The ultimate NestJS Authentication guide
Vložit
- čas přidán 9. 07. 2024
- This ultimate guide to NestJS authentication covers everything you need to know about implementing secure user authentication with PassportJS. Master Auth in NestJS now!
00:00 Authetication Flow Overview
02:14 User Login
07:27 Generate Token
12:55 Access Control
19:50 Passport Authentication
29:12 Passport Access Control - Věda a technologie
clean video nice editing skill and also informative keep uploading
Thank you so much @omarsalah4252 for showing your support, it means a lot to me.
I've been enjoying making these videos, and I have a lot more coming :)
How a great tutorial!!!
Thanks so much
Nice tutorial
Man, first video I watch from your channel and you have such a great content, keep it up, you deserve to grow here
Thanks a lot @amaury_permer. This really means a lot to me to know that you are enjoying the content on this channel
You’ve got a great smile 😬
Thank you for your comment @ajalasegun1
Beginner question: is it safe to send the password in a request?
Is it possible to catch that package in the middle?
I know the hash is used for it, but
implementing a hash on the client side and sending it to compare hashes on the server side sounds the same. Will it be safe? How to make bulletproof secure auth?
Hello @spamcolector
TLDR;
If you use HTTPS then it's safe. Is it "bulletproof"; No
Every auth solutions has downsides and risks associated. Most of the time you would choose a solution based on the risk, effort and requirement of your product. There are many solutions to choose from and some of them don't even involve a password. For example Magic links. But that would mean sending emails to users handling links expiration etc... Is the added complexity worth it?
If you use HTTPs there isn't really a point hashing the password on the client side, because the data transferred is encrypted anyway. The reason why you don't want to store the password in clear is to prevent anyone with access to the database to have access to the user password and you don't want that password to also appear in logs and other code traces.
hope that answers your question