Authentication in React with JWTs, Access & Refresh Tokens (Complete Tutorial)

preview_player
Показать описание

VSCode Theme | Font → Material Theme Darker | Menlo, Monaco "monospace"

In this video we will learn how to handle authentication in React with JWTs and access & refresh tokens. We will learn about the mental model of authentication, where to store each type of token, and finally we will look at some React code to see all of this in practice, so that you can take it and apply it to your own applications!
  1. Cosden Solutions
  2. react tutorial
  3. react crash course
  4. react developer
  5. learn react
  6. react hook
Рекомендации по теме
Authentication in React 0:23:45

Authentication in React with JWTs, Access & Refresh Tokens (Complete Tutorial)

Session vs Token 0:02:18

Session vs Token Authentication in 100 Seconds

Intro to JWTs 0:10:50

Intro to JWTs and Authentication (JSON Web Tokens) - React Tutorial 42

Session Vs JWT: 0:07:00

Session Vs JWT: The Differences You May Not Know!

Best Practices for 0:21:10

Best Practices for React Data Security, Logins, Passwords, JWTs

Next.js App Router 0:11:31

Next.js App Router Authentication (Sessions, Cookies, JWTs)

Don’t Use JWT 0:01:00

Don’t Use JWT for Login Sessions

Authentication With JWT 0:32:19

Authentication With JWT Tutorial - React, NodeJS | How To

How to Store 0:08:28

How to Store JWT for Authentication

What is JWT 0:26:12

What is JWT token and JWT vs Sessions

JWT Authentication Tutorial 0:27:36

JWT Authentication Tutorial - Node.js

Learn JWT in 0:10:20

Learn JWT in 10 Minutes with Express, Node, and Cookie Parser

Auth Refresh Tokens 0:15:45

Auth Refresh Tokens - React Tutorial 48

React JS - 0:15:50

React JS - How to create login using Json Web Token with PHP Laravel

Build a Login 0:49:15

Build a Login and Registration User Interface in React.js With JWTs and Refresh Tokens

Authentication Implementation using 0:24:27

Authentication Implementation using Access & Refresh Tokens in React

Why Email Only 0:00:53

Why Email Only Auth Is More Secure

React Native Login 0:24:59

React Native Login with JWT Auth Context

Register and login 0:39:21

Register and login a user with JWT token

What is JWT 0:05:13

What is JWT ? JSON Web Token Explained

Tensei: The Ultimate 0:18:22

Tensei: The Ultimate guide to JWT client side authentication (Stop Using Local Storage !!!)

JSON Web Token 0:06:30

JSON Web Token Hacking

Auth Does NOT 0:17:13

Auth Does NOT Have To Be Hard

React and node 0:11:48

React and node JS project in Hindi #33 JWT token Authentication

Комментарии
Автор

You are good n unique as online instructor. Most ppl don't explain the road ahead as you do. They just jump to launching IDEs.

Dabayare
Автор

The HTTPOnly cookies travel back and forth with every HTTP request and response, just like regular cookies. The only difference is that the browser will not allow the client-side Javascript to access them, which can prevent certain types of attacks.

TomislavKimovski
Автор

Instant subscription, clear, on-point, full of useful theory and practical example. 👏

artemvolsh
Автор

Great video! The implementation looks really interesting. Could you please share the source code for this project? It would be very helpful for those of us trying to learn and follow along. Thanks!

x-dev-johndoe
Автор

this one just awesome, please more video about authentication and authorization + a comprehensive one for axios
thanks a lot
one of the few channels worth subscribing...

mohammadkhakhsoor
Автор

“Refresh token is only on the server” this is nonsense. Http only cookies are not on servers, cookies are for clients. The server checks the cookie that is sent with every request to the server. It’s not living on the server.

Your video quality is great, but this is a fundamental mistake

Diamonddrake
Автор

Even if an attacker gains access to access token, they can’t do much with it because they don’t know the secret used to sign the JWT. The secret is stored server-side and remains hidden, preventing them from forging or tampering with the token

AlgoKemal
Автор

Local storage/ session storage /cookies what is the industries recommended ways to store user details and how to use 3 of the ways in react app

regilearn
Автор

Hello,
If we are sending the token in authorization header, then they will be visible to everyone anyways. Why should we not store the access token in session/localStorage?

PrashantSingh-xetn
Автор

Very practical demonstration of the concept! Thanks !

deepeshpakhare
Автор

Thanks for this. I'm voting for this same topic with next js app router please 🙏

Dexquestd
Автор

Great tutorial, but I have one question what if the user refreshes the app before the expiration time if so the token in memory will be undefined so how the server will identify the user in the refresh token call ? as the API request token is undefined even if the user has a valid refresh token?

ahmednasser
Автор

That's great!! Could you upload the source code to your repository?

arnaldoceballos
Автор

So hard to find instructors like you.Can you add part two explaining how you would add RBAC in this implementation for role based authentication and have private routes and a hint on how to handle this with nextjs 14.We need to understand fully this phrase "Roll you own auth" and not becoming dependant on thirdy party libraries.Thank you

djtoon
Автор

This was actually very helpful and cleared a lot of ambiguity I had. Thank you very much.

adnandev_
Автор

Hi Codsen, great video! Thanks for all the wonderful content.

One burning question I've had is why the frontend is responsible for calling the refresh token endpoint? Since the backend is the one sending the 403 with the Unauthorized error, couldn't the backend be responsible for intercepting that request in the error handler and trying to hit the refresh endpoint? Obviously the RT would need to be sent with every request and not just on the specific refresh token endpoint if that were the case, so the AT and RT would be sent with every request.

Any guidance/education on why it's not done all from the backend but rather from the frontend? Is it because now the RT has to be sent with every request? Even with that I would think it's secure because it's still stored in an HTTP-only cookie, but is the concern with a bad actor intercepting the cookie from the request?

joeprince
Автор

once again a very great and well-explained video like always !! a BIG THANKS from berlin 🖤
all respect for your whole effort producing those video tutorials!

mocastello
Автор

Very nice and concise tutorial.
However, can you answer my question ?.
Should I do authentication myself or use a third party for that ? Also what are the possible vulnerabilities i am exposed to if i do it myself ?

goljivines
Автор

If you store token in state won't it get deleted on page refresh? Then what would you send to the server. So every time the page is refreshed the user needs to relogin?

adusparx
Автор

I understand the concept of saving the access token in memory and why it's more secure to keep it there. However, what I don't understand is how the server knows it's "you" who sent the request for a new access token when the app is refreshed. Is it determined by IP address? By browser? What information is sent from the front end to the backend to verify that the user is the correct one for that refresh token to generate a new access token?

I need to tell the backend developers what they need to implement for the front end to have a correct flow of the tokens. I would greatly appreciate an explanation of this, as I am struggling to understand how to keep the access token in memory. Currently, I have been saving it in session storage.

HeinerAngarita