Great content Anton, Could this private/public key setup be used in a microservice architecture where the identity app generates the token with the private key and other services use the public key the authenticate the jwt token?
thanks for your video. if i want to implement microservice and have authentication too, can I use this method ? Assume I have two project one is Security other one is Parts ... before user can to use parts webservice , have to be authenticate.
It would be handy to have a slide or a quick minute that explains the dotnet new commands (or whatever) to setup the base projects shown. Love the vids and very helpful.
Great as always! But what about two factor authentification ? Maybe innthe future we will see vide about it?:) As example how setup Identity server with 2fa
Thank you for your great and in-depth video. A question on how the External validation of the Token using the public key 29:04: We sending to External the Token which consists of Plain Data (Header + Payload) plus the signature (encrypted Plain Data) generated on Auth Server side. On External side then, we load the Token, and *signature + Public key = hash1* . Then we get the *Plain Data + WHAT = hash2* . If *hash1 == hash2* , validation passes and we are Authenticated. So my question is: what is this *WHAT* on the above formula ? Is this the public key *OR* some hashing algorithm that was used also in Auth Server side before it encrypted it ?
I didn't explain this point very well. Server digest/hash = sha256(data). signature = encrypt(hash, privateKey) token = data + signature External digest1/hash1 = sha256(data) digest2/hash2 = decrypt(signature, publicKey) valid = hash1 == hash2 Encryption - private decrypts, public encrypts Signing - private encrypts, public decrypts How this interchanges I have no clue.
@@MinhNguyen-zx8me cookies are automatically handled by browsers, not httpclients - your mobile app will programmed with an httpclient. For mobile it doesn't matter you'll have to do manual work for both cookies and tokens. For browsers cookies are handled securely automatically. So Cookies.
You are so great. Also you are reading my mind, whenever i need some topic next day it’s on your channel 💥
Great video Anton!
Amazing video, thanks :)
Thank you for watching
As always, great vid. I'd love to hear about C# streams (in depth). Have you ever planned to cover that topic?
Not yet, I’ll keep it in mind.
baller! ty for this
thank you for watching
Very good content.
Thank you
Great content Anton,
Could this private/public key setup be used in a microservice architecture where the identity app generates the token with the private key and other services use the public key the authenticate the jwt token?
thanks for your video.
if i want to implement microservice and have authentication too, can I use this method ?
Assume I have two project one is Security other one is Parts ... before user can to use parts webservice , have to be authenticate.
It would be handy to have a slide or a quick minute that explains the dotnet new commands (or whatever) to setup the base projects shown.
Love the vids and very helpful.
thank you, if you're trying to learn jwt's I expect you are fully capable of figuring out how the dotnet command line tool works
@@RawCoding in my case it's exactly that I haven't been using the code IDE but it turns out to be pretty simple 🤓
Anton, Thanks for the video, How did you get the jwtString value?
at what time?
很好的视频
🙏
Do you have any program to teach Duende Identity Server in next videos?
We will be covering openiddict
Great as always! But what about two factor authentification ? Maybe innthe future we will see vide about it?:) As example how setup Identity server with 2fa
Maybe 2fa, but it has nothing to do with identity server, so you won’t see the 2 together
Thank you for your great and in-depth video.
A question on how the External validation of the Token using the public key 29:04:
We sending to External the Token which consists of Plain Data (Header + Payload) plus the signature (encrypted Plain Data) generated on Auth Server side.
On External side then, we load the Token, and *signature + Public key = hash1* . Then we get the *Plain Data + WHAT = hash2* .
If *hash1 == hash2* , validation passes and we are Authenticated. So my question is: what is this *WHAT* on the above formula ? Is this the public key *OR* some hashing algorithm that was used also in Auth Server side before it encrypted it ?
I didn't explain this point very well.
Server
digest/hash = sha256(data).
signature = encrypt(hash, privateKey)
token = data + signature
External
digest1/hash1 = sha256(data)
digest2/hash2 = decrypt(signature, publicKey)
valid = hash1 == hash2
Encryption - private decrypts, public encrypts
Signing - private encrypts, public decrypts
How this interchanges I have no clue.
@@RawCoding Thank you for the reply and the clarification. So this "What" is actually the *sha256* algorithm.
Which one do you recommend jwt or cookie authentication with spa?
Cookie 🍪
@Raw Coding: may I know the reason why ? I heard so many people saying that cookie is not mobile friendly, and they suggest to use jwt token instead.
@@MinhNguyen-zx8me cookies are automatically handled by browsers, not httpclients - your mobile app will programmed with an httpclient. For mobile it doesn't matter you'll have to do manual work for both cookies and tokens. For browsers cookies are handled securely automatically.
So Cookies.
excuse me , can I use JWT without identity because it doesn't cover my needs in authorization
Of course
@Raw Coding I will be appreciate if you send link about implement that
Watch the identity management video in the playlist.
Please create videos on (Identity, JWT) with multi-tenancy.
We'll see )
how to use jwt with external authentication e.g: aws forgate
Watch the OAuth videos
Gg first half was understandable then you dived into the complex code and started doing random stuff and Im lost
I need funny request