Amazing content bro, keep at it already a fan and this is the first video I’ve watched.

Great job! So helpful.

I'm deep-diving into JWT to learn it completely. Started watching a lot of videos on it, and this one is VERY good! Need to play it on loop for some time I bet

Absolutely wonderful clarity and quality ❤️

@nikita-dev

Жыл бұрын

thank you!

Very concise explanation of JWT tokens, Thanks!

It’s Helpful. Thanks

best explanation on yt, keept the good work my friend

that's cool, it all make sense right now. thanks man

Such a great explanation! thank you so much.

awesome! this explanation is the best out there! thanks man! instant subscriber here 🔥

Osm man keep doing like this....

Excellent explanation and very easy to understand..thank you

Excellent explanation. thank you!

Nicely explained dude, keep it up 👍

Perfect.

Amazing ❤️🇪🇬

Hello ! Thank you for the refreshers ! Great video One question: what do you mean by creating a whitelist for refresh token ? If you use RT rotation, what's whitelisting adding to it ?

@nikita-dev

Жыл бұрын

A whitelist would be an alternative to RT rotation-- you wouldn't use both

Can I use personal access token(PAT) as refresh token?

you mention that it validation is done using private-key. That seems odd; generally we should be able to verify the signature using the public key, can you please clarify?

@nikita-dev

4 ай бұрын

There are various hashing algorithms that use different approaches to signing and verifying tokens. Some use just 1 private key (HS256), and some use both a public key and a private key (RS256). It just depends on the algorithm

Why not store JWT in secure httpOnly cookie instead, to prevent XSS on local storage?

@nikita-dev

Жыл бұрын

that works as well 👍

I don’t think JWT authentication can work effectively without making some sort of db call with every request. For example to know which tokens have been invalidated when the user signs out