How to Authorize User Roles and Permissions | Node.js & Express Authorization Tutorial

Great tutorial and a seriously underrated channel! I'm learning on my own and have been having a really hard time piecing these backend concepts together - this helped a lot. There's a lot of frontend tutorials out there, but not as many backends. Keep up the great work! subbed and liked

spirits__

this series of node and express tutorials is I went through the whole series and really learned a lot even though I have used express for a long time. Thanks Dave, pls keep going for the excellent content, this is the best node &express tutorial on Youtube.

danieljing

Awesome video series!! I've tried many times to understand node in more detail together with JWT Authorization and Authentication and this is the best resource available by far! Looking forward to taking more of your courses once you have your platform up and running!!

cuentamovil

What a brilliant teacher. Take love and massive respect sir❤

jellyfish

Brilliant video, well explained and very professional!

drikish

Awesome info. This tutorial and other ones you created provided all the answers I needed on how to integrate JWT into my project along with roles. I was cornfused before and now I'm less cornfused.

ahndeux

You're amazing. Thank you for sharing all this information! I wish you all the best in life.

plankton

It's a great one. Thanks a lot Gray

oluwatobilobaibuola

This is a very nice concept to apply access roles,
I used to use similar concept before (saving user roles upon login process),
everything worked nice until I encountered a case where a user was misbehaving and I needed to remove some roles, unfortunately there was no way to invalidate his access token and I had to wait for him to logout or for his session to get expired 🤦‍♂️😥

I really appreciate explaining the concept, this will make coding easier,

Thanks Dave,

ahmad-murery

Hi Dave! Great work, really enjoy your method of teaching and way of explaining everything. I consider myself more than a beginner but not advanced for sure, and I have found a lot of new information and new tips and tricks to take away from your lessons. I do have one question. I understand the process of passing the roles inside the JWT and validating them during the request process. However, what I don't quite understand, is why you use numbers associated to each role and not just level names (i.e. "admin" for Admin), I know you said that there are many constructs to role permissions, so maybe this is just one variation and there is no meaning behind it, but I was curious what your thoughts on it.

robertmoore

Thank you for another fascinating lesson.
A couple of notes:
(1) 26:44 - It is not shown on screen but maybe you should consider to make it clear with hard-subs (because it might be confused)
That in, the content of the Body tab is: {"id": 3, "firstname":"john", "lastname": "Doe"}
(...took me awhile to figure it up, and it might ease others, so..)

(2) 27:25 - Thank you for the clarification, but in this point people (such as myself) -
Might already got confused and spent some time to figure it out on their own,
So you might want to consider, again, to clear it up in the relevant (previous) video, with hard subs.

* If those are too difficult to produce now,
Then these clarifications might be helpful as notifications at the description
(..which is quite busy already as is, but.. ..yeah).

shineLouisShine

Hey nice tutorials. I have a question. Why at 12:50 why need to modify request object and set user and user roles to it, when all this middleware does is check whether we have auth token?

imonutiy

i think that you should prepare some slides about theory of each lecture, for example authentication, but anyway your nodejs express course is awesome and amazing, i hope that in the future you can make advanced course about nodejs .Tks very much !!!

lba-mdnk

If I were to need to update the user for an API post request -- for example, the user clicks a button, and something is changed on their user account -- would it make sense to just use the refresh token to lookup the user in the database like you demonstrate with the login and refresh routes? I'd prefer to use the user ID directly, but I imagine passing it through one of the tokens would be a security risk. Thanks!

imjust_a

Hi Dave, your explanations are just Perfect,
Please, any chance to ses PHP and symfony series in a near futur please ?
Thank you for your JS long video, definitly super great !

samirsamir

if i manually update the json file in Compass with the role i hope it works the same way than having a data file in my directory

vadersreign

Hello Mr. Dave can you help me how should we implement dynamic roles and permission base Authorization through node js... just like django Crm

AkashSachan-ztzm

good idea with role codes! when it comes to verifying auth header, I prefer to destructure: const [bearer, token] = '). Results in much cleaner code down the pipe.

aram

In the timeframe 09:48 you are obtaining the userroles from the founduser. But the userroles is also present in the decoded variable. can we assign the jwt userroles from founduser or decoded.userroles. both are fine?

skillkrio

Hi Dave it is a good idea with role codes! when it comes to verifying auth header, I prefer to destructure: const [bearer, token] = '). Results in much cleaner code down the pipe.

QuizEduTainment