JWT Authentication in Node.JS with Refresh Token | MongoDB | Redis - For Beginners Full Detailed 🚀

preview_player
Показать описание
In this video, I will be showing how you can create JWT based authentication in NodeJS and create login, registration and logout functionality in NodeJS API. JSON web tokens are popular way to secure web applications. We will create access tokens and refresh token, and MongoDB will be used to save user data, and Redis will be used for storing Refresh Token and blacklisted access tokens.

Concepts Covered:
Login & Registration APIs
Using refresh tokens with JWT
On Logout invalidating the tokens
Redis to store refresh tokens
Authenticating users with JWT
Invalidating refresh tokens to log users out
How to use JWT securely

Titles:
Authentication in NodeJS

Chapters:
0:00 Intro
0:37 What we will cover in this tutorial
1:00 P1: Project Setup
5:11 P1: Create Express Web Server
6:41 P1: Create Login route and logic
16:03 P1: Generating JWT access token
34:46 P1: Refresh Token Generation Strategy
37:55 P1: Implement Refresh Token
1:06:23 P2: Refactoring, MongoDB and Redis store
1:34:36 P2: Creating Redis Store
2:11:43 P2: Testing and debugging

Tags:
#NodeJS #JWT #Redis
Рекомендации по теме
Комментарии
Автор

Can you make a video on React consuming this Api?

carefree_ladka
Автор

is this tutorial uses single device login with redis ?

redouanaf
Автор

great explanation ...!! I have a doubt when a user is requesting a new access token why we are generating new refresh token? we can generate an access token only and send back the newly generated access token with the refresh token that we have received.

namansamra
Автор

If you have already knowledge about authen flow start at 1:34:23.

minhhieple
Автор

why we are using redis ? when we already have expiration time fewature in jsonwebtoken packages?

siddharthkumaryadav
Автор

How to refresh token in the background other than using TimeOut Javascript?

VikashKumar-qczl
Автор

When a user ( let's call him user with machine(1)) logs in you generare new refresh token, but if the same user logs in with different browser or different machine (user with machine(2)), you override the old value of the token, which means when you verify the refresh token of user with machine(1) he is gonna get an error bcz the refresh token he was signed in with is not found in the refresh tokens array... and that's not what you want right?

CrazyyyLowy
Автор

Each user we stored his refresh token in redis. ? .
And if we logging and logging again . We generate new refresh token and stored it again . The old one are deleted from redis ?

ahmedcherifi
Автор

Tokens should not be sent in the request body

richardantao
Автор

As a beginner i don't understand the connection with redis, can someone please tell me how the redis connection is done? from where i can get the ip address for redis connection?

SampathKumarV-xpgp