How Does JWT Authentication Work? (JSON Web Token) | Tokens vs Sessions
Ғылым және технология
In this video you'll learn about how JWT Authentication works, and how token authentication differs from sessions.
Contact Me: onelightwebdev@gmail.com
Github: github.com/nikitapryymak
Support Me: www.paypal.com/paypalme/nikit...
#jwt #jsonwebtoken #jwtauth
Пікірлер: 25
Amazing content bro, keep at it already a fan and this is the first video I’ve watched.
Great job! So helpful.
I'm deep-diving into JWT to learn it completely. Started watching a lot of videos on it, and this one is VERY good! Need to play it on loop for some time I bet
Absolutely wonderful clarity and quality ❤️
@nikita-dev
Жыл бұрын
thank you!
Very concise explanation of JWT tokens, Thanks!
It’s Helpful. Thanks
best explanation on yt, keept the good work my friend
that's cool, it all make sense right now. thanks man
Such a great explanation! thank you so much.
awesome! this explanation is the best out there! thanks man! instant subscriber here 🔥
Osm man keep doing like this....
Excellent explanation and very easy to understand..thank you
Excellent explanation. thank you!
Nicely explained dude, keep it up 👍
Perfect.
Amazing ❤️🇪🇬
Hello ! Thank you for the refreshers ! Great video One question: what do you mean by creating a whitelist for refresh token ? If you use RT rotation, what's whitelisting adding to it ?
@nikita-dev
Жыл бұрын
A whitelist would be an alternative to RT rotation-- you wouldn't use both
Can I use personal access token(PAT) as refresh token?
you mention that it validation is done using private-key. That seems odd; generally we should be able to verify the signature using the public key, can you please clarify?
@nikita-dev
4 ай бұрын
There are various hashing algorithms that use different approaches to signing and verifying tokens. Some use just 1 private key (HS256), and some use both a public key and a private key (RS256). It just depends on the algorithm
Why not store JWT in secure httpOnly cookie instead, to prevent XSS on local storage?
@nikita-dev
Жыл бұрын
that works as well 👍
I don’t think JWT authentication can work effectively without making some sort of db call with every request. For example to know which tokens have been invalidated when the user signs out