comment but you were genuine about it. And the content is actually good. So have my like sir

Bro..you are a life saver man. Was looking for this for days. Finally found it. Continue on making such Quality content. Thanks man

This is a great series of videos. I'm working on a project for college using the exact same stack and wasn't sure what method I wanted to use for authentication, then I found your videos. Thank you for the time and effort to share this with us!

Thank you! There is a bunch of tutorials that do not apply to a real project, and you getting your project and applying this concept on it, allowed me, to do the same, I have a project and I applied your logic in mine, worked like a charm.

U deserve million subscribers. Awesome tutorial. Keep it up bro 👊💪💯

Hey, Just wanted to say thank you for the quality content. Me and my brother (32 year old with a Degree in Industrial Engineering and Management & 29 year old with a Degree in Computer Science) learned so much from you about JWT, and about how Session works. This tutorial will be embedded into our website, and we will forever be grateful and in your debt! Thank you thank you thank you ♥ You look so young, how old are you?

Pedro sir This series is one of the best videos seen.

Great videos thank you. Keep up the good work! A tip on explaining the difference which may be easier for people to remember: Authentication = who are you? Authorisation = What are you allowed to do (i.e. login)

you're really really great programmer I learned a lot from you thanks a lot keep going bro and I hope you gonna become one of the famous programmers in the world love from Jordan

Thank you bro just because of you i solved my problem that was really irritating me and now i am going to finish my project in just time..

Hours of frutration and horrible experiences with CORS. Found this video by chance and your cors configuration fixed my issues....I was setting the headers in the responses and using a cors configuration just with the "origin: []". The headers were not being "considered" when a request was made because of the middleware. I had no clue lol thanks a lot :D

Thanks a lot Pedro. I particularly like your sincerity when you encounter bugs and work to fix them. However, just like in one of the comments below, you seem to have mixed up the two terms authentication and authorization. While authentication helps you validate a user, that is, confirm if a user is signed up already, and should subsequently be logged in when the enter the right inputs, authorization helps you control who should access specific routes or resources.

You and Dev Ed have always the nicest explanation !!

Great video, man! I’m from Brazil and I appreciate your work. Keep up!

Parabéns pelo vídeo, muito bom ver brasileiros falando um inglês fluente e fazendo tutoriais em inglês.

Good video. You didn't need the "Bearer" because that's not how it was accessed at the backend. The backend didn't manipulate the token to filter out the string "Bearer". The video was great!!!

Amazing! you have earned a loyal subscriber. Keep it up!

Keep pumping this stuff out. Great job!

Thanks pedro, even though it still a lil confuse however your explanation were help lot alot in this case. Your video honestly is straight forward and are in the point. Keep your good work buddy.

thanks man , let me use this method for my project too , i am happy to be here ,keep burning

dude, you have videos for all my questions :D thank you a lot!!!!

Your video helped me a lot because I was taking a course in which the client was already realizing, so I couldn't know that it was up to me to put the token in my head, hahaha. Really thank you for this video.

Hey Pedro Very good video, accurate. I was wrong for a long time, about 40 minutes. It was necessary to define next () for each auth that is performed otherwise I never have a response. Very Cool, keep it up brother Congrats!😀

Everything is clear. Great job, Thank you!

This awesome video helps me to code my first authentication api. Thank you very much!

Great tutorials Perdo!

Hi Pedro, I just wanted to thank you for these videos, I was struggling literally for a week on end watching another tutorial before a friend of mine recommended I watch yours and I've watched all 3 videos and it was truly a breath of fresh air, I was literally learning every step of the way and very easily at that too whereas the other video I followed, I was left feeling even more frustrated at the end of it because I didn't have a clue as to how I would implement it into my project. You should never stop putting tutorials out there, your teaching style is awesome and I literally come to your channel first to look for tutorials now. I do have a question for your though, I'd like to be able to implement what you taught in a production environment as I will be doing a few freelance projects and want to offer the best there is in the way of authentication and authorization to my clients, I know the 3rd video is the one that's more suited to it(if I'm not mistaken) and you also have another here: kzbin.info/www/bejne/mGq6naaHgqyKg7M which I've also watched but not followed along to as yet but I'd like to know if you have another video with a full production ready application using the same stack where you do the authentication as taught in the 3 part(plus the other) video series that you can refer me to please? and if not perhaps you could do one on that, as a beginner I feel it would be really nice to see how it all comes together. Again, thank you for putting such great content out there. I'll be jumping to your NextJs videos after this lol

You are amazing pedro, keep up!

MAN!!!!!! Did you send me down a rabbit hole!!! LOL First off, THANK YOU for your videos. They are awesome and exactly on the level I need. The bug however is that your cookie you set is not valid for 24 hours, but a thousandth of that (its in milliseconds not seconds). I did not want to have a cookie for 24h so I made an "hour" which turns out to be 3.6 seconds. So, my login check did not work, because the cookie immediately expired. But again kudos for the videos, they are awesome

Keep up the amazing work mate

Your videos are the best! thanku for the content

Awsome video cleared all my doubts. Thanks man 👍🏼👍🏼

Thank you dude ! Was an awesome tutorial. Good explanations, and you talk very well !

Thanks dude. I have a wrong perception about jwt before watching our video. "That's very hard , Doe's n't understand easyly.". 🥵 But you will broke my wrong hope. your teaching way is pretty simple. Thanks again ❣

Thanks a lot, Pedro. Your videos helped me a lot.

Great video! Very helpful bro!

I love your teaching man. Thanks you so much

hey can anybody tell where is the video previous to this session i am confused at 6:04.. the result[0] thing.. can anyone gimme the link to the previous video???

Thanks for this, your videos are simple and easy to understand, I like the way you teach the fundamental concepts for us to move on to more complex stuff, keep at it! cheers

Great video. Great content. Was very helpful

Great video man!

My wep-page crashes when the jwt token expires and I have to manually delete my expired token from the localStorage for the page to work again, why is that happening and how i can solve it ? Note: I’m not using a refresh token .

Thanks sir, you helped me a lot, this is actually that i want to know :)

Just wanted to say thank I have one question in sequelize when i connect the post and comment table it show this error how to fix this error Error: Posts.hasMany called with something that's not a subclass of Sequelize.Model .

Thank you. Glad to hear it is restful. but 24:12 isn't it just go to the endpoint of IsUserAuth and since that endpoint has used the middleware VerifyJWT so the backend can validate? for example, if I want only authenticated user can go to a page, do I need to again put the middleware VerifyJWT into the app.get "request" like this: app.get("/page", VerifyJWT, (req, res)) or we just need to do it once in IsUserAuth endpoint for the whole application by clicking the button? I am not sure how to call the "app.get, app.post".

Great video, helped me a lot

Pretty sure you got meant to say authorization is the "who is allowed to do what" and authentication is "who is who"

First thanks for your video. FYI: You need the Bearer so that as on standart not everyone can make a API call. Just your application can ;)

Thank for this video pedro, for the trick, it is for example .. Bearer eidjflskflf .... which is returned as token, so we had to do req.headers["x-acces-token"].split (" ")[1] to access the token.

Thank you so much. This was very helpful.

Always awesome...thanks bro

Hey Pedro, I asked about Restful's "Stateless" a few hours ago in your latest video. I have some more questions. 1. So in this video the backend creates and sends the token to the frontend in 8:42, it is not stateless right? Also in 27:15 using localStorage is getting the token from backend response. 2. As you have mentioned in 4:31 to use the token in every API request, I want to make sure that does API request mean working with app.get app.post or the Axios request in the frontend? If it means working with app. So what we do in actual project is to put the middleware verifyJWT in 12:10 into each app.get app.post and then that's it? since in this video you do the authentication with a button as just an example? I know my questions may be quite confusing but I just want to make sure I got that right. Thank you Pedro.

Good videos thanks! But I've been reading that storing de JWT in localstorage or in cookies are not good practices for the xss attacks, with this approach how to make the actual token gets expired let's say in 1 minute and auto refresh the access token to be more secure?

Thankx for this explanation about jwt

Can you zoom into the code when ur typing but great video tho

Your channel has great content..!! awesome..!! you just got a new subscriber..!! 😁👍

Thank you so much! It is very clear!

This video is basically😀 very good!

I have an upcoming software engineering project and this will definitely going to help me man! Awesome. Thanks a lot.

Thank u Pedro, this login-auth tutorial series have been of a lot of help for me, and i bet for the rest all of us as well You have a very bright future kid. Keep on hacking!

Great content!!

Simple and Clear

I have a question. How do we check each time the logged in user and the key given to him? i think when we using jwt.verify() method , we must check who sending request like is it the logged in user or another user(like pretend user)? in the video we just check only jwt key is generated or not

Thank you so much for this!

It will be great if you can leave the previous videos in the comment : ) I am looking for the videos you mentioned and you know there are many other great videos you made so it's hard to find which one.

nice video really helped me through

Yo Pedro... Just wondering are you using JWT and sessions in this ? Is it not usually use one or the other ? Relatively new to this btw just curious...

thanks now concept is very clear..

How to store our jwt in cookies in our frontend ? Am doing a MERN stack application and I reply frontend and back-end seperately, when I store the cookies in backend it's being stored in backend deployed , so I can't access it from fronend, please help me out, thank you!

Hey Pedro, this video was very useful. How can i redirect the user to a home page after he clicks the "login" button?

unfortunately I have this error code at the end: Error [ERR_HTTP_HEADERS_SENT]: Cannot set headers after they are sent to the client, do you know what i can do about it?

Do you have a video on logging out functionality?

But where is the previous video link ? can you give that link here ?

Is it possible to get a copy of the source?

So one thing I would have shown was how to get the app to authenticate the user upon clicking the login and auto authenticate as the user navigates through the app. Since a "Check if Authenticated" button is never used in a real scenario. Regardless I did enjoy the knowledge you showed, but for your future videos ( which you might already ) show more realistic examples.

I am getting an internal server error while loading data. I can load the data if i don't use the middleware.but when i use middleware in loading data..am getting error like internal server error and its showing like no token

Very nice tutorial! Could you make a tutorial about Email verification after register an account?

really usefull keep it up

Boa Pedro!! Video top, me ajudou demais, desejo muito sucesso para você ksksks, salve do Brasil.

Nice video and liked it! I built an app using jwt and stored token in localstorage and deployed on heroku. However, it is removing the token every time I refresh the page. I don't have loggedIn status in my code and is that the state that will keep me logged in and render the page after refresh?

Great video as always. I have a question about the expiry and invalidation of the JWT. Maybe I'm a little confused, but does it ever expire ?? And what happens when it does expire ?? Maybe could be the subject of a whole new video.

im trying to find the video he talks about where he built the initial app program. i feel crazy but i cant seem to locate it. anyone able to drop a link in a reply?

Can someone pls link past two videos that he mentions at the begginging, cant find them

What's the use of session if you're using JWT for authentication? (BTW, I'm newbie to JWT 😅)

Pedro you are awesome

Hello Pedro You teach wonderfully Please prepare a training course and teach us to create a blog with the admin panel I say blog to be a simple web to learn different things Thankful

Would this work even if you refresh your React app in the browser? I'm using the Bearer passport strategy on my NodeJs backend but whenever I have to refresh my browser, I am unauthenticated. I know this because I tested this out by protecting some routes on my React app

hey pedro i just wanted to ask a quick question please if u dont mind replying to me back... i am currently learning react secifically the topic of authentication and autherization. so my question as someone who has no background to server side programming how do i have to tackle when it comes server since i can not program for my own

What is the repository name for the video in your Git account ?

Super 👌liked and subscribed

can you do a video on after u authen, u will redirect to a protected route??

How can we redirect to another page if authentication is true?? I am a beginner in learning react .. need lite help

How would you deal with logout? Set the local storage to empty string or somehow deactivate the token or what?

Hi, ty for your videos, i have been looking for these kind of things and got this videos rlly nice, i have a question about doing 2 roles, and for example how to autenticate or take the difference if your role is user or administrator

Thanks a lot Pedro 🙏 I have a question regarding how to get the username form the token so next time I don't need to enter username and password , and I can know it from the token.

31:35 totally agree, the reaason why they said it is very complicated because others explain jwt to them in a very complicated way, they never tell you exactly how to work with jwt in a full circle and always talk about jwt as if it is a complicated API that NASA used in freakin mars, that is why people think it is complicated

Nice Vids !!! Thanks for them. Maybe it's possible to make a tutorial about email verification ?

Hi man, Can you do a video on How to fetch data about a user from MySQL database to the react front end, Like, once we log in, we have the username and password to find if the user is authorized. But after the login, let say we are displaying a dashboard page and in it, there is a button to fetch the name of the user or something else of that user. How can we find which user is requesting the data. Please do a video on this. I think we can use this jwt token for that but I don't know how to use it. So please help.

Ty a lot you are a life saver ^^