Комментарии:
so many hairs on the left eye, how can you even see screen?
ОтветитьI will sub if u move ur hair off ur eyes and forehead 😂
ОтветитьJust make sure to pull your hair back to not cover ur eyes. Makes u detect bugs and typos faster
ОтветитьThis dude is really just over complicating things for absolutely no reason other than he loves to hear himself talk.
Ответитьwaiting for "Auth: It's Harder Than You Think"
Ответитьno its not
Ответитьplease do a video with sessions and express-session
ОтветитьAll makes sense.. but, your strategy (in your example with nextjs) is a single page... what if you have a bunch of files or folders that require authentication ( while others do not ). Having that "check session method", in all those places seems terrible.
What is your strategy for many folders/files that need auth?
Great content bro,
btw what is T3?
Who else was thinking about Kerberos while listening to this? XD
ОтветитьYou're assuming the backend api will be only used by a web browser. Cookies won't work on all clients, JWT is the better solution.
Ответитьcould you get the permissions and put it a global store on login?
ОтветитьClerk has solved Auth
ОтветитьThere is any way to implement it, with two factor authentication on google generator or 1Password api?
ОтветитьCan you make a video about middleware and pros and cons of handling protected pages in middleware vs at page level?
ОтветитьIt wasn't in fact easier than you thought
ОтветитьAfter the video, I have a LOT more questions about auth.
ОтветитьWhat theme do you use?
ОтветитьThis is really awesome. And I haven't even watched the full video.
ОтветитьThanks for sharing such valuable information. This walkthrough helped me a lot to understand better some things I couldn't grasp that well by myself.
ОтветитьYou forgot the sign up process, email validation, eventually phone too, use Google login or Facebook login, Oauth, websso, etc... In the real world it's not so simple as you describe on your school video...
ОтветитьHey guys I am watching this as I'm learning nextAuth for the first time and I was happy to understand a lot of things (code wise at least) for once BUT what he said about JWTs got me confused. Wasn't he using JWTs in this very example? Are there other ways? Aren't JWTs secure?
Ответитьthanks a looot! :)
ОтветитьThis is gold. I learned authorization with JWT a week ago and I've been stuck fot two days trying to implement it well, been searching a lot of tutorials and steps when actually I needed a general explanation of the authorization concept (I was getting confused with localStorage because I thought it was a bit insecure, which I learned to be true in this video lol). Maybe JWT wasn't the best place to start. Really helpful vid
Ответитьi'm not sure about the "cookie" part... I mean "document.cookie" is pretty accessible by JS... in fact as much as Local Storage.... plus, since the cookie is applied to every request, you are vulnerable to CSRF unless you put an extra header, or validation....
I like the idea of JWT, i'm all for your "stop putting shit in JWT" as such as if you change user permissions, if they are "on the server" they can be changed on the fly, as if they are "on the client" the token must be refreshed at every change.
For me auth is
4 routes: /login, /register, /forgot, /reset
and Middleware(s) on the server
if you want to store sessions of validate JWT is seems that thats all you have to think about (unless you want to complicate it)
That's great but if you're doing offline-first you have to look at the storage.
ОтветитьWhy is JWT bad I don't understand? Why is storing JWT in localStorage bad???
ОтветитьA self learned dev like me who will be working as a freelancer in a few months badly needs this
ОтветитьNice video! Is this codebase available to clone ?
ОтветитьI've watched this video before and didn't understand shit, now I'm building a app using T3 stack and this made so much sense, and helped me a lot. Thanks Theo, keep up the great work, you are inspiring
ОтветитьHey bro nice explaination with example. thanks for this. But I have a questions How to implement accessToken and RefreshToken login with Nextjs, Redux toolkit with Own backend (Express)
ОтветитьDude thank god. im one min in and you already broke the spell of frustration that comes any time i want to look any video up...
1 ... Your making a video in your FIRST language, not your third. (no offense to anyone but it's very confusing why people who want to give technical tutorial lessons in a language that they struggle to speak... I give them credit for knowing multiple languages, but it's very hard to understand abstract concepts / nomenclature when the person has a thick ... accent
2.. your not going for the MOST LONG TAIL STACK POSSIBLE... yea this is gonna be auth except its routed through your frontend ... but you need to use this one module which is only available on a version of node that isnt compatable with the rest of your stack. and is outdated in a few months.
3... you actually giving some details about the stuff your doing.... it seems that most people that do the above 2... just FLY through the details , -> or have a shitty streaming setup...
all to say... keep up the good work you got a sub here.
thank you for this video!!! clears out a lot of things in my head 🚀
ОтветитьWhat about if I need to share this users list across multiple projects ( auth microservice I guess ) but still need oAuth and next-auth ?
Ответитьlove your channel man
even at 1mill still will be underrated
CORRECTION: storing stuff in a cookie doesn't make it any secure what so ever. so it doesn't really matter just use the easiest way for your project.
considering a 2FA is always better(more secure), "and annoying"
also requesting stuff when you need it is SLOW and purposeless and adds 0 percent of security, unless you consider making it a little bit(maybe like 5%) harder(from the attacker's end) "more secure"
My issue is that filtering which parts of the frontend are shown on the server isn't as doable on a SPA + other-language-backend setup
ОтветитьI love this style of notepad-teaching, it's a lot less sterile and boring than most videos on these topics. Hoping for a lot more videos like this!
ОтветитьCrystal clear explanation. Thanks a lot :-)
ОтветитьWow...
ОтветитьThis information was very informative. The enjoyability was enjoyable. This video contained its contents.
Ответитьif milo yiannopoulos became a coder
Ответить