I'm working on an e-commerce project and I was confused about using JWT-based authentication and session-based authentication. finally, I made my decision. Thanks a lot.
Great timing! I found your channel this weekend while trying to implement JWTs w/ refresh tokens. That video is by far the most helpful and thorough video I've seen on the subject! THANK YOU SO MUCH! I have a question though (really to anyone who will answer)... in this video you caution heavily against using JWT necessarily and that makes sense. In my situation I'm going to have many microservices and I thought that by using JWT I could avoid hammering a central auth service. Is this a case that makes sense to use JWT or should I not worry about hammering an auth service? I figured that on logout I could broadcast a logout event (say, over kafka) for the other microservices to pick up on and store an invalidation for the refresh token. ALSO I plan to send back to the user a blank refresh token on logout, does that make sense? Sorry that's so long... thanks again for everything!
Thank you for your comment and support! I'm glad to hear that the video was helpful for you. In regards to your question, I want to clarify that in the video, I was cautioning against the use of JWT as a session token for common web applications and single page applications (SPAs). However, using JWT for microservices can be a valid and efficient approach, especially if you have many microservices and want to avoid hammering a central authentication service. Your approach of broadcasting a logout event over Kafka for the other microservices to pick up on and store an invalidation for the refresh token sounds like a reasonable solution. As for sending back a blank refresh token on logout, that can work, but it's not strictly necessary since the refresh token will be invalidated and can no longer be used to obtain a new access token. I hope this helps clarify the use of JWTs for microservices, and let me know if you have any further questions!
Thank you for this. Would you be able to make a tutorial on Nestjs role and permission implementation that includes an administrator with full permissions in an admin role, users with limited permissions based on their assigned user role, and the ability for the administrator to add or remove permissions for users? It would be ideal if the tutorial also covers how to create custom or predefined permissions. You are welcome to use any database or ORM for this tutorial. Thank you again.
Glad you found my tutorial helpful! I think your suggestion of a NestJS role and permission system tutorial is great and I'll definitely add it to my list. Thanks for your support!
I don't have too much experience with mobile. If you are using a browser on mobile that should work. And I think that it's still possible to use cookies if it's a native app. To use cookies in mobile apps, you can use a library or framework that supports cookie handling, such as the NSHTTPCookieStorage class in iOS, or the CookieManager class in Android. These libraries provide methods for creating, storing, and retrieving cookies within the app's local storage.
Great video! I have a questions. How to use sessions to create a auth in the style of mobile apps? I mean, i login/register once and then app doesn't log me out for, for example: a month
Thank you for the video! However I have a question. Let's say I have authentication based on session id cookie and i logged from mobile app to my account. I'm using an app and I close it for a while and then open it again. Will I still be logged in or will I have to log in via the form again to get the cookie? If so, how can I keep me logged in after opening the app?
Hey, than you for the support. If you haven't cleared the application cache and if the session id is not expired you should be able to use the app without issues. It is actually the server that will let you know that your session id expired because you will receive a 401 status code. I don't really have experience with mobile apps but what i do is that i have a helper function that does the API requests calling fetch API or axios. If the function detects a response with a code 401 it will redirect the user to the login page and clean the app state.
Please make video on session base authentication in nestjs with production grade code. if it is not possible then pls suggest me other sources where I learn these topics.
I purchased your nestjs essentials course but now page is not opening error occurred 403 forbidden. Please fix this soon I really enjoyed your lectures
Hi Vlad, great video, I'm subscribed in your channel since your jwt masterclass with access and refresh tokens, I watched this new video about authentication methods and later I downloaded your ebook about sessions stored in redis, eveything is working fine. Now I have a doubt: In the jwt method we had tokens table and application tables in the same postgres database, but how can I secure an postgres application database while storing user sessions in redis? Do I need only use the ebook code below in all protected routes? Can you help me, please? Or recommend me some good article about this. @Get('me') getMe(@GetSession() session: UserSession) { if (!session.user) throw new UnauthorizedException('Not authenticated'); return session.user; }
Welcome back!!! Nice video, thanks for useful content!!
Thank you! Glad to be back :)
I'm working on an e-commerce project and I was confused about using JWT-based authentication and session-based authentication. finally, I made my decision. Thanks a lot.
What decision you made. Session or JWT?
@@official.mhm13 Session
can you guide me how you implement session base authentication on realworld project. Please give me Idea or source so I will implement this too.
thank you a lot! You are the one who can explain difficult staff easily.
Thank you for the support!
Great informative video,
Very well and simply explained, with code examples. Perfect!
Already waiting for the next one 😉
Thank you!
very clear video, everything was nicely explained thank you!
God bless you thank you for this tutorial you are the best
Glad to see u again...
Thank you! Glad to be back
Can you please make a video about session authentication with nest js and prisma?
Your link to the NestJS course is broken here for some reason
Thanks so so much....
Welcome!
Great timing! I found your channel this weekend while trying to implement JWTs w/ refresh tokens. That video is by far the most helpful and thorough video I've seen on the subject! THANK YOU SO MUCH! I have a question though (really to anyone who will answer)... in this video you caution heavily against using JWT necessarily and that makes sense.
In my situation I'm going to have many microservices and I thought that by using JWT I could avoid hammering a central auth service. Is this a case that makes sense to use JWT or should I not worry about hammering an auth service? I figured that on logout I could broadcast a logout event (say, over kafka) for the other microservices to pick up on and store an invalidation for the refresh token. ALSO I plan to send back to the user a blank refresh token on logout, does that make sense? Sorry that's so long... thanks again for everything!
Thank you for your comment and support! I'm glad to hear that the video was helpful for you.
In regards to your question, I want to clarify that in the video, I was cautioning against the use of JWT as a session token for common web applications and single page applications (SPAs). However, using JWT for microservices can be a valid and efficient approach, especially if you have many microservices and want to avoid hammering a central authentication service.
Your approach of broadcasting a logout event over Kafka for the other microservices to pick up on and store an invalidation for the refresh token sounds like a reasonable solution. As for sending back a blank refresh token on logout, that can work, but it's not strictly necessary since the refresh token will be invalidated and can no longer be used to obtain a new access token.
I hope this helps clarify the use of JWTs for microservices, and let me know if you have any further questions!
Thank you for this.
Would you be able to make a tutorial on Nestjs role and permission implementation that includes an administrator with full permissions in an admin role, users with limited permissions based on their assigned user role, and the ability for the administrator to add or remove permissions for users? It would be ideal if the tutorial also covers how to create custom or predefined permissions. You are welcome to use any database or ORM for this tutorial.
Thank you again.
Glad you found my tutorial helpful! I think your suggestion of a NestJS role and permission system tutorial is great and I'll definitely add it to my list. Thanks for your support!
Hey! Great video! I have a question: for mobile auth cookies are the way to go?
I don't have too much experience with mobile. If you are using a browser on mobile that should work. And I think that it's still possible to use cookies if it's a native app.
To use cookies in mobile apps, you can use a library or framework that supports cookie handling, such as the NSHTTPCookieStorage class in iOS, or the CookieManager class in Android. These libraries provide methods for creating, storing, and retrieving cookies within the app's local storage.
Great video! I have a questions. How to use sessions to create a auth in the style of mobile apps? I mean, i login/register once and then app doesn't log me out for, for example: a month
Thank you for the support! You can set a very long cookie expiration using the maxAge property inside the cookie object.
Thank you for the video! However I have a question. Let's say I have authentication based on session id cookie and i logged from mobile app to my account. I'm using an app and I close it for a while and then open it again. Will I still be logged in or will I have to log in via the form again to get the cookie? If so, how can I keep me logged in after opening the app?
Hey, than you for the support. If you haven't cleared the application cache and if the session id is not expired you should be able to use the app without issues.
It is actually the server that will let you know that your session id expired because you will receive a 401 status code.
I don't really have experience with mobile apps but what i do is that i have a helper function that does the API requests calling fetch API or axios. If the function detects a response with a code 401 it will redirect the user to the login page and clean the app state.
Please make video on session base authentication in nestjs with production grade code. if it is not possible then pls suggest me other sources where I learn these topics.
I purchased your nestjs essentials course but now page is not opening error occurred 403 forbidden. Please fix this soon I really enjoyed your lectures
Thank you for reporting. It should be back now!
Hi Vlad, great video, I'm subscribed in your channel since your jwt masterclass with access and refresh tokens, I watched this new video about authentication methods and later I downloaded your ebook about sessions stored in redis, eveything is working fine. Now I have a doubt:
In the jwt method we had tokens table and application tables in the same postgres database, but how can I secure an postgres application database while storing user sessions in redis? Do I need only use the ebook code below in all protected routes? Can you help me, please? Or recommend me some good article about this.
@Get('me')
getMe(@GetSession() session: UserSession) {
if (!session.user) throw new UnauthorizedException('Not authenticated');
return session.user;
}