How Does JWT Authentication Work? (JSON Web Token) | Tokens vs Sessions
Vložit
- čas přidán 27. 07. 2024
- In this video you'll learn about how JWT Authentication works, and how token authentication differs from sessions.
Github: github.com/nikitapryymak
Support Me: www.buymeacoffee.com/nikitadev
Contact Me: nikitadev292@gmail.com
#jwt #jsonwebtoken #jwtauth - Věda a technologie
Amazing content bro, keep at it already a fan and this is the first video I’ve watched.
Great job! So helpful.
I'm deep-diving into JWT to learn it completely. Started watching a lot of videos on it, and this one is VERY good! Need to play it on loop for some time I bet
Absolutely wonderful clarity and quality ❤️
thank you!
Very concise explanation of JWT tokens, Thanks!
best explanation on yt, keept the good work my friend
It’s Helpful. Thanks
Such a great explanation! thank you so much.
awesome! this explanation is the best out there! thanks man! instant subscriber here 🔥
Excellent explanation and very easy to understand..thank you
that's cool, it all make sense right now.
thanks man
Nicely explained dude, keep it up 👍
Excellent explanation. thank you!
Osm man keep doing like this....
Thankyou very much.
Amazing ❤️🇪🇬
Perfect.
Hello !
Thank you for the refreshers ! Great video
One question: what do you mean by creating a whitelist for refresh token ? If you use RT rotation, what's whitelisting adding to it ?
A whitelist would be an alternative to RT rotation-- you wouldn't use both
Can I use personal access token(PAT) as refresh token?
Why not store JWT in secure httpOnly cookie instead, to prevent XSS on local storage?
that works as well 👍
you mention that it validation is done using private-key. That seems odd; generally we should be able to verify the signature using the public key, can you please clarify?
There are various hashing algorithms that use different approaches to signing and verifying tokens. Some use just 1 private key (HS256), and some use both a public key and a private key (RS256). It just depends on the algorithm
I don’t think JWT authentication can work effectively without making some sort of db call with every request. For example to know which tokens have been invalidated when the user signs out