The thing I love about this playlist is using simple language, very easy to understand and please always give the scenario of how things work at enterprise level in your future video.😌
I thought the same even though I used to do the same in my MERN stack projects what shubham has asked But Thanks Piyush for getting us more clear on it also I found that OAuth and NextAuth use the same technique while authenticating users on each request they utilize tokens stored in the cookies and get users' data from it! Very very useful topic you have covered
16:10 what are you trying to do 🤔 According to mdn Fir domain value - "Only the current domain can be set as the value, or a domain of a higher order" "A cookie for a domain that does not include the server that set it should be rejected by the user agent."
If you encounter this error: Cannot read properties of undefined (reading 'split'), Follow the given steps: 1. first make changes only to handleLogin controller and send token as json instead of setting a cookie. 2. Now in postman, make POST req to /user/login and generate a token. 3. Now make change to our middleware functions i.e to checkAuth and restrictLogin middlewares. 4. And now finally make GET req to homepage and set the authorization header in postman. Reason: If you make changes to the middlewares first and then try to generate the token it will result in error because we don't have authorization header during initial token generation and the checkAuth middleware is still executed. Hence generate the token first and then make necesarry changes in the middlewares. Hope it helps!
Sir i have a doubt because 11:04 you have directly providing user from jwt token but if the user is deleted from database but the user can still access logged in content.
getUser function doesnt "provide" user directly, it decodes the user data that was signed, i.e. id and email, adds it to req.user (code under restrictToLoggedInUser ) and finds that info from the database for each req, you can check the code at router.get('/'..) under staticRouter,
21:06 but token match karne ke liye database access chahiye hoga na har bar request aane par!!..........to problem to same hi rahi jo aapne video ke starting me kaha tha
This is called pure hardworking, he go through all the documenation and dig the google very well. That is the problem, everything is available for everyone but our lazy culture........!!
The authorization header is not present by default in the POST request in postman and hence you can get the error: Cannot read properties of undefined (reading 'split') as there's no authorization header present, you have to set the header in the Headers tab manually as "Authorization" and set its value to null so that it can be used further in the middleware functions.
Agr hum Map or database ko combined use kry tu excess database request ka issue ni hoga, first time jab user login hoga tu map ma bhi or database ma bhi store hoga or getuser ma hum check laga day ka agr user exist krta ha map ma tu database sa query na kry or agr map sa ma ni ha tu database sa query kr kay usko map store krdy for further request verification
Thank you for this tutorial - you have make an overview video about architecture of SSO (single sign on) authentication - if possible, can you make a full coding tutorial of SSO (basic only will do).
im facing problem regarding non existing authorization header in server side gives Cannot read properties of undefined (reading 'split'), though using res.set('Authorization', `Bearer ${token}`); inside handleUserLogin async function to set the valus, help me to debug it any one...
Hi Piyush, maine ek website banai hai jiska server or client different domain pe hai but jab mai sever me cookies ke option me domain ko apne client ke domain pe set karta hu, tab bhi cookie send nahi ho rahi. I've also used cors for cross platform sharing. kya browser ka kuch default behavior hota ki third party client par cookie send nahi karna? meanwhile maine localstorage me token send kar diya, but mai cookies me token send karna chahta hu..
sir in my code it is showing can't read the properties of undefined after i switched to response section after cookie section, i copied exactly your code but it is not working, if someone know please help
@@BiGryuuu add with credentials: true in your frontend code and in backend use cors ( app.use(cors({ origin : '*', credentials: true, })) I think this might work for you
if one user logs in, but second user comes and copy your Authorization Bearer token or Cookie..... and that 2nd person then requests in the backend from his own laptop via the copied token/cookie. In this case, how to make it more secure ???? Can you please walk through this scenario ?
Bhaiya please make a video on cross site in which authorization header is sent to the backend my malicious website and produce hacking in the backend :)
@@ArpitJain-kc7bl you don't have a choice to include it or not it's just how it's written whenever you'll pass the token in headers it will always be attached with word bearer
Bro! You have to set your headers on your own like this that contain Authorization property here is the example! const headers = { 'Authorization':'Bearer ', 'Content-Type:'application/json', // just an example property you can add more property as you want! } now you can pass this header with your fetching methods like fetch or Axios Hope you get it
The thing I love about this playlist is using simple language, very easy to understand and please always give the scenario of how things work at enterprise level in your future video.😌
I thought the same even though I used to do the same in my MERN stack projects what shubham has asked
But Thanks Piyush for getting us more clear on it also I found that OAuth and NextAuth use the same technique while authenticating users on each request they utilize tokens stored in the cookies and get users' data from it!
Very very useful topic you have covered
Bro just don’t stop posting videos u r just amazing tutor❤
Excellent Videos Piyush... Explaining it in such a simple way.. makes it so easy
Thanks sir taking my doubts..it's clear now
This tutorial of nodejs is more useful to any other paid tut .
Thank you so much sir such a amazing series ❤️ 🙌 👏
Bro you are explaining very deep things in practical superb bro 🎉🎉
Thank You Sir, It was one of the Best explanation of cookies on youtube.
literally no words for uh bro !...excellent explaination 😃😃
No words, how you explain deep fully, at each word meaning fully explain😊 Thank you, Create An UA-cam channel and share your knowledge📚
Got to know many things this video thank you for the lecture😇😇
Thanks for the video 🔥✨
My pleasure!
Thanks bhaiya for the video tutorials. 🥳🥳🔥🔥🤘🤘
You're welcome 😊
Great work, it has compelled me to like and subscribe.
that was so useful and deep knowledge for newbie. awesome bro ❤.
superb bhai...
Amazing explaination bro ❤👏🏻
Thank You Piyush For this great video!!! ; )
i can't set cookie by res.cookie
use cookie parser and if you work on react and node you need to use cors package
@@sawaregamer8815I am also not able to set cookies using react. I have used both cookie parser and cors package.
Use res.cookies
excellent explanation brother
Good explanation👍
Thank you so much for sharing this. Very good explanation :)
16:10 what are you trying to do 🤔
According to mdn
Fir domain value -
"Only the current domain can be set as the value, or a domain of a higher order"
"A cookie for a domain that does not include the server that set it should be rejected by the user agent."
If you encounter this error: Cannot read properties of undefined (reading 'split'), Follow the given steps:
1. first make changes only to handleLogin controller and send token as json instead of setting a cookie.
2. Now in postman, make POST req to /user/login and generate a token.
3. Now make change to our middleware functions i.e to checkAuth and restrictLogin middlewares.
4. And now finally make GET req to homepage and set the authorization header in postman.
Reason: If you make changes to the middlewares first and then try to generate the token it will result in error because we don't have authorization header during initial token generation and the checkAuth middleware is still executed. Hence generate the token first and then make necesarry changes in the middlewares.
Hope it helps!
still getting the same
@@Spotlight_Gaming same issues
2:00 what about storing user with their session id in redis instead of db
what is the difference? what does reddis do?
Sir i have a doubt because 11:04 you have directly providing user from jwt token but if the user is deleted from database but the user can still access logged in content.
getUser function doesnt "provide" user directly, it decodes the user data that was signed, i.e. id and email, adds it to req.user (code under restrictToLoggedInUser ) and finds that info from the database for each req, you can check the code at router.get('/'..) under staticRouter,
21:06 but token match karne ke liye database access chahiye hoga na har bar request aane par!!..........to problem to same hi rahi jo aapne video ke starting me kaha tha
Thanks bro..excellent video .really helpful
U got one subscriber ❤
Thank you so much ❤️
can you explain refresh token and access token?
From where you learn all this so well??
This is called pure hardworking, he go through all the documenation and dig the google very well.
That is the problem, everything is available for everyone but our lazy culture........!!
The authorization header is not present by default in the POST request in postman and hence you can get the error: Cannot read properties of undefined (reading 'split') as there's no authorization header present, you have to set the header in the Headers tab manually as "Authorization" and set its value to null so that it can be used further in the middleware functions.
Agr hum Map or database ko combined use kry tu excess database request ka issue ni hoga, first time jab user login hoga tu map ma bhi or database ma bhi store hoga or getuser ma hum check laga day ka agr user exist krta ha map ma tu database sa query na kry or agr map sa ma ni ha tu database sa query kr kay usko map store krdy for further request verification
Thank you for this tutorial - you have make an overview video about architecture of SSO (single sign on) authentication - if possible, can you make a full coding tutorial of SSO (basic only will do).
Thanks for the video sir
you should set the headers in ejs files only ,whats the use of creating them if we have to use postman only
Bro you are great>>>
im facing problem regarding non existing authorization header in server side gives Cannot read properties of undefined (reading 'split'), though using res.set('Authorization', `Bearer ${token}`); inside handleUserLogin async function to set the valus, help me to debug it any one...
Too good brother
Really good video but It would be good if you compare localstorage vs cookies which is better, limitations like that.
Sir please tell us about new react JS series any idea when it's starting?
Thank you so much bro
But jwt be to scrent check krna ka liya br br new page reload phr datbase wala sa match krta ha?
Hi Piyush, maine ek website banai hai jiska server or client different domain pe hai but jab mai sever me cookies ke option me domain ko apne client ke domain pe set karta hu, tab bhi cookie send nahi ho rahi.
I've also used cors for cross platform sharing. kya browser ka kuch default behavior hota ki third party client par cookie send nahi karna?
meanwhile maine localstorage me token send kar diya, but mai cookies me token send karna chahta hu..
Bhai solution mila kya
@@JatinBedi69did you get any solution?
sir in my code it is showing can't read the properties of undefined after i switched to response section after cookie section, i copied exactly your code but it is not working, if someone know please help
Another potential concern might arise when dealing with stateful authentication in the context of load balancing.
Sir I am sending cookie by res.cookie and 'm able to see that cookie in network but not in application-->Cookies
Did you find any solution for this problem?
@@DineshKumar-gt7xm did you?
@@BiGryuuu add with credentials: true in your frontend code and in backend use cors ( app.use(cors({
origin : '*',
credentials: true,
}))
I think this might work for you
22:28 -->changes happen
if one user logs in, but second user comes and copy your Authorization Bearer token or Cookie..... and that 2nd person then requests in the backend from his own laptop via the copied token/cookie. In this case, how to make it more secure ???? Can you please walk through this scenario ?
He has said in his video that do not pass exact jwt token in cookie. Encrypt the token before passing it to the cookie
kaise ho pankaj sir ham bhi yhi se padh rhe😁
Bhaiya please make a video on cross site in which authorization header is sent to the backend my malicious website and produce hacking in the backend :)
in browser based applications, in industry standard for authentication tokens are sent through cookies or response?
Even Google is using cookies and you still have doubt 😂
but first time in mobile device we have to login how can we send token in request in first time does it not required?
First time we need to login, after successful login server provide us token and subsequent we use provided token by server to communicate server
How can I get a token set in cookies in browser
I am looking for the content on CSRF and CSP Headers in JAVA Filter. If you could provid it that would be really helpful.
why it showing this?
C:\Users\toshiba\Desktop\codes
ode js\URL shortcut project\index.js:50
res.redirect(entry.redirectURL)
^
TypeError: Cannot read properties of null (reading 'redirectURL')
at C:\Users\toshiba\Desktop\codes
ode js\URL shortcut project\index.js:50:21
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
Node.js v21.7.3
[nodemon] app crashed - waiting for file changes before starting...
Are you checking whether entry is null or not
I didn't get authorization in req.headers, where am I wrong?
Adhyapak Diwas ki Shubhkamnaein! 🙏😇
Thank you so much 😄
In last, we use header base authentication, Will it work for browser?
Because, it is not working for browser in my case.
Same.
What is the need to send bearer, as it is getting split
It's a way in which bearer token is designed
@@pratyushpragyey7002 is it just to make code readable or it is compulsory
@@ArpitJain-kc7bl you don't have a choice to include it or not it's just how it's written whenever you'll pass the token in headers it will always be attached with word bearer
@@pratyushpragyey7002 Okay brother thanks for clearing it
I am not getting authorization in the headers. Why?
bhaia do you have short notes of this lecture
Thanks
19:35 reponse
Hi.. Need your help.. My req.headers does not contain authorization property
Bro! You have to set your headers on your own
like this that contain Authorization property here is the example!
const headers = {
'Authorization':'Bearer ',
'Content-Type:'application/json', // just an example property you can add more property as you want!
}
now you can pass this header with your fetching methods like fetch or Axios
Hope you get it
well if you're using postman then you've to set the bearer token by going in headers
how we can take user information from tokens Piyush Garg
how to get this code
Tenks😊 gruudev
Very useful video Piyush, but it could be helpul if you are teaching in English
still I got One error TypeError: Cannot read properties of undefined (reading 'split') if Anyone have solution for this...
getting same error. were you able to find the solution?
@@prateek_saxena2107 Not yet...
because you've to set authorization property if you're using postman by setting bearer token
excellent
Thank's man
what are http only cookie ?
ye Manish Paul bhai hai kya ??
this authorization thing got me confused like cookies, tokens, headers and all.
Bhaiya ji esse he videos aati rehye gii ?
haa
please share the code
Pls provide the source code always
bade bahiya m soch kyo nahi pa rha hun😟
ddd
@piyushgarg sir