Love the whiteboard presentations Nick, really helpful and well explained.

I liked the whiteboard, thank u for the explanation of this concept. Very clear and simple. Also, very helpful to complement the tutorial series. Thanks a lot.

Very clear and concise explanation, Thanks Nick, keep up the good work !

Clear explanation and presentation, thank you

Very clear explanation. I really love your work. Thank you Nick.

5:10 Since the header is in clear text an attacker can change the header to forge a token. A malicious user may replace the hash key, inject a key and change alg, even none is valid alg which completely bypasses the validation. Please do not trus the header, instead rely on the hash key used during creation of the token.

Really good explanation on JWTs

Simple and straight to the point, thank you.

thats a realy good video. Nice work and keep doing videos!

Thanks for explaining and comparison of jwt and cookie.

doing a video on an implementation of this would also be great. It would also be cool to see a video on the use of that auto mapper tool you've talked about a few times. learning how to use that would save tons of time. Also, while I'm not sure how popular it would be on youtube but showing some unit testing, especially of your posts service, would be a great help. Unit testing entity framework is annoying.

Great explanation!

Nice explain... Ty

Hi, Nick, thanks for the video. I have a question: With Jwt, Although we dont have to store session/state on each machine, we must store the secret along with a method that checks the token validity on each machine. Having said that, is jwt better than session/state (for that specific aspect)?

Good Video, Thank you

Thank you so much.

Great video !

please make a video on identity server

Can we have video on AD Authentication in Web API .net core ?

Very helpful , can you please share a github link for source code?

It still doesn't make any sense. How is it different then sending password. I mean if someone hacks my computer and copies the JWT, he/she can access my account on website?

Thanks

Using a cluster as a reason why JWT are even existing is wrong… Clusters are very easy way to handle that (shared session storage etc.), this video is misleading a lot of people by explaining a reason for JWT that is not really a good reason. (I’m not going to explain it but people should look at some resources, one of the main reason is about distributed system and that cannot always authenticate you against the original system for instance, or having tickets with only a specific set of claims etc.. but Load balancing is def. NOT a reason why JWT exists, there are so many ways to handle that and it was there way before JWT)

'How to implement Google/Microsoft/Twitter... authentication?'

Thanks