Let me know in the comments what sort of content you're most interested in: - tutorials on something specific (Next.js/Django/Redis/Docker/etc.) - how to build certain apps (e-commerce/social media/real-estate/clones of other apps/etc.) - overview of how something works (authentication/app architecture/deployment/etc.) - other (career/learning/habits/energy/procrastination/focus/etc.) Also one thing I'm thinking is to have things outside of just tutorials on this channel, could be interesting to dive into some topics like the ones in the last point. I like putting together tutorials, but also don't want to just be a tutorial channel. Let me know your thoughts on some of these things!
Django With Next Auth would be like eating coffee sitting in a mountain. Just perfect. Can you please create one? There's nothing I can find online on this topic
If I had a wish: django-tenants on NextJS (subfolder tenants on the frontend) / DjangoNinja (subdomain tenants) and app architecture (separate repositories for front and backend?) + deployment
I believe this is the most exceptional Django tutorial I've encountered since the day I first saw the sun. It's truly a comprehensive, well-structured, and insightful resource that stands out above all others.
This is an awesome video, especially for someone who moves from Django as a full-stack, to Django as a backend only, this is where the challenge comes to understand the lower layers of authentication and how to customize everything to work with the JS frameworks. Thanks, @bryanbrkic for this awesome video.
I'm trying to imagine how on earth you have only 720 likes. this is the best tutorial about authentication using JWT I Have ever seen. I have been the last month researching about the topic and just now I have found something that really helped me to understand the core concepts behind. And the use of postman is a bonus! Thanks a lot my friend. Sorry for my ugly English
Maybe something like OTP authentication with next and django? Being new to frontend technologies, your previous videos on how to implement jwt authentication with react and django helped me a lot, as these kinda tutorials are rare out there. Also doing some system design stuff, as people already do tons of tutorials without any thoughts of how potentially an app can get messy without a well organized structure would be pretty come in handy ☺️
Thank you Bryan, It was awesome.I learned alot. as a side note, your speaking and teaching style and even tone your voice reminds me of Adam Swaap (Houdini Artist)
Amazing content, a new series idea could be using docker, redis, celery with django and deploying to production as ive had a hard time finding content with all of them togethor. Awesome vid!
What you shared in this video is just incredible, documentations resources, explanations, examples, straight to the point. Thank you dear. I don't really understand why you are at 500 likes.
Hello Bryan, whatever you do, thank you so much for your videos that helped me a lot in the past. I think it's necessary to vary the production of videos on different topics.
Hello, thank you for the detailed tutorial. Nice work. Do you have a tutorial where you have set up the domain name from vercel and connected it to Digital Ocean that one can follow? and lastly, why did you choose Vercel for your domain? Is it personal preferences or is there something advantageous about vercel?
Hello Bryan, thanks for your tutorial! Is it possible for u to do follow-up series on top of this tutorial, for example building some function like blog posting or so on on top? Thanks again
Hey Bryan, by setting AUTH_COOKIE_SAMESITE = 'None', wouldn't that make it vulnerable to CSRF attacks? How could we avoid this in this case, if we still want to use all methods, including POST, for example? Is it possible to combine this jwt cookie approach with csrf token? If so, how could we do that? Thanks, man!
CSRF is a pretty old attack that is next to impossible to pull off these days, but you can still add the protection. This is how you'd set up the CustomJWTAuthentication class if you want this: ` from django.conf import settings from rest_framework_simplejwt.authentication import JWTAuthentication from rest_framework.authentication import CSRFCheck from rest_framework import exceptions class CustomJWTAuthentication(JWTAuthentication): def enforce_csrf(self, request): def dummy_get_response(request): return None check = CSRFCheck(dummy_get_response) check.process_request(request) reason = check.process_view(request, None, (), {}) if reason: raise exceptions.PermissionDenied('CSRF Failed: %s' % reason) def authenticate(self, request): try: header = self.get_header(request) if header is None: raw_token = request.COOKIES.get(settings.AUTH_COOKIE) else: raw_token = self.get_raw_token(header) if raw_token is None: return None validated_token = self.get_validated_token(raw_token) self.enforce_csrf(request) return self.get_user(validated_token), validated_token except: return None ` Then you'd want to set up a view that would allow you to retrieve a CSRF token on the client with something like this: ` @method_decorator(ensure_csrf_cookie, name='dispatch') class GetCSRFToken(APIView): def get(self, request): return Response(status=status.HTTP_204_NO_CONTENT) ` Then you'd want to use `@method_decorator(csrf_protect, name='dispatch')` above any class-based view where you want CSRF enforced. Another thing you can do is also rotate CSRF tokens in particular cases, like for example when a user retrieves an access token. You can use the import `from django.middleware.csrf import rotate_token`, then do `rotate_token(request)` within your view to rotate the CSRF token, which basically means in the response you'd sent a new CSRF token which the client would need to use. Then also on any endpoint where CSRF is enforced, you'd need to use the `X-CSRFToken` header and pass the CSRF token as the value for the header. With RTK Query on the client, you'd also need to prepare the headers on the baseQuery in order to have this working, you'd do that with something like this: ` const baseQuery = fetchBaseQuery({ baseUrl: `${process.env.NEXT_PUBLIC_HOST}/api`, prepareHeaders: headers => { const csrftoken = getCSRFToken(); if (csrftoken) { headers.set('X-CSRFToken', csrftoken); } return headers; }, credentials: 'include', }); ` Then in this example, getCSRFToken would be a function that gets your csrf token from the browser cookies (this wouldn't be a cookie with the HttpOnly flag). And if you're curious, that function would look like the following: ` export const getCSRFToken = () => { const name = 'csrftoken'; let cookieValue = null; if (document.cookie && document.cookie !== '') { let cookies = document.cookie.split(';'); for (let i = 0; i < cookies.length; i++) { let cookie = cookies[i].trim(); if (cookie.substring(0, name.length + 1) === name + '=') { cookieValue = decodeURIComponent( cookie.substring(name.length + 1) ); break; } } } return cookieValue; }; ` So that would pretty much be the setup if you want CSRF token involved in the flow. I omitted mostly because of the complexity it adds and the benefit isn't too high since CSRF attacks are almost impossible to pull off these days. Hope this helps!
@@bryanbrkic hey Bryan, why would i need this `csrf_protect` function in my CustomJWTAuthentication class? Wouldnt using `@method_decorator(csrf_protect, name='dispatch')` above any class-based view where we want CSRF enforced be enough? Thanks!
Hello @bryanbrkic this is an awesome tutorial. Thank you for efforts you put in it. As I was following the tutorial, I got stuckat the section Testing Google OAuth2. I am using insomnia for testing the endpoints I get the following error: { "non_field_errors": [ "State could not be found in server-side session data." ] } whenever I try the Google OAuth2 Login endpoint. Any idea how to fix this ?
Hello there. Yes I was able to get it to work. In my cas this error was linked to the Insomnia app. I edited the cookie "session id" to include the domain name (localhost) and set Same site to None
I've traced back over all the steps, the only thing I've found to be missing is setting the refresh and access expiration on djangos end, as currently it appears to be stuck at its default value, have checked through both the git and the video.
@@bryanbrkic Hello bryan, everything works, but when I use the production url for the google auth the response is "redirect_uri must be in SOCIAL_AUTH_ALLOWED_REDIRECT_URIS". i have tried solving it. it just won't work, breaks my heart that I will be skipping it and move on to fetching the endpoints
hi! is there a way for the custom auth model, to show up on the admin panel? currently having trouble getting the the users to show up on the admin panel, thanks!
When I follow along and test the endpoints using Postman and add an extra character at the end of the token, it still succeeds. And yes, when I remove the extra character, it still succeeds. Any ideas or suggestions?
Hi, thanks for the this content, when are you planning to release the next part where we can see how to connect django rest framework to next js frontend?
How can I view my tables in pgadmin? I look at the tables for the postgres db but nothing shows up? I am using docker to containerize django, celery, redis, postgres. Can I not view my db because of this?
I have been checking out Django Rest API and have noticed the heavy usage on the serializers file can you explain why you dont use serializers and when they are needed?
Yes you could, but there are benefits to building APIs with frameworks built for building APIs since they're designed to be efficient at doing just that. You also get separation of concerns by having frontend and backend completely separated. But you absolutely could make a full-stack app with just Next.js, all depends on the type of project, a very complex project I'd lean towards separation of concerns, with a project that isn't as intensive with features would probably just do everything on Next.js.
As always, your content is pretty amazing and professionally educating. Thank you greatly for your time and effort. However, Django / Next.js is a nice combo and DevOps based on the two. 🙄
Going to make content with the devops setup too, in this series left it out mostly to avoid a lot of devops setup and instead focus on just the authentication. Glad you’re enjoying the content!
with postman and with the front-end i keep getting this error "{ "non_field_errors": [ "State could not be found in server-side session data." ] }" i added the cookies ''state '' and still the same error , please if someone has a solution please let me know
Hi brayan, i follow this tutorial but i got 500 response when ever i try to create user but the user data is store in the database. i set up everything correctly.
Amazing tutorial, one of the best on internet, u should have more views! I hope your channel grows, thanks man for quality video. Im facing a problem tho, on POST request to OAuth2, Im having an error, I can GET the Url, getting the Code and state on URL. But when I make post request, im having this error: { "non_field_errors": [ "Authentication process canceled" ] } Obs: I'm passing everything needed on the cookies on postman. Someone has similar problem? I can't debug this to find solution
I TRY RUN SERVER BUT DROP THIS ERROR, "ImportError: Could not import 'users.authentication.CustomJWTAuthentication' for API setting 'DEFAULT_AUTHENTICATION_CLASSES'. ModuleNotFoundError: No module named 'users.authentication'."
Make sure you have a users app that is in your installed apps setting, and that you named the file correctly, double check the spelling on authentication.py
THANKS man! Totally worth a sub for such quality content AND tutorial. Exactly what I was looking for - a stable and informative setup, a base for my app, that I can follow along with. Merry christmas and a happy new (2025) year!
Let me know in the comments what sort of content you're most interested in:
- tutorials on something specific (Next.js/Django/Redis/Docker/etc.)
- how to build certain apps (e-commerce/social media/real-estate/clones of other apps/etc.)
- overview of how something works (authentication/app architecture/deployment/etc.)
- other (career/learning/habits/energy/procrastination/focus/etc.)
Also one thing I'm thinking is to have things outside of just tutorials on this channel, could be interesting to dive into some topics like the ones in the last point. I like putting together tutorials, but also don't want to just be a tutorial channel.
Let me know your thoughts on some of these things!
Django With Next Auth would be like eating coffee sitting in a mountain. Just perfect. Can you please create one? There's nothing I can find online on this topic
If I had a wish: django-tenants on NextJS (subfolder tenants on the frontend) / DjangoNinja (subdomain tenants) and app architecture (separate repositories for front and backend?) + deployment
I believe this is the most exceptional Django tutorial I've encountered since the day I first saw the sun. It's truly a comprehensive, well-structured, and insightful resource that stands out above all others.
I don't understand how you got only 260 likes. It is by far the best tutorial I have watched on the topic !
This is an awesome video, especially for someone who moves from Django as a full-stack, to Django as a backend only, this is where the challenge comes to understand the lower layers of authentication and how to customize everything to work with the JS frameworks. Thanks, @bryanbrkic for this awesome video.
This is by far the best course I found on UA-cam. Thank you.
I'm trying to imagine how on earth you have only 720 likes. this is the best tutorial about authentication using JWT I Have ever seen. I have been the last month researching about the topic and just now I have found something that really helped me to understand the core concepts behind. And the use of postman is a bonus! Thanks a lot my friend. Sorry for my ugly English
Thank you, I appreciate it, and glad you found what you were looking for!
This is GOLD! Finally someone who knows their Django!
Months later this is still one of the best, if not the best tutorial on this topic by far! Hope you are well Bryan!
Thank you :)
@@bryanbrkic bryand can you a do next-auth /django tutorial ? Tks in advance
Bryan remembers he has a UA-cam channel and audience.
super excited for this. :D
Haha, glad to hear you're excited :D
Thank you immensely! I'm positively brimming with excitement for the second part!
Maybe something like OTP authentication with next and django?
Being new to frontend technologies, your previous videos on how to implement jwt authentication with react and django helped me a lot, as these kinda tutorials are rare out there.
Also doing some system design stuff, as people already do tons of tutorials without any thoughts of how potentially an app can get messy without a well organized structure would be pretty come in handy ☺️
Love to see more of exactly this content, also welcome back hopefully you're planning to update your course!
you are the best tutor on youtube the next project will be mobile otp authentication ecommerse project
Thank you, NextJS with Django is my fave combo!
Thank you Bryan, It was awesome.I learned alot.
as a side note, your speaking and teaching style and even tone your voice reminds me of Adam Swaap (Houdini Artist)
Thank you Bryan, great video, learned so much about Django and Python coming from the JavaScript ecosystem
Thank you! Was looking for a tutorial like this for ages! Very useful
Your search is now over!
Amazing content, a new series idea could be using docker, redis, celery with django and deploying to production as ive had a hard time finding content with all of them togethor. Awesome vid!
What you shared in this video is just incredible, documentations resources, explanations, examples, straight to the point. Thank you dear. I don't really understand why you are at 500 likes.
Hello Bryan, whatever you do, thank you so much for your videos that helped me a lot in the past. I think it's necessary to vary the production of videos on different topics.
i like your teaching style a lot, thank you sir
Thank you so much for this incredible value you're sharing with us 🙏, keep up the good work!
Hello, thank you for the detailed tutorial. Nice work. Do you have a tutorial where you have set up the domain name from vercel and connected it to Digital Ocean that one can follow? and lastly, why did you choose Vercel for your domain? Is it personal preferences or is there something advantageous about vercel?
Eres un chingón, el mejor video que he visto sobre el tema.
Thanks a lot !
Waiting for part 2 to come out :)
This content is really excellent, thank you. I think you can also produce content about application architectures (microservice etc.) in Django.
thanks for the tutorial man ❤
Hello Bryan, thanks for your tutorial! Is it possible for u to do follow-up series on top of this tutorial, for example building some function like blog posting or so on on top? Thanks again
Hey awesome content, instant follow :)
Wow super excited
Glad to hear :)
Hey Bryan, by setting AUTH_COOKIE_SAMESITE = 'None', wouldn't that make it vulnerable to CSRF attacks? How could we avoid this in this case, if we still want to use all methods, including POST, for example? Is it possible to combine this jwt cookie approach with csrf token? If so, how could we do that? Thanks, man!
CSRF is a pretty old attack that is next to impossible to pull off these days, but you can still add the protection. This is how you'd set up the CustomJWTAuthentication class if you want this:
`
from django.conf import settings
from rest_framework_simplejwt.authentication import JWTAuthentication
from rest_framework.authentication import CSRFCheck
from rest_framework import exceptions
class CustomJWTAuthentication(JWTAuthentication):
def enforce_csrf(self, request):
def dummy_get_response(request):
return None
check = CSRFCheck(dummy_get_response)
check.process_request(request)
reason = check.process_view(request, None, (), {})
if reason:
raise exceptions.PermissionDenied('CSRF Failed: %s' % reason)
def authenticate(self, request):
try:
header = self.get_header(request)
if header is None:
raw_token = request.COOKIES.get(settings.AUTH_COOKIE)
else:
raw_token = self.get_raw_token(header)
if raw_token is None:
return None
validated_token = self.get_validated_token(raw_token)
self.enforce_csrf(request)
return self.get_user(validated_token), validated_token
except:
return None
`
Then you'd want to set up a view that would allow you to retrieve a CSRF token on the client with something like this:
`
@method_decorator(ensure_csrf_cookie, name='dispatch')
class GetCSRFToken(APIView):
def get(self, request):
return Response(status=status.HTTP_204_NO_CONTENT)
`
Then you'd want to use `@method_decorator(csrf_protect, name='dispatch')` above any class-based view where you want CSRF enforced.
Another thing you can do is also rotate CSRF tokens in particular cases, like for example when a user retrieves an access token. You can use the import `from django.middleware.csrf import rotate_token`, then do `rotate_token(request)` within your view to rotate the CSRF token, which basically means in the response you'd sent a new CSRF token which the client would need to use.
Then also on any endpoint where CSRF is enforced, you'd need to use the `X-CSRFToken` header and pass the CSRF token as the value for the header.
With RTK Query on the client, you'd also need to prepare the headers on the baseQuery in order to have this working, you'd do that with something like this:
`
const baseQuery = fetchBaseQuery({
baseUrl: `${process.env.NEXT_PUBLIC_HOST}/api`,
prepareHeaders: headers => {
const csrftoken = getCSRFToken();
if (csrftoken) {
headers.set('X-CSRFToken', csrftoken);
}
return headers;
},
credentials: 'include',
});
`
Then in this example, getCSRFToken would be a function that gets your csrf token from the browser cookies (this wouldn't be a cookie with the HttpOnly flag). And if you're curious, that function would look like the following:
`
export const getCSRFToken = () => {
const name = 'csrftoken';
let cookieValue = null;
if (document.cookie && document.cookie !== '') {
let cookies = document.cookie.split(';');
for (let i = 0; i < cookies.length; i++) {
let cookie = cookies[i].trim();
if (cookie.substring(0, name.length + 1) === name + '=') {
cookieValue = decodeURIComponent(
cookie.substring(name.length + 1)
);
break;
}
}
}
return cookieValue;
};
`
So that would pretty much be the setup if you want CSRF token involved in the flow. I omitted mostly because of the complexity it adds and the benefit isn't too high since CSRF attacks are almost impossible to pull off these days.
Hope this helps!
@@bryanbrkic hey Bryan, why would i need this `csrf_protect` function in my CustomJWTAuthentication class? Wouldnt using `@method_decorator(csrf_protect, name='dispatch')` above any class-based view where we want CSRF enforced be enough? Thanks!
Hello Bryan, I have a question. By storing jwt in httponly cookies, without a csrf token, isn't the api vulnerable to CSRF?
Hello @bryanbrkic this is an awesome tutorial. Thank you for efforts you put in it.
As I was following the tutorial, I got stuckat the section Testing Google OAuth2.
I am using insomnia for testing the endpoints I get the following error:
{
"non_field_errors": [
"State could not be found in server-side session data."
]
}
whenever I try the Google OAuth2 Login endpoint. Any idea how to fix this ?
Hey there did you fix it? and please can tell me how you did it?
Hello there. Yes I was able to get it to work. In my cas this error was linked to the Insomnia app. I edited the cookie "session id" to include the domain name (localhost) and set Same site to None
it would be great if you could show us how to create a saas with nextjs and django
Hey Bryan, can you show us how to deploy the frontend on vercel and the backend on heroku? Thanks!
so when will be realse the part 2? thanks
that will come out on monday!
awesome
I've traced back over all the steps, the only thing I've found to be missing is setting the refresh and access expiration on djangos end, as currently it appears to be stuck at its default value, have checked through both the git and the video.
I have a question, Djoser is under maintenance?
hi can i use django sesion instead of django cookies,which is more secure thanks....lot thanks
Hey Bryan , First of all thank you for this video and when you'll upload the part 2 ?
Part 2 is scheduled to upload today!
I really appreciate this 😊
You're amazing. OTP would be great! or authentication overall.
Hey @bryanbrkic i am just following your video but got stuck at 2:17:00 , that i got an error as Missing backend "google-oauth2" entry Please help me.
Hi, how are you doing? Were you able to solve that problem? I ran into the same problem.
@@maximoag NO please help me too if you got the solution
Love your tutorial, a question....
How can I make so that the users without verified identities on AWS can register in my Django website?
thanks, You did not deploy it on github?
Links are in description
@@bryanbrkic Hello bryan, everything works, but when I use the production url for the google auth the response is "redirect_uri must be in SOCIAL_AUTH_ALLOWED_REDIRECT_URIS".
i have tried solving it. it just won't work, breaks my heart that I will be skipping it and move on to fetching the endpoints
hi! is there a way for the custom auth model, to show up on the admin panel? currently having trouble getting the the users to show up on the admin panel, thanks!
When I follow along and test the endpoints using Postman and add an extra character at the end of the token, it still succeeds. And yes, when I remove the extra character, it still succeeds. Any ideas or suggestions?
Turns out this was on me. I didn't realize that when he did his first round of testing, he hadn't customized the views or the urls yet. All is well!!
please videos on micro services would be perfect
Hi, thanks for the this content, when are you planning to release the next part where we can see how to connect django rest framework to next js frontend?
That will be coming this Monday!
how react native social login connect to django djoser oauth to get jwt?
If I want to use djoser but also use OTP as my activation, how do i do that?
How can I view my tables in pgadmin? I look at the tables for the postgres db but nothing shows up? I am using docker to containerize django, celery, redis, postgres. Can I not view my db because of this?
do you have react-native authentication?
I have been checking out Django Rest API and have noticed the heavy usage on the serializers file can you explain why you dont use serializers and when they are needed?
I think it's because he's using the djoser library for user auth, it has serializers in it's source code...
guys, the logout view is throwing this "'type' object is not iterable" error and I can't figure out which class object is trying to iterate.
Why didn't you use Bearer token and went for cookie instead? Can you please make a similar tutorial to implement Django With Next Auth?
couldnt you build this only using nextjs? im confused on why you need django as well, isnt nextjs a full stack framework?
Yes you could, but there are benefits to building APIs with frameworks built for building APIs since they're designed to be efficient at doing just that. You also get separation of concerns by having frontend and backend completely separated. But you absolutely could make a full-stack app with just Next.js, all depends on the type of project, a very complex project I'd lean towards separation of concerns, with a project that isn't as intensive with features would probably just do everything on Next.js.
As always, your content is pretty amazing and professionally educating. Thank you greatly for your time and effort. However, Django / Next.js is a nice combo and DevOps based on the two. 🙄
Going to make content with the devops setup too, in this series left it out mostly to avoid a lot of devops setup and instead focus on just the authentication. Glad you’re enjoying the content!
Yes I do, senior. Can't wait to have more of these from you.
Nice tutorial
with postman and with the front-end i keep getting this error "{
"non_field_errors": [
"State could not be found in server-side session data."
]
}"
i added the cookies ''state '' and still the same error , please if someone has a solution please let me know
dude dude is it solved ? i am also getting same error
Hi brayan, i follow this tutorial but i got 500 response when ever i try to create user but the user data is store in the database. i set up everything correctly.
Same...
Amazing tutorial, one of the best on internet, u should have more views! I hope your channel grows, thanks man for quality video. Im facing a problem tho, on POST request to OAuth2, Im having an error, I can GET the Url, getting the Code and state on URL. But when I make post request, im having this error:
{
"non_field_errors": [
"Authentication process canceled"
]
}
Obs: I'm passing everything needed on the cookies on postman.
Someone has similar problem? I can't debug this to find solution
Thank you so much ❤ could u create django nextjs 13 and stripe / razorpay payment integration video...???
I'll be putting together some projects with stripe integration!
I TRY RUN SERVER BUT DROP THIS ERROR, "ImportError: Could not import 'users.authentication.CustomJWTAuthentication' for API setting 'DEFAULT_AUTHENTICATION_CLASSES'. ModuleNotFoundError: No module named 'users.authentication'."
Make sure you have a users app that is in your installed apps setting, and that you named the file correctly, double check the spelling on authentication.py
Thank You
Thanks
I hope OTP authentication with djangorestframework next time because there is no content on this topic in youtube, Thank you very much
Sir next Django and React Native sir Integrating
Love this teaching technic. Thanks a lot @bryanbrkic ❤❤❤❤❤❤
I wish there was this with Laravel 😢
Thanks
having ads at the middle of a video is pretty annoying
Do you have premium?
greatest super duper hot marvellous extremely extraordinary django tutor
THANKS man! Totally worth a sub for such quality content AND tutorial. Exactly what I was looking for - a stable and informative setup, a base for my app, that I can follow along with.
Merry christmas and a happy new (2025) year!
who had this issue, and how did you solve it when working with djoser google oauth2
"{
"non_field_errors": [
"Authentication process canceled"
]
}"