Man you know what's awesome? When you've been studying web dev for a few months and you're familiar with 90% of what was done here :) Awesome talk, thanks!
This is a great beginner guide for really basic authentication. I was hoping this would be a talk about different types of authentication. I guess I should have read the video description. I know I'm 5 years late to the party but maybe somebody else will see my comment and spare themselves a half an hour. (not trying to knock the guy, just the title was misleading and not what I was looking for)
Hey! Hello I'm a beginner in all this and I'm very interested and in this topic, do you have recommendations about what sources (books, videos, free courses) can I use to learn more about authentication?
Loved the talk and the presentation. Unfortunate that they cut the time in half. Would've loved to hear more about new auth techniques like auth2.0, open id, authentication with serverless architechtures and JAM stack. Honestly I don't know much about them either, still learning.
Really good explanation, many thanks. Couple of points though (1) Passwords should be "salted" prior to hashing (2) SSL is now deprecated, TLS should be used
I think the time was too strict to speak about it. but bcrypt by default uses salts. $2a$10$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy \__/\/ \____________________/\_____________________________/ Alg Cost Salt Hash
Sir, you are requested to make some video that elaborates API / web-sockets oAuth and related stuff. i dnt have a programming background, but your video made much of the things easier then easy. :-)
Same thing I was thinking. The session cookie seems to be the user._id and if this bit of info is leaked to the public, then it's easy to mimic a session of another user just by setting the cookie manually. This is how I saw it. I may be missing something.
I have a question, can somebody help me? In 2:47 he says that for the sake of simplicity for this video he was going to put all the login of the app inside server.js file *but*, he says that we should never do that in the real word. My question is, then what should we do? separate files in modules in JS? or something like that? Sorry if I said something stupid but I'm just starting on this... thank you
this isn't anything you wanted to know about authentication, but is a decent tutorial on node servers, which is kind of the opposite, plus oral potty fixation
7 minutes in and authentication has not even started i've seen 100 seconds videous about modern authentification methods that cover more info that this one
Man you know what's awesome? When you've been studying web dev for a few months and you're familiar with 90% of what was done here :) Awesome talk, thanks!
The deeper you go and the experienced you become, the faster this feeling will fade away. You are welcome.
@ReivenIV dunning Kruger is a hell of a drug
SO MUCH COVERED IN 30 MINS!!!!! AWESOME EXPLANATION!!!!!!
The best talk on authentication, and i needed this for nodejs. This is perfect!
One of the best technical talk I have ever watched.
Great talk by a bodybuilder..
developers should take care of their health more than others. because they sit all day night
he just did 1 push-up when he got an error
dude stop developing and go with the education bussiness. you are king. very very explanatory. thank you very much.
This is a great beginner guide for really basic authentication. I was hoping this would be a talk about different types of authentication. I guess I should have read the video description. I know I'm 5 years late to the party but maybe somebody else will see my comment and spare themselves a half an hour. (not trying to knock the guy, just the title was misleading and not what I was looking for)
Hey! Hello
I'm a beginner in all this and I'm very interested and in this topic, do you have recommendations about what sources (books, videos, free courses) can I use to learn more about authentication?
This man is a legend , his video is 100% useful and straightforward
Thank you so much for this
I love this guy 😂 I love the language and how he sees things. You can say he really understand what he’s talking about from first second.
Damm that might be one of the best presentation I have seen in a while
Give this dude an hour next time :) Great talk!
This was very insightful. I had to rewatch the last half just to solidify the concepts.
Thanks.
I saw the Talk from 2015 and this looks the same but the 2015 talk was so good , I am gonna watch this one
He was very efficient with his time slot! Great talk
This is the best tutorial for web authentication. Thanks Twillio
So glad CSRF was included.
I got Goosebumps. Awesome talk.
wow! loved the talk
Loved the talk and the presentation. Unfortunate that they cut the time in half. Would've loved to hear more about new auth techniques like auth2.0, open id, authentication with serverless architechtures and JAM stack. Honestly I don't know much about them either, still learning.
Amazing talk, covered important concepts in a short time.
Very clean and easy to follow overview!
Thanks for watching!
He is talented and verbose. Thanks man
Really good explanation, many thanks. Couple of points though
(1) Passwords should be "salted" prior to hashing
(2) SSL is now deprecated, TLS should be used
I think the time was too strict to speak about it. but bcrypt by default uses salts. $2a$10$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy
\__/\/ \____________________/\_____________________________/
Alg Cost Salt Hash
🙌
Thank you
bcrypt automatically generates a random salt and salts the password before hashing
Amazing talk for so many reasons. JWTs are still popular as the next shiny toy and 6 years later only 8,000 views.
This guy is amazing, learned so much.
Sir, you are requested to make some video that elaborates API / web-sockets oAuth and related stuff. i dnt have a programming background, but your video made much of the things easier then easy. :-)
Great security tips by a bodybuilder!
This sharing is awesome, shared the basic concept of authentication in really short time.
Unbelievable quality of the material. Biiiiiiig LIKE!
top web dev video all time!
Good 🌹 morning Sir and to ALL thanks for the business updated God bless to ALL 💕❤️👍✔️👌🥇☺️ the times 💕❤️👍✔️
at 15:32 shouldn't it be checking for a session token or something not the user_id?
Same thing I was thinking. The session cookie seems to be the user._id and if this bit of info is leaked to the public, then it's easy to mimic a session of another user just by setting the cookie manually.
This is how I saw it. I may be missing something.
@@haopeiyang3443 I guess, to avoid this, the "httpOnly"-flag is used
It is checking for the req.session.userId because that is set on the server after a successful login (14:44). This is not coming from the client.
Lots of things are packed together to form a nice presentation. Just like a body builder lol
I have a question, can somebody help me?
In 2:47 he says that for the sake of simplicity for this video he was going to put all the login of the app inside server.js file *but*, he says that we should never do that in the real word.
My question is, then what should we do? separate files in modules in JS? or something like that?
Sorry if I said something stupid but I'm just starting on this... thank you
Great talk, thanks!!!
Bravo! This guy is a BEAST
Learned so much in 30mins!
Absolutely perfect explanations!
6:27 how can I visualize this JSON?
This is mana from heaven
You have done gr8 job bro.
Interesting talk.
beautiful! [this comes from the men that don't use exclamation marks lightly].
Clear Explanation... Thank you so much...
Omg, I finally get it! Thanks a ton!!
Wouldn't you be able to add the req.user field manually with something like postman and trick the server into thinking you are a user?
brooooooo thank you so much
Kudos for keeping it short.
very helpful session!
what if you have more than one server? Will the authentication still work?
i wish if he has a full course
Great talk!!!
Thanks Rambo Guy!
You are the best! Thank you
how about basic authentication?
Let's actually implement that sh*t 😂
Hey, look! I only have 30 mins and thats why I’ll spend half of the time describing the toolset
right..lol
very useful
thank you!
Amazing talk!
This guy rocks!
Perfect!
this isn't anything you wanted to know about authentication, but is a decent tutorial on node servers, which is kind of the opposite, plus oral potty fixation
What a great content.
great talk but salting is very important too
That was awesome!
7 minutes in and authentication has not even started
i've seen 100 seconds videous about modern authentification methods that cover more info that this one
Is he researching authentication? I think he is preparing to beat me ;)
I did the same and it took me 5-6hrs configuring passport.js and then i came here
he is a chad in developer community
amazing stuff
you should get 1hr. awesome talk bro
That password would have been way more secure if he would have added a second '!'.
Awesome...
Awesome!
thanks dude!! that's legit!!
Thank you!
7:05 if u know u know
Miss leading title. Authentication and Web Authentication are 2 different things.
great
Perfect 👌🏽
good
checking data replication strategy for youtube
Gold
♥️♥️♥️
be my boss
Thankg u
Here is the 50 minutes version
ua-cam.com/video/i7of02icPyQ/v-deo.html
perfect
More Thanks for your help! We received your information, GOD BLESS, SIR!
ISAIAH 41:2,7,25 GOLDSMITH
what a chad
Nice joke about Canadian police :D
I don't like it when they start dropping F bombs in a professional talk. You are not chillin with your buddies. Be professional.
I thought it was a bit awkward as well, but the rest of the talk was fantastic.
Oh shut up you snowflakes...
eh most programmers I know swear. I didnt even notice he was swearing
This guy needs a more professional vocabulary.
the yahoo joke is pretty lame