Tensei: The Ultimate guide to JWT client side authentication (Stop Using Local Storage !!!)

Показать описание

The most common practice in the industry today is to save JWT in local storage or cookies. This is not secure, and there's a much better way to do this.

In this video I will show you all about it using the Tensei JS framework as our backend provider.

Thank you so much for watching this. Means a lot to me, and I hope you got some value.

Рекомендации по теме

Комментарии

The missing part of any JWT courses. Thank you.

rickybarabba

I know everyone is hyping that don’t store tokens in local or session storage. But the reality is if your application is vulnerable to XSS attacks then an attacker can high jacks your tokens stored even in http only cookie by triggering an fetch request to his malicious domain with credentials set to true. So I personally think that we should give more focus on preventing any sort of XSS vulnerabilities in our site rather than deciding where we store our tokens. Personally I prefer session storage as it expires when user closes browser tab. Also please note that I am not saying that author is completely wrong. This is a good quality video. Just saying that this approach will also fails if we have XSS vulnerability.

GeordyJames

Hello Franz, very nice video!! Great content too! However, you left out something. The cookie holding the refresh token is still susceptible to CSRF attacks. And once that happens, it’s game over. HttpOnly alone won’t save the cookie from CSRF attacks. You need additional settings on the refresh-token cookie 🍪 for GraphQL. Namely: Path: /graphql; Domain: localhost:4500; SameSite: Strict. Now, with these additional settings, the refresh-token cookie is not vulnerable to CSRF via abuse of ambient authority on cross-site, cross-domain scenarios

ifeoraokechukwu

Damnn!! this is what every JWT newbie needs to know how to understand the refresh token & its usage in the front end 🔥. Thank you Sir!!!

rizadwiandhika

I searched a lot about these refresh token and access token, finally, I understood what's going on. Thank you sir

uziqmyk

This was/is a phenomenal video. Though not titled microservices, this is the only video that I've found that helped me with the front end side of handling APIs. Thank you for making this.

MikeBrownphx

You went the extra mile. All the rest in YouTube were lazy or lacking of knowledge or maybe just not as clear as you are. Thanks for your video man!

callegarip

Wow, this is the probably the best discussion of how to securely store user credentials in the browser. I thought this approach made sense, but everyone seems to use local storage or cookies so I let it go. You just confirmed my intuition, and more! Thanks Kati, you’re awesome🙌🏽😎☝🏽. Ofc Im subbed 😁🎊

ozzyfromspace

Thanks for the kind words, I'm always happy to help! Let know if you'd like any videos on specific topics in the future. I wish you all the

aydnbilgin

Thanks so much! Every time was missing why the refresh token is even should be used

OleksandrDanylchenkok

You do a really great job explaining. It flows really well and you cover a lot without getting too much into the weeds.

Skillthrive

I've been looking for this!!!! I saw an article by Hasura and I tried it but I can't seem to fully complete it, thank you so much!!

Lindaine

This is the best I have watch so far on jwt auth.

francisf.massaquoijr.

Thank u so much, interested in starting so soft during quarintine and just need a place to get started, thx for the support

aydnbilgin

Damn, this is really good man! So much I've learned here that I need to use in my apps going forward!

desaawa

Important thing to highlight that such an approach is great for web browser applications but not a good idea to follow it if we are creating same Auth API for IOS or Android as they don't have the cookies mechanism.

rajatpratapsingh

tysm almost a week I searching about the refresh token huhu finally you saved me tysm!

lotkutv

Problem with this method is, if someone gets the refresh token, they may infinitely keep on getting new tokens.
One would say, to tackle this issue, keep the expiry time of small duration.
However, it’ll create another issue. Suppose, if I shut down my system and come back the next day, the refresh token would have expired by now. Therefore, I’ll have to log in again.
What could be the potential solution to such problems?

AnuragPradhan

But an attacker could make a request to his own server and then read the refresh token? Or am I thinking wrong

tomate

Thank you for addressing this topic, there is a lot of misinformation out there. :)

Daniel-nbkk

Tensei: The Ultimate guide to JWT client side authentication (Stop Using Local Storage !!!)

Tensei: The Ultimate guide to JWT client side authentication (Stop Using Local Storage !!!)

Nyarly's Introduction to Megami Tensei

Shin Megami Tensei V: Vengeance - 6 Things You Need to Know

Shin Megami Tensei V - Shiva Two Turn Kill (Hard)

My TOP TIPS After 50 Hours in Shin Megami Tensei V: Vengeance

My TOP TIPS After 90 Hours in Shin Megami Tensei III Nocturne HD Remaster (NO SPOILERS)

Learn From Best Players | Episode 1

Shin Megami Tensei V: Vengeance Complete Guide

Shin Megami Tensei V | Get “OVERPOWERED” Before The First Boss

How to Dodge in Brawl Stars

Lucifer Morning Star Persona 5 vs Shin Megami Tensei V

Here is the Order for Mushoku Tensei Movie Marathon

Is Shin Megami Tensei V: Vengeance REALLY That Good?!

Order To Watch Mushoku Tensei - Mushoku Tensei Chronological Order

Shin Megami Tensei V | 12 PRO TIPS TO SURVIVE - Don't Ever Die!?

The Most Speedy Build in Brawl Stars

Top 5 Things You Need To Know From The Shin Megami Tensei V: Vengeance Complete Guide Showcase

Shin Megami Tensei V: Vengeance TRULY is Definitive! - REVIEW

10 Tips for Beginners After 60 + HOURS of Shin Megami Tensei V

Can I Beat The Demi-fiend In Shin Megami Tensei V Without Demons ?

Can You Beat Shin Megami Tensei: Nocturne Without Buffs? (Part 1)

Shin Megami Tensei V- The Best Fusion and Money Guide

5 Tips for Beginners - Shin Megami Tensei III Nocturne HD Remaster

shin megami tensei v music hits hard