Next.js 13 jwt authentication protected routes httpOnly cookie with App Directory

Поділитися
Вставка
  • Опубліковано 26 гру 2024

КОМЕНТАРІ • 93

  • @verdaderoken
    @verdaderoken Рік тому +12

    Exaclty what I needed to learn, all in one video. Thank you!

  • @saifmohammad733
    @saifmohammad733 10 місяців тому +8

    Bro just saved me from getting frustrated.

  • @danielalejandrogonzalezmor9437

    Bro... This tutorial is fantastic, straight to the point and very clear, thanks!.

  • @ivanerlich1272
    @ivanerlich1272 Рік тому +5

    My man, thank you very much for this perfect tutorial, I was stuck with the part of getting back the cookie but with this "serialize cookie" all of the errors disappeared .
    Big hug from Argentina!

    • @tenacity_dev
      @tenacity_dev  Рік тому +1

      Love to hear it! Big hug for you too!

  • @leventegaborlevai4897
    @leventegaborlevai4897 5 місяців тому

    As a beginner in nextjs I learned a lot more from this video, than any other one I've watched. Thank you!

    • @tenacity_dev
      @tenacity_dev  5 місяців тому

      Love to hear that, thank you!

  • @dudduvenkatesh9077
    @dudduvenkatesh9077 Рік тому +4

    I'm trying to understand the NextResponse and cookies and api's from long time for authentication setup. this clarified my doubt. Thank you so much for sharing 😊

    • @tenacity_dev
      @tenacity_dev  Рік тому

      No problem, I'm glad it helped you out!

  • @stevemcqueen2887
    @stevemcqueen2887 Рік тому +5

    Great! You NEED to add in Refresh tokens next :)

  • @amangoyal1583
    @amangoyal1583 2 місяці тому +1

    Great tutorial bro. I was stuck in it from 2 days.

  • @kiraizumi460
    @kiraizumi460 Рік тому +5

    thanks! that’s a lot of help for my school project 👍

  • @dexcoder1207
    @dexcoder1207 Рік тому +5

    that's what i was looking for thanks so much keep it up

    • @tenacity_dev
      @tenacity_dev  Рік тому +1

      Thank you, it means a lot to me that it has helped you!

  • @pegaessefeedback
    @pegaessefeedback Рік тому +1

    Jesus Christ man. You are amazing

  • @MadRad1000
    @MadRad1000 Рік тому +1

    Excellent, worked first time ... thank you, I've been pulling my hair out all day

  • @FahimRayhan
    @FahimRayhan 10 місяців тому +1

    Thank you so much bhai 🤗; This is what I actually want to implement

  • @rendivs
    @rendivs 5 місяців тому +1

    It takes genius to make it simple :)

  • @jacobmacfarlane8189
    @jacobmacfarlane8189 Рік тому +1

    so inside of api/auth/login/route.ts where you had the if statement checking to make sure it was admin admin, that is where you would make a POST request to the database you are using? and then pass through the body to it as the values?

  • @motivatedlifex3
    @motivatedlifex3 11 місяців тому

    This is exactly what I was looking for, could you make a video where we fetch the data and auth from Strapi? Thanks and congrats for your content. Really useful.

  • @daviddoyle7580
    @daviddoyle7580 6 місяців тому

    How can the client pass a token in the cookie if it's http only ? I thought this prevents the client JavaScript from being able to see and this pass the access tokens to the API calls ?

  • @motivatedlifex3
    @motivatedlifex3 11 місяців тому

    Why do we need an api route to check the cookies? Can't we just check it in an useEffect on client side?

  • @erkikadhafi9155
    @erkikadhafi9155 10 місяців тому

    What if the backend is from outside source API? And we can't verify the jwt from our nextjs app because we dont know the secret?

  • @jorgemendez4517
    @jorgemendez4517 Рік тому

    so to protect every page and route we have to write that long ass code? isnt there a way to write middlewares like in a normal express way? Or is it the only work around to have a layout for every view and componenet?

  • @jacobmacfarlane8189
    @jacobmacfarlane8189 Рік тому

    Im having a hard time trying to figure out how you would do this if the API you are trying to hit requires an API_KEY. From my experiences whenever i tried to do a fetch the fetch would fail becasue the key would be read as undefined within the client component?

  • @DevTomazetti
    @DevTomazetti 10 місяців тому

    How do I use this flow when I have an external API route for login and user verification?

  • @mohammedmehdi1940
    @mohammedmehdi1940 Рік тому

    is there no way to do this apart from making my layout.tsx a client component. Because i want my layout.tsx to be a server component so that i can set the metadata object on that route.

  • @dovahkiin3362
    @dovahkiin3362 Рік тому

    hey im using express as backend.... how do i validate the cookie in middleware....
    help me out
    so how do i protect my route, when i login/register i get the cookie... but i dont have validation logic in next.js so without that how can i do please help out

  • @uraharaYorrch
    @uraharaYorrch 8 місяців тому

    not long ago cookies were disengouraged to use for vital session info because it's easy to steal the session information. but i've seen an increase in tutorials implementing cookies for authentication, is there a reason why?

    • @tenacity_dev
      @tenacity_dev  7 місяців тому

      What would be a good alternative approach?

  • @lararawf6100
    @lararawf6100 Рік тому

    It will send me request each time when you change the page?!! how we stop unnecessary request?!

  • @miguelcardenas2147
    @miguelcardenas2147 Рік тому +1

    Great tutorial thank you!
    I just have one question, how would you send the cookies from server side components?
    What occurred tp me is each time I make the request from the server, I get the cookie manually and add it to the 'Cookie' header on each request, is there a better way to do it? ( I saved the cookie using cookies().set(...) from 'next/headers' after my login request)
    I would appreciate your input, thank you :)

  • @mohammedmshal5483
    @mohammedmshal5483 Рік тому +1

    You're amazing, bro❤️

  • @zabialy2919
    @zabialy2919 Рік тому +1

    Nice one! Btw. what theme is that?

    • @tenacity_dev
      @tenacity_dev  Рік тому

      Thank you! I think the theme is atom one dark or one dark pro

  • @gfaso5097
    @gfaso5097 Рік тому +1

    Good video! but I have a doubt :( According to what I have read httponly cookies are the most secure way to do user authentication, can you explain me what is the reason in the context of the video implementation please, this topic has me a bit confused.

  • @niloykumar8503
    @niloykumar8503 Рік тому +1

    Thanks man Love from Bangladesh

  • @KaMZaTa
    @KaMZaTa Рік тому

    I have a question: `verify` should return the username, right? So, I can response with that in /api/auth/me and get it back in the getUser() function in layout.tsx. But how can I pass the username to the page.tsx? Could I call the the endpoint /api/auth/me again from page.tsx since it will be deduplicated using fetch? Or what should I do in order to get the username in page.tsx?

  • @Anas_Alaqeel
    @Anas_Alaqeel Рік тому

    now we can't use "use client" in layout.tsx I think its time to think about middleware or somthing

  • @jozekuhar2895
    @jozekuhar2895 Рік тому

    Great video, one question, is there a way that I can fetch data with cookie in server component and than update cookie on server side if it is wrong. I tried lot of things but it is imposible to set new cookie (with new access and refresh token) from server side component.

  • @adesn_beats
    @adesn_beats Рік тому

    hi excellent tutorials, if i have y own backend that return response jwt token, i dont have setting up the routes in api login auth right?

  • @yarso3464
    @yarso3464 Рік тому +1

    name of the font that you use in the video??? pls

  • @nabinnath9
    @nabinnath9 7 місяців тому

    How to do this with next auth?

  • @mshubitidze
    @mshubitidze Рік тому +3

    wow this was a nice video
    I liked how you used the dashboard layout file as middleware, pretty cool

    • @Uferizer
      @Uferizer Рік тому +4

      Wondering why not use actual NextJS middleware and authenticate at edge runtime?

  • @stevebendersky2056
    @stevebendersky2056 Рік тому

    if I have an external nodeJS backend on a different folder, what will be different? as next-response can't be used

    • @tenacity_dev
      @tenacity_dev  Рік тому

      NextResponse is from next.js for your own backend you have to return the appropriate response. You can set the json data and the headers and anything else you need.

  • @NicoTorDev
    @NicoTorDev Рік тому +1

    Best Tutorial ever bro ty

  • @socat9311
    @socat9311 Рік тому

    I am developing a React frontend and I have backend lambdas basically that handle all the auth part. I get the httpOnly cookie and I see it correctly set. If I have let's say 10 private routes on my app ( /component1, /component2 etc), does it mean that every time the user tries to navigate to a page, we need to reach out to the server and validate the token? I don't want to use localStorage so I am trying to get my head around what is the most efficient way to reflect that a user is authenticated across the app once the httpOnly cookie is set. (I use react-redux also). Thanks for any tips

    • @migliorelli
      @migliorelli 11 місяців тому

      you can see a next-auth tutorial and try to recreate using this video

  • @alexiglesias3464
    @alexiglesias3464 Рік тому

    Good video thanks, but I got a doubt: If I delete the cookie from the browser and I visit the /dashboard or /settings page doing click with the mouse, I can continue browsing when the cookie does not exist. Only when I reload the page with F5 is when it detects that I have no cookie and redirects me to the login screen. How we should fix this? It's because the cache, I know, but how can we fix this?

    • @inhibate
      @inhibate Рік тому

      try to use replace() rather than push()

  • @supercrunch3367
    @supercrunch3367 Рік тому +2

    why not just make the DashboardLayout a server-side component to avoid the need for useeffect and that weird blink?

  • @SaasCara
    @SaasCara Рік тому

    Hey man,
    thank you, for great video.
    I have a question:
    I'm using t3 and in all examples I found they use Authorization: Bearer ... what do you think? Because I couldn't find the way to set-cookie httponly iwth tRPC and I thinking what is the difference ? thank you!
    If you will answer my question, let's do it step by step:
    - Authorization: Bearer vs headers set-cookie httponly
    - tRPC - not possible to set cookie httonly if it is true

  • @lararawf6100
    @lararawf6100 Рік тому

    For logout can we pass no payload to sign function?!

    • @mouawiasharedi6661
      @mouawiasharedi6661 Рік тому

      i think that you can create route to reset the token in server (as you said without body)

  • @NOTHING-en2ue
    @NOTHING-en2ue Рік тому +1

    very nice tutorial, thanks a lot ♥

  • @romania-n6q
    @romania-n6q Рік тому

    if arnold wanted to be a webdev

  • @CodeWithRains
    @CodeWithRains 5 місяців тому

    Backend is ready in Spring Boot , only i wantt that , how , ! Login page will be created !, and token how it is going to manage and stored, and how navigations will work , this is my first time seeing next i did even learn this just started coding , i am Angular developer !.
    Now as per ssr , i learn here many things ,
    here need gaurd on routing , if loged in then dashbaord else login page , ! this is simple but getting the errors now for the storing cookies etc.. now will see your idea, hope i will be able to implement it with middleware lets see ,

  • @doloreslaflipoflopo2746
    @doloreslaflipoflopo2746 Рік тому

    making layout.tsx a client component is not recommended by NextJS. and now with server actions most of it is outdated

    • @lockhart-uno
      @lockhart-uno Рік тому

      Making layout a client component is nothing wrong and its commonly used to making transitions. Many people think that making layout client will make every page and component that is passed thru also client by default, wich is not true. Also what in that tutorial is outdated? Settings cookies in route handlers or reading them? And about server actions - good luck using experimental features in production.

  • @laxmandeadpool8260
    @laxmandeadpool8260 Рік тому

    can we do this using next-auth
    and what are benefits of not using next-auth

    • @tenacity_dev
      @tenacity_dev  Рік тому +1

      NextAuth is has it's own authentication, you can read more about the JWT part here: next-auth.js.org/configuration/options

  • @rizkyverandi1916
    @rizkyverandi1916 Рік тому +2

    Do you know how to fix cookie not being set in browser? I did the same thing as you did but it's still didn't work. Btw great content keep it up!

    • @tenacity_dev
      @tenacity_dev  Рік тому +1

      Thank you! Check the timeout of the cookie, maybe it's set to `-1`. Double check it, if it's still not working see if you're blocking anything on your side of the browser. I hope you find a solution!

  • @Abramov1
    @Abramov1 Рік тому +1

    THANK YOU !!! THANK YOU VERY MUCH FROM RUSSIAN VIEWER !!!!!!!!!!!!!!!!!!!!!!!!!

  • @vitord.cardoso4666
    @vitord.cardoso4666 Рік тому +2

    great video, thanks

  • @muazothman7416
    @muazothman7416 10 місяців тому +1

    You are amazing!

  • @naxiryu1425
    @naxiryu1425 Рік тому +1

    Please implement refresh token

    • @tenacity_dev
      @tenacity_dev  Рік тому +1

      I'll keep that in mind for future videos!

    • @naxiryu1425
      @naxiryu1425 Рік тому +1

      @@tenacity_dev thank you

  • @riveto_ir
    @riveto_ir Рік тому +2

    that was amazing thanks

  • @imvivekkushwaha
    @imvivekkushwaha Рік тому

    Hi I have made my APIs in node.js and saving token in localstorage. This is causing problem in calling API on server coz localstorage not supported in server components

  • @AdamBastow-y4g
    @AdamBastow-y4g 9 місяців тому +1

    Thank you !

  • @MythicNanda-ug1vh
    @MythicNanda-ug1vh Рік тому +1

    Awesome!

  • @devicebattlezone
    @devicebattlezone Рік тому

    Thanks guys

  • @prashlovessamosa
    @prashlovessamosa Рік тому +1

    Thank you

  • @pelazas1
    @pelazas1 Рік тому +2

    great video

  • @lararawf6100
    @lararawf6100 Рік тому +1

    God bless u

  • @abdchuhan
    @abdchuhan 11 місяців тому +1

    I thought you will be using next is server side code but not. This is not good approach.

  • @alimoayedi6371
    @alimoayedi6371 Рік тому

    👍👍

  • @suhakarkhy639
    @suhakarkhy639 Рік тому +1

    i love you

  • @66yozgattandrkebap48
    @66yozgattandrkebap48 Рік тому

    these are so complicated damn

  • @duynguyenucthanh3522
    @duynguyenucthanh3522 Рік тому

    thank you

  • @MrTobypowell
    @MrTobypowell Рік тому

    great video