Role-Based Authentication in React (Complete Tutorial)

Поділитися
Вставка
  • Опубліковано 25 гру 2024

КОМЕНТАРІ • 75

  • @Lykkos-321
    @Lykkos-321 3 місяці тому +13

    most cleanest react channel!! I needed this!!

  • @HANWINHUOR
    @HANWINHUOR 8 днів тому

    From Cambodia . I love your video so much . your channel help me a lot . thank u man

  • @Thomas-zr9uw
    @Thomas-zr9uw 3 місяці тому

    You really create the best content, real scenario's with best practices. Good reason for your channel to grow so well.

  • @bestformspielt
    @bestformspielt 3 місяці тому +3

    I really love your channel and your very clean and simple way of writing code. This is the first time you took a slightly bad shortcut by using sentinel values for your context. Saying that "undefined" means one thing and "null" means another makes the code hard to read and reason about. A better way in my opinion would be an additional attribute in your context called "authState" which is an enum containing "pending", "authenticated" etc. This would make it way more obvious and intuitive.
    This is of course nit-picking. I still think your videos are the best react content there is. Thanks for making them. :)

  • @jofay91
    @jofay91 3 місяці тому

    so happy i found your channel! great content as always!

  • @TannerBarcelos
    @TannerBarcelos 3 місяці тому +2

    Great implementation. I was talking to Claude about this recently and I came to a HOC solution which worked well, but this is simpler. Going to use this as a reference for a prod task at work 👀🍻

  • @Solo_playz
    @Solo_playz 3 місяці тому

    Way to 100k Lets goo you deserve more brother .... 🫡

  • @tomasburian6550
    @tomasburian6550 3 місяці тому

    Thanks for this. Auth has been my biggest weakness for the longest time.

  • @grugbrain
    @grugbrain 3 місяці тому +1

    Very clear implementation. 🥰

  • @dariorey8092
    @dariorey8092 3 місяці тому +1

    justo lo que estoy necesitando!!

  • @roman9266
    @roman9266 3 місяці тому +1

    exactly what I needed. Thank you!🤩

  • @gauravbawa5609
    @gauravbawa5609 3 місяці тому

    once again a great content and a very informative video, thank you so much

  • @kermit4877
    @kermit4877 3 місяці тому +2

    Cleanest tutorial, greeting from Indonesia!

  • @muhammedsahad1612
    @muhammedsahad1612 3 місяці тому

    Best Channel for React

  • @pedrosilva2313
    @pedrosilva2313 3 місяці тому +1

    I'd recommend you to use the component from react-router-dom since we can add multiple routes to the same ProtectedRoute instead of adding multiple ProtectedRoute for each different route.

  • @esmilcasado5923
    @esmilcasado5923 3 місяці тому

    I love your videos!

  • @pelumini
    @pelumini 3 місяці тому

    Great content, thanks

  • @challengerScat
    @challengerScat Місяць тому +1

    nice tut but this is insufficient cuz when handling multiple routes the currentUser goes back to null therefore you lose the ability to check for roles however you can use localStorage as an alternative to store the desired roles and then retrieve it when needed

  • @okadz7037
    @okadz7037 3 місяці тому +2

    Ty great tutorial 👑, i have a question, is the backend check role safer then this client side check, for example: in nextjs i check in the middleware or in the rsc pages, and redirect from there

    • @lil_nach
      @lil_nach 3 місяці тому

      Backend check is a must, he’s only included front end for brevity. If auth only lived on the front end, anyone could hit the backend using a script and do things they’re not supposed to

    • @cosdensolutions
      @cosdensolutions  3 місяці тому

      if you're using nextjs with rsc, yes you need to do that there as well. But if you're only on client components, for this specfiic use case it's just the frontend. But when logging the user in, you have to check their credentials and all other checks

  • @lil_nach
    @lil_nach 3 місяці тому +4

    I think you mean role based authorization right? The distinction between authentication and authorization is important

    • @cosdensolutions
      @cosdensolutions  3 місяці тому +1

      well the first half of the vid is all about authentication so I think the title is fine

  • @kevinchen9799
    @kevinchen9799 3 місяці тому +1

    Good video. But the title is wrong. It should be Authentication and Role based Authorization. Authentication is verifying if you are a valid user or not. Then comes Authorization. That is how they are defined in Computer Science

  • @CLeovison
    @CLeovison 3 місяці тому

    Hi kosden, will it be possible in the future that you will make a video about implementing seo in react? Because that will be a really great great help, thank you so much

  • @zlatkoiliev8927
    @zlatkoiliev8927 3 місяці тому

    10:58 why not directly call handleLogout() in the catch block in handleLogin. Seems like the logic is completely the same!

    • @cosdensolutions
      @cosdensolutions  3 місяці тому +2

      better separation of concerns. You don't log out the user when login fails. You log out the user when they are logged in and need to log out. It just happened that the logic is the same here but they are different use cases!

  • @Shelton_fr
    @Shelton_fr 3 місяці тому

    The best

  • @pavlevelickovic2995
    @pavlevelickovic2995 2 місяці тому +1

    I love this implementations but i have one BIG question. The way you wrote this all login logic is in AuthProvider(including fetch itself) and although this look clean i run into a problem when i tried to make Login page. In order to show potential errors or loading state when user tries to log in i needed login fetch logic in my Login page component however you put that logic inside AuthProvider. I though of moving login fetch from AuthProvider to Login component and leaving just setCurrentUser and setAuthToken to AuthProvider. This way i will be able to monitor fetch state (show errors and loading state to user). Is this valid solution and if not please give me some advise.

  • @codewithsanjay
    @codewithsanjay 3 місяці тому

    Great video, could you please teach us RBAC in next.js

  • @mohamedsalimbensalem6118
    @mohamedsalimbensalem6118 3 місяці тому +1

    Can you make a video about casel

  • @thelayel
    @thelayel 2 місяці тому

    great

  • @ritankarbhattacharjee7661
    @ritankarbhattacharjee7661 3 місяці тому

    The video was awesome 👍. This is a per component based application right, I wanted to know that if we wanted to protect a complete route like /staff and its children /staff/profile, /staff/edit-profiles etc at once, then how will we do it? For projects where there might be many components that might need protection adding ProtectedRouteComponent like this may become a laborious task.

    • @cosdensolutions
      @cosdensolutions  3 місяці тому +2

      I would actually create one Route component and wrap all routes with it, and then have the logic there for any route. This is useful if you need to do other things to routes like set page title or analytics, it makes sense to have one component to do it! It's not laborious if every component needs it!

    • @ritankarbhattacharjee7661
      @ritankarbhattacharjee7661 3 місяці тому

      @@cosdensolutions got it thanks

  • @BuddyTech-w2h
    @BuddyTech-w2h 3 місяці тому

    use context api with authentication with cookies, with axios only authentication user access dashboard with protected routes waiting for your response

  • @DShpak27
    @DShpak27 Місяць тому

    Thanks for You work! But there is an error with statuses, in particular undefined in user. The author automatically fetches data through the use effect, in fact you receive authorization data only after sending the authorization form. It's bad that he did not simulate this in the example. It would have been a different matter, and so many will still have the task of really correctly processing authorization statuses in a protected route.

  • @AbdulMajeed-lj3zi
    @AbdulMajeed-lj3zi 3 місяці тому

    Pleae make one video about Casal (Role Base Authentication) library

  • @elabinnovations
    @elabinnovations 2 місяці тому

    Thanks, but I'm stuck with GraphQL JWT auth. I'm using codegen and hooks for mutations and queries.

  • @wassimabdennadher2715
    @wassimabdennadher2715 3 місяці тому

    Great Job ! Can you please manage roles and authentication with redux

  • @sunny7268
    @sunny7268 3 місяці тому

    can you cover jotai lib, it is great and to bad many do not know it is even exist.

  • @mohamedyamani8502
    @mohamedyamani8502 3 місяці тому

    nice video!
    I implemented this once, but arrived at a situation I didn't like. In order to send the JWT with each request, I'd use interceptors for example, and since the accessToken is passed through context, the fetcher instance must also be a hook in order to access the token. This snowballs to each request you try to make, which must end up a hook.
    how do you deal with this?

    • @cosdensolutions
      @cosdensolutions  3 місяці тому +1

      I just created interceptors in useEffects in the AuthProvider directly that injected the authToken in every request and updated the interceptor everytime it changes. Then, the rest of your app just fetches as normally and the authToken will always be sent along!

    • @mohamedyamani8502
      @mohamedyamani8502 3 місяці тому

      @@cosdensolutions but the axios instances would need to be provided via a hook then, which in turn would require requests to be fired from within hooks/components, no?

  • @dhruvverma1001
    @dhruvverma1001 3 місяці тому

    Need "Project Next"

  • @kalideb-y3y
    @kalideb-y3y 3 місяці тому

    isn't it bad when creating variable name same exactly as type name like the const AuthContext and type AuthContext? I am thinking to just lowercase the const like authContext, cause I am kinda confused when I see them

    • @cosdensolutions
      @cosdensolutions  3 місяці тому

      if you want them different, I'd rename the type instead!

  • @randhir2588
    @randhir2588 3 місяці тому +3

    source code missing

  • @kevinngugi6120
    @kevinngugi6120 3 місяці тому

    when my lead engineer sees me try to authenticate users on the client🤣🤣🤣 i might as well fire myself

  • @rohansachdeva627
    @rohansachdeva627 3 місяці тому

    How to handle situation where i need to show a different component on a page depending on the role type? Do you have a clean solution for that

    • @raves_r3177
      @raves_r3177 3 місяці тому +2

      after logging in, check user role, and redirect user to whatever route that role belongs (/admin if role is admin, /staff if role is staff). easy peasy

    • @rohansachdeva627
      @rohansachdeva627 3 місяці тому

      @@raves_r3177 no thats fine. But let say you have page wherein there are few components visible to both viewer and admin. And for admin role, there exist a special component, only visible to admin. How do you handle that in a clean way

    • @kalideb-y3y
      @kalideb-y3y 3 місяці тому

      role.admin ? : it's that easy?

    • @GenZ-Coder
      @GenZ-Coder 3 місяці тому

      Create a Condition render component something called like
      {chilren}
      Then render the children based on the given props of the component and you have higly generic customisable component wrapper that will only render a component based on a condition being true or any role matches the allowed roles in the props.

    • @rohansachdeva627
      @rohansachdeva627 3 місяці тому

      @@GenZ-Coder interesting 🧐

  • @jacquelynecarmen
    @jacquelynecarmen 3 місяці тому

    ❤❤

  • @kalideb-y3y
    @kalideb-y3y 3 місяці тому

    can't this client codes be edited and then have access the protected route?

    • @cosdensolutions
      @cosdensolutions  3 місяці тому +1

      You would also protect your endpoints so even if they go to any route, they get errors from the api

  • @pinoyolea
    @pinoyolea 3 місяці тому

    You mean Role based Authorization?

  • @himanshuchavda9887
    @himanshuchavda9887 3 місяці тому

    Next authentication in next.js

  • @Rohan-hx7ry
    @Rohan-hx7ry 3 місяці тому

    How do i preview react website on phone when it's under development... Plz reply

    • @jerrykodes
      @jerrykodes 3 місяці тому

      In vite it comes out of the box by adding -host tag, not sure for nextjs but I believe you can search for port forwarding

    • @Rohan-hx7ry
      @Rohan-hx7ry 3 місяці тому

      @@jerrykodes thanks

  • @buddytech7775
    @buddytech7775 3 місяці тому

    Next video on context api with authentication with cookies, cookies store token user details with axios only authentication user access dashboard with protected routes waiting for your response (⁠◔⁠‿⁠◔⁠)

  • @TrilochanSatapathy
    @TrilochanSatapathy 3 місяці тому

    Repo ???

  • @MrJettann
    @MrJettann 3 місяці тому +6

    This is bad implementation of authentication, there are no cookies, access or refresh tokens, so it simply makes requests on every page refresh

    • @reskort4089
      @reskort4089 3 місяці тому

      Would you mind to tell me the resource about how to do it properly? This FE and BE things still kinda new for me. I really appreciate it sir. Thank you in advance.

    • @MrJettann
      @MrJettann 3 місяці тому

      @@reskort4089 to be honest I can't find any valuable information about it. Most of posts or videos about "how to eat make auth with Google or GitHub provider" and no one use credentials with tokens, only one thing I can suggest to you is try to search for axios interceptors with refresh and access tokens, it will be at least near to real world. It's not perfect, but working, especially in react

    • @cosdensolutions
      @cosdensolutions  3 місяці тому +7

      This video is about role-based, not pure auth. If you want interceptors and tokens, check out my main auth video

    • @reskort4089
      @reskort4089 3 місяці тому

      @@cosdensolutions i see, thanks for your respond, author.

    • @MrJettann
      @MrJettann 3 місяці тому

      @@cosdensolutions alright, but it still strange implementation of that :)