Authentication: It’s Easier Than You Think

so many hairs on the left eye, how can you even see screen?

I will sub if u move ur hair off ur eyes and forehead 😂

Just make sure to pull your hair back to not cover ur eyes. Makes u detect bugs and typos faster

This dude is really just over complicating things for absolutely no reason other than he loves to hear himself talk.

waiting for "Auth: It's Harder Than You Think"

no its not

please do a video with sessions and express-session

All makes sense.. but, your strategy (in your example with nextjs) is a single page... what if you have a bunch of files or folders that require authentication ( while others do not ). Having that "check session method", in all those places seems terrible.

What is your strategy for many folders/files that need auth?

Great content bro,
btw what is T3?

Who else was thinking about Kerberos while listening to this? XD

You're assuming the backend api will be only used by a web browser. Cookies won't work on all clients, JWT is the better solution.

could you get the permissions and put it a global store on login?

Clerk has solved Auth

There is any way to implement it, with two factor authentication on google generator or 1Password api?

Can you make a video about middleware and pros and cons of handling protected pages in middleware vs at page level?

It wasn't in fact easier than you thought

After the video, I have a LOT more questions about auth.

What theme do you use?

This is really awesome. And I haven't even watched the full video.

Thanks for sharing such valuable information. This walkthrough helped me a lot to understand better some things I couldn't grasp that well by myself.

You forgot the sign up process, email validation, eventually phone too, use Google login or Facebook login, Oauth, websso, etc... In the real world it's not so simple as you describe on your school video...

Hey guys I am watching this as I'm learning nextAuth for the first time and I was happy to understand a lot of things (code wise at least) for once BUT what he said about JWTs got me confused. Wasn't he using JWTs in this very example? Are there other ways? Aren't JWTs secure?

thanks a looot! :)

This is gold. I learned authorization with JWT a week ago and I've been stuck fot two days trying to implement it well, been searching a lot of tutorials and steps when actually I needed a general explanation of the authorization concept (I was getting confused with localStorage because I thought it was a bit insecure, which I learned to be true in this video lol). Maybe JWT wasn't the best place to start. Really helpful vid

i'm not sure about the "cookie" part... I mean "document.cookie" is pretty accessible by JS... in fact as much as Local Storage.... plus, since the cookie is applied to every request, you are vulnerable to CSRF unless you put an extra header, or validation....

I like the idea of JWT, i'm all for your "stop putting shit in JWT" as such as if you change user permissions, if they are "on the server" they can be changed on the fly, as if they are "on the client" the token must be refreshed at every change.

For me auth is
4 routes: /login, /register, /forgot, /reset
and Middleware(s) on the server

if you want to store sessions of validate JWT is seems that thats all you have to think about (unless you want to complicate it)

That's great but if you're doing offline-first you have to look at the storage.

Why is JWT bad I don't understand? Why is storing JWT in localStorage bad???

A self learned dev like me who will be working as a freelancer in a few months badly needs this

I get a LOT out of the videos. I love learning where my thinking is not up to speed

Nice video! Is this codebase available to clone ?

I've watched this video before and didn't understand shit, now I'm building a app using T3 stack and this made so much sense, and helped me a lot. Thanks Theo, keep up the great work, you are inspiring

Hey bro nice explaination with example. thanks for this. But I have a questions How to implement accessToken and RefreshToken login with Nextjs, Redux toolkit with Own backend (Express)

Dude thank god. im one min in and you already broke the spell of frustration that comes any time i want to look any video up...

1 ... Your making a video in your FIRST language, not your third. (no offense to anyone but it's very confusing why people who want to give technical tutorial lessons in a language that they struggle to speak... I give them credit for knowing multiple languages, but it's very hard to understand abstract concepts / nomenclature when the person has a thick ... accent

2.. your not going for the MOST LONG TAIL STACK POSSIBLE... yea this is gonna be auth except its routed through your frontend ... but you need to use this one module which is only available on a version of node that isnt compatable with the rest of your stack. and is outdated in a few months.

3... you actually giving some details about the stuff your doing.... it seems that most people that do the above 2... just FLY through the details , -> or have a shitty streaming setup...

all to say... keep up the good work you got a sub here.

thank you for this video!!! clears out a lot of things in my head 🚀

What about if I need to share this users list across multiple projects ( auth microservice I guess ) but still need oAuth and next-auth ?

love your channel man
even at 1mill still will be underrated

CORRECTION: storing stuff in a cookie doesn't make it any secure what so ever. so it doesn't really matter just use the easiest way for your project.
considering a 2FA is always better(more secure), "and annoying"
also requesting stuff when you need it is SLOW and purposeless and adds 0 percent of security, unless you consider making it a little bit(maybe like 5%) harder(from the attacker's end) "more secure"

My issue is that filtering which parts of the frontend are shown on the server isn't as doable on a SPA + other-language-backend setup

I love this style of notepad-teaching, it's a lot less sterile and boring than most videos on these topics. Hoping for a lot more videos like this!

Crystal clear explanation. Thanks a lot :-)

Wow...

This information was very informative. The enjoyability was enjoyable. This video contained its contents.

if milo yiannopoulos became a coder