JWT Authentication Tutorial - Node.js and React

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello friends today we are gonna deep dive into json web token what's the jwt why we should use it cons browse and how to implement it using node.js and after that you are gonna learn how to make it more secure using refresh token and finally how to implement it on the client side if you are ready let's get started when you create an application one of the most important things is handling authentication and authorization so imagine in your application users can create a post and after that they can edit or delete them but the crucial thing is authorization here because they should be able to delete only their posts when they attempt to delete other users post we should respond to them with an error and say hey it doesn't belong to you so you are not allowed to delete it it sounds pretty easy right we can easily handle that then we make an api request we can check the username or id and posts username and id and if they are equal we can give them access well unfortunately it's a utopian idea that because word has many people with bad intentions once they know your user id or name they can easily manipulate the api request and attempt to delete or change your post or account so let's check our last project ok this is our full stack block application you can reach it by clicking cart on the top right okay let's login i will write in my username and password we are storing all informations about us in the local storage let's open it application local storage and this is our information and i'm going to my post and as you can see there is a delayed button because it's my post but if i go to another post for example this one we can see this delayed button because it checks the username of this post and it checks my username here if they don't match i can see this delayed button okay right now i can delete my post i will click this but it's gonna redirect us to home page but i just commented out this functionality that because i want to show you something here as you can see we have some requests and this is our delayed request i'm gonna click and here let's make this bigger post has been deleted if i go to the home page let's open in the new top [Music] as you can see there are only two other posts okay right now i'm gonna click these headers the request url i attempt to delete this post using delayed method and my payload here i send my username let's check out our api this is our delayed method as you can see first we find this post in the db and then there is a condition here if post username equals the username this hand here if they are equal it deletes this post if they are not it wants us you can delete only your post everything looks really nice if i try to delete another post for example belongs to anna paul's username will be anna and my username will be john and it's gonna fail and send this error and right now i'm gonna use my hacker instinct and think okay this application checks the username that's why i can't delete nspost let's go to the ns post so if i change the username inside the storage in the application and local storage so let's change this username id and username i'm gonna change this anna and let's refresh the page and tada i'm clicking play button and dresden peace let's go to the home page as you can see we deleted that post and i don't even know her password her email or anything but i'm able to delete her post not only post i can delete her account or update it or whatever and it's a huge huge problem you might say okay let's don't store it inside the local storage but the problem is not storage here we have to store some information here so the user doesn't have to log in again and again for any process the problem is our api you should never check your authorization like that and don't worry about the last projects by the way it's really easy to convert them by using jwt after this tutorial you can go to the previous projects and change them with jwt authentication and you can make them more secure so i didn't implement jw2 authentication for the last project because it could be a little bit confusing for beginners but now but now you already know how an api works how to create a back-end server how to handle post get delayed or any other operations so it's gonna be much more easier right now and if you are a new visitor if you never seen this channel or watch previous projects don't worry it's an independent video we are not gonna work on them okay if you understood the problem let's get started with the solution the first one is the station based solution in this case when you log in using your credentials it's going to go to the api and if the credentials are valid it's gonna create a station and store it inside your server and give you a cookie that includes your station id so whenever you attempt to reach a private endpoint for example update to user or delay to post or whatever you are gonna send this cookie to server and it's gonna check whether the information matches with the station in the memory or not if everything is okay you will be able to reach the api and don't forget we are storing our station in this server and here is our solution jwt it stands for json web talk basically when you log in with your credentials is gonna create a secret token that nobody can create and send you without storing it anywhere when you try to delete your account you should provide this token in the header of your request and the server decodes and checks this token and decides whether the token is valid or not so let's check it in the jwt website as you can see we have an anco.json web token here essentially it consists of three parts the first one is the header part it includes our hashing algorithm there are many algorithms you can choose but it really doesn't matter they all are really strong the only difference is the value of hashing and the second part is the payload part it includes our id and any given payload here you can provide your user id username email whatever you want and this is issued at date it shows when this token has been created also you can add an expiration date which is exp let's say one day and after one day this token will be involved and finally we have a signature that includes our encoded script key you can write here any script key you want of course it's not gonna be that easy and short and when you change any of these it's gonna be invalid so why we are using jwt instead of sessions firstly as i said we store the session on the server and each time a user login we should store a new one but the major problem is this station belongs that server nowadays every applications includes at least couple of micro services remember our social media application we have an api server and chat server so imagine you have an e-commerce web application you want to separate servers maybe you have a normal shopping application and help desk application and maybe users can communicate with each other inside a forum application so all of these servers are independent thanks to jwt it's really easy to share token between different apps in this case they all can use just one token and authorize your actions so in a nutshell jwt is awesome and i highly recommend you to use it well how we are gonna use it in our node.js application let's get started ok as you can see we have two folders here client and api they are empty for now we have just index file here and packages and we are gonna create our application first so let's create our express server i will say const express and it's gonna require express so i should create application i'm gonna say cons app and it's gonna call express function okay so i should listen any port to run our application so i will say app listen and port number let's say 5000 and call back here i'm gonna just console lock my connection let's say backhand server is running okay let's try i'm gonna start my application npm start perfect it's working so what i'm gonna do right now before creating any login or delayed routes i'm gonna create some fake users here i'll say const users i'm not gonna create database i'm just gonna use my server memory here it's gonna be easier i think we are not gonna waste time so let's say id is gonna be one and username i will say john and password let's say john0908 i'm doing this because i don't want to see any your password is too weak error on the browser so finally i will say is admin and he's gonna be admin okay so i can create one more it's gonna be id2 and chain jane and she is not gonna be admin false okay this is our users db so after login process for example if you try to delete any user john will be able to delay 10 of time because he is an admin and jane just can delete her own account okay let's create our login route here i will say app post request and if you don't feel confident about rest apis you can watch my social media application or blog application using note.js and express if you already know it's gonna be easy writing i will say api and login this is gonna be our route and after that i'm gonna take request and response and we are gonna take user name and password from user i'll say const username and password it's going to be coming from request and body so what's this request and buddy i'm going to open here postman and here i'm gonna write my route and it's gonna be local host 5000 api and login okay so how i'm gonna send my username and password i'm gonna write here make sure using row here and json here and after that i'm gonna write my username it's gonna be john and password what was that john 0 9 0 8. so basically this is our body and we are going to send our credentials okay to use this body json file i should use one more thing i'm going to come here and say app use and i'm gonna use express and json if you don't use this function you cannot send anything inside body so it's really important don't forget this after that let's comment this out for now and send something to client site which is our postmark for now so i'm gonna say response and json hey it works okay let's see i'm gonna send hey it works perfect so i can take this username and password here let's delete this and open here okay so what i will do is finding this username and password inside our users array oops password here okay so let's find this user i will say const user it's going to be users array and i will say find any user inside this array and i will say return if user and username equals my username of course it's a condition and also user.password should be equal my password okay perfect so i'm gonna say if there is a user if you find this user let's send this user otherwise if there is no user i'm gonna say response status is gonna be error so i'm gonna say 400. json and username or password incorrect okay let's see i will send okay john is here i will make some mistake here okay perfect right now i can use jwt so i'm gonna come here and open new tab and i'm gonna go to my api and here i will say npm install and json web token let's use our json web token so i'm gonna come here and const let's say jwt and it's gonna require our json web token okay right now i can create any token let's come here if there is user we are not going to send instead i will say let's write here comment generate and access token so i'm gonna say const access token i will use this jwt to create a token only thing you should say is sign and after that i'm gonna give my payload it's gonna be id and user.id and one more thing i'm gonna send it's gonna be is admin it's gonna be user dot is admin okay i sent my payload one more thing i need and it's my secret key i'll say my secret key of course it's a terrible secret key you should create your emv file and create really long key and use this but for now it's totally okay right now i can send my user i'll say response json i'm gonna send my username user.username is admin and finally i will send my access token okay let's see i will come here and log in as you can see username is admin and this is our access token let's copy this and come here in the jwt website i'm gonna paste this here as you can see this is our payload id is admin and this is issued at which we created this jwt and this is our algorithm okay perfect i can close here we send idn is admin you can assign your username or any additional information when we create the late route we are gonna check user id and is admin property here and then we are gonna decide whether the user can delete account or not okay so right now what i'm gonna do is using this url api users and it's gonna be our user id this is john and this is jane and it's gonna be delayed method and we are gonna just send our web token which we created in the login process and it's gonna check token it's gonna verify if it's wallet we will be able to delete our account if it's not it's gonna send an error so let's do that i'm gonna create verify function here request response and additionally it's gonna be next so everything will continue after this callback function you will understand better right now what i should do is taking my token we are gonna write our token it's gonna take this token but this is not buddy it's gonna be our header actually if i write here you can understand better i think this is gonna be our key you can write here whatever you want and its value will be our json web token so i'm gonna write here authorization and i'm gonna say const off header it's gonna be request headers and authorization so basically it's gonna check this headers and find this authorization key and take its value so what's our value it's gonna be our access token here i will copy and paste here but before pasting i'm gonna write here bearer and then one space and after json laptop okay let's write here a condition let's say if there is off header if there is a token it's gonna do something here so if there is not token it means we are not authenticated so we can send any error i will say as i'm gonna say response and status will be 401 which is not authenticated so i will say you are not authenticated if there is a token i'm gonna define this token cons token because we used here bearer and our actual token i don't need this part if i split this text according to space we are going to have just power text and our actual token and we are going to take this second part okay let's do that auth header and i'm gonna split this using space and i'm gonna take second part because first one is our part zero and second one is part one so it's gonna choose our actual token so let's verify this token however i'm gonna verify is writing here jwt and verify and i'm gonna send this token it's gonna use this secret key it's really important if you don't send this secret k it can't compare so that's right here and after i'm gonna write here a callback function first one will be our error and second one will be user it doesn't have to be user you can say payload or data or whatever you want basically it just contains our payload here id and is admin so we are gonna use this user okay i will say if there is an error return response status is to be 401 and json token is not white actually it's not 401 because we have token but it's not valid so it's gonna be forbidden it's gonna say okay i see you have a token but i'm sorry something wrong maybe your secret key here or maybe it's expired i don't know but it's not wallet so you cannot reach to data okay so if everything is okay if there is no error i can use this user right now so i'm gonna assign this user to request user and after that i'm gonna say next right now if we create any route here let's say app and delete request it's gonna be again api and users url and here i'm gonna give a parameter it's gonna be user id like we did here api users and user id and right now i can use this verify function this is our middleware so i can use this here verify and after that request and response so right now you can understand this next better basically when we call this url when we make any request before taking this request and response and make any process inside this function it's going to go to verify function here and middlewares are able to reach our response and request for example we wrote here user id it's in the request so which means this verify function can reach this data so it's gonna look our headers take the token and verify it if there is an error it's gonna send this error if everything is okay it's gonna assign this payload and then we are gonna use next and after this next function we are gonna turn back here okay i finished my process let's continue and after that it's gonna take this request and response we can check this user our payload and if the user is admin or its user id equals this user id we can delete the account so let's do that i will say request and user and id if it's you call this parameter request params and user id or if request end user is admin we can delete the account i will say response status is gonna be 200 successful and json user has been deleted so if this user doesn't belong us or if we are not admin we are not allowed to delete this user so i will say as response status is gonna be 403 and json you are not allowed to delay this user okay let's see let's check here again we're logged in and remember johnny's admin here and we are gonna use this token bearer token let's send user has been deleted and also we are allowed to delete chains account i will send as you can see user has been deleted so if i log in here as jane chain i will log in as you can see we are not admin i will copy this and come here i will change this barrier token i will paste and right now i can delete my account perfect but i'm not allowed to play it any other users accounts [Music] you are not allowed to delete this user perfect so if i delete this token let's see we don't have any token and 401 you are not authenticated if we have a token but it's not correct i'll send and it says okay you have a token but it's not valid and it's forbidden perfect it works like that so obviously our application is more secure but there is a problem this token doesn't have any expiration date so it just takes forever just imagine someone steals your token here and it means is able to delete your posts your account anything inside your application that because he has your secret token here so we are gonna add expiration date when we create a access token here i can add my expiration date here i will say expires in and let's say 20 seconds and let's see again i will log in this is my access token and here i'm gonna change this token and this is my id let's see as you can see user has been deleted and i keep doing this and finally token is not valid because it's expired so it's more secure but it comes with an another problem that because when we use an application after login process we have to log in again and again in every 20 seconds so it doesn't make sense to avoid this issue we can use refresh token we are gonna have access token and refresh token when we login access token will be expired in any let's say 15 minutes and when it expires we are gonna automatically call our refresh token and it's gonna regenerate access token and give us it's that simple let's create actually here after users i can do this i'm gonna use another post request i will say app post and i'm gonna say api and let's say refresh and when we call this url then we make request with our refresh token it's gonna regenerate our token and after 15 minutes we are gonna refresh again and again and again perfect so i will say request and response and firstly it's gonna take token from user let's say the refresh token from the user and after that i will say send error if there is no token or if this token is not valid or it's invalid and after that if everything is okay create new access token by the way you can just create access token or you can create refresh token also it totally depends on you let's create refresh also actually token and send to user let's take our refresh token from user i will say const token it's gonna be and body and token so basically when i refresh our token i'm gonna go to body and here i'm gonna pass my token and it's going to be my refresh log and after that let's check if there's an error or not i will say if there is no refresh token actually let's write here refresh token otherwise it can be confusing so i will say if there is no refresh token return response and status 401 and you are not authenticated so how i'm gonna check whether this refresh token is invalid or not so we should store this refresh token anywhere you can use any database or redis cache but we are not going to create them i don't want to waste time i'm just going to create an array here i'll say let refresh tokens it's gonna be empty array and when i create a refresh token i'm gonna push it inside this array and after logout process we are gonna delete this token or if you have access token stolen you can just log out and delete all refresh tokens and he will be not able to reach your account again so by the way after login process we didn't create any refresh token let's create i will copy this actually which will be accessed by the way and it's gonna be refresh token and it's gonna send user id and admin again and right now i can change this secret key i'll say my refresh secret key doesn't matter actually i can create independent functions let's do that i will say const generate access token and it's gonna take user as parameter and it's gonna be let's copy this and paste here it's exactly the same thing so instead of this i'm just gonna call my function i will say generate access token and i'm gonna pass my user so i can do the same thing for refresh token generate refresh token right now i can delete this and create here another function generate refresh token and this time oops it should be jwt sign and here also so let's check everything is okay here or not okay okay it looks nice and here i'm gonna change my script key refresh script key and it doesn't include any expire scene of course i should return them so they are gonna generate tokens and return them here for example and we are gonna use this access token let's copy this and here cons access token it's gonna equal the token which we send here okay and as i said when i create refresh token i'm gonna add this inside our empty array here refresh tokens let's do that i can add this here or here doesn't matter let's add this here clowns refresh token and i'm gonna say refresh tokens and i will say push refresh token after generating token automatically we're gonna push inside our array okay so let's look at our refresh route here if it's not inside our array of db we are going to send another error i will say if refresh tokens array doesn't include this token we are going to return another error response status it's gonna be 403 and i will say json refresh token is not valid so if it's valid let's validate this refresh token i will say jwt and verify remember what we are doing i'm gonna take this refresh token and write my secret key what was my secret key here refresh okay and after validation it's gonna be callback again error and user if there is an error just console lock this if everything is okay we are gonna invalidate this token and create new one new refresh token and access stock what i mean by invalidate i'm just gonna delete inside this refresh tokens array i will say refresh tokens and i'm gonna just filter this it's gonna take every token and if this token is not our refresh token they will stay if it echoes it's gonna delay it from this array okay right now i can create new ones i will say cons access token actually let's say new access token it's gonna be generate access token and i'm gonna pass my user which came from inside our refresh token this is our payload remember and after that i will say new refresh token by the way as i said before you don't have to create new refresh token but i want my application more secure so i'm gonna refresh this token also so right now i can push my new refresh token inside my array i will say refresh tokens and push and new refresh log and finally i can send this as response i will say json let's say first and inside json file i'm gonna pass my new access token and new refresh talk i will say access token equals new access token and refresh token equals new refresh talk that's all let's see okay i need refresh token we send when we login let's check here no we didn't let's right here refresh token i will save and login again okay there are two tokens and when i copy this i come here when i try to refresh i will send and perfect new access and refresh token i tried to send again and as you can see there is an error because it's not valid anymore we deleted this from our array and created new one let's login again and see i'll copy this and paste here so right now whenever i want to change this refresh and access token i should copy this and paste here [Music] as you can see it works perfectly let's try too late in user but before i'm gonna just decrease this time it's not gonna be 15 minutes it's gonna be 30 seconds i will save and login again [Music] i will copy this access token and try to delete my account and this is my access token let's try as you can see i can delete for now but after 30 seconds i will not be able to delete it and after that i'm gonna refresh my token and take new access token and after that i can delete my user let's take this refresh token and paste here i'm gonna regenerate my tokens but before let's try i think we ran out our 30 seconds let's try as you can see token is not valid if i refresh and take new one [Music] let's paste here after that as you can see we can again delete perfect so in this case even you got your tokens stolen they are gonna have just let's say 15 minutes they have to refresh it and generate new one and if you see any suspicious activity you can just delete this refresh token inside db or array and no one will be able to read your data let's do that i will say log out after this login i can say app and post method it's gonna be api and logout and i will say verify because we have to be authenticated and after that i will say request response and i'm gonna take my refresh token inside body and delete it from my db so i will say const refresh token it's going to be request body and token and after that refresh tokens and let's filter it refresh tokens and filter if token is not equal this refresh token and finally we can sign response 200 and json i will say you logged out successfully let's try oops something is wrong here okay verify is under our function let's move it after delete actually it can be okay perfect so i'm gonna login one more time this is my access token i can delete my user it's gonna expire after 30 seconds and i can refresh my tokens again and finally i can log out and inside body i'm gonna pass my token and it's gonna be my refresh token let's take it from here [Music] but before logout let's try to refresh new one i will write here my refresh token and send as you can see i can create new ones and this is my new refresh token [Music] if i write this here and send it's gonna refresh again but before this i'm gonna log out and let's see what's gonna happen you are not authenticated ah okay that because we didn't send our access token because remember we are using here verify let's take this new access token and paste here authorization it's not capital letter okay i will write here bearer and my token let's send again okay it's token and we are taking this token from body everything looks okay ah okay i forgot you're writing my arrow function let's try again i'll send you locked out successfully and if i try to refresh again remember this is our new refresh token i was sent as you can see refresh token is not valid and no one can reach this data perfect i hope it makes sense so that's all for now for api site let's come here and see how we can use this inside our client site okay i created a react application this is our app.js and this is our application basically we are gonna just enter our username and password and it's gonna be our login operation and here as you can see we have username password if there is an error we are gonna set this true if everything is okay we are going to set success true and this is our handle submit function right now i can create my api request here and if you go to package.json i set this proxy as my localhost 5000 api so we are gonna use this url okay so let's use axios i will say const response this request is gonna return us a response i will say axios of course it's async function so we'll await this and i'm gonna say post remember our url it was api and login and after that i'm gonna pass my data let's remember here actually my index file and where is our login okay here so we are sending username and password inside body and it's gonna return us a refresh token access token username and is admin let's do that i'm gonna send my username and password let's check here as you can see we have two inputs here when we change this first input it's gonna set our username and this is gonna save our password okay so after returning response i can set my user here i will say set user it's going to be response and data and we are going to have another div here and it's going to show us two buttons and we are going to see this after setting user data let's see i will write here john and john and i'm gonna login as you can see this is our dashboard welcome to the admin dashboard these are our options i can delete john or jane let's refresh we are not gonna store this anywhere let's login as chain as you can see this is user dashboard that because we have a condition here if user admin is gonna write admin if it's not it's gonna be user okay so how we are gonna delete them as you can see we have two click events here both are calling our handle delay function and it's gonna pass user id which is john's id and this is jane's id okay let's look at this handle delay function it's taking this user id and we have a try catch block let's complete our api request i will say await axios and our method is delayed and our url is let's check here api users and user id parameter let's do that i will say users and my user id which is here as prop so i can say plus id so this is our url so what should i send more let's come here as you can see we have to verify our request which means we should send our access token to do that i should assign here headers property so i will say headers so we are gonna do exactly the same thing we did here inside postman let's come here to late users this is our headers and this is our key and value so i'm gonna set this key and bearer and after that one space and my access token which is user dot access token okay i will save and come to the browser i'm gonna delete chain as you can see user has been deleted successfully but if i attempt to delay john [Music] we are not allowed to delete this user that's because it's not our account and we are not an admin so let's login as john john i'm gonna try to delay john user has been deleted and jane as you can see we can delete jane also perfect so sending access token is that easy i think you understood here but what about our refresh token so i'm gonna create refresh token function here i will say const refresh token and this function will be async because we are gonna make request and arrow function and inside i'm gonna write my try catch block error in case of any error i will just console.log this and let's come here i'm gonna create api request it's gonna be response and await axios let's remember our refresh token route here ok we are passing our refresh token inside token variable let's do that i will say host method and refresh i will say my token it's going to be user dot refresh token and if there is no error it's going to return us this response and we can update our user i will say set user everything will be the same username id and whatever we are just gonna change refresh token and access stock i will say access token it's going to be response and data and access token and one more this is going to be refresh talk okay right now we are able to refresh our tokens about how we are gonna do this automatically because remember our token here expires in 15 minutes after 15 minutes we need to refresh it but we cannot create here any button and say your token is expired please click the button to refresh your token we can't do this for user experience so what i will do is using axios interceptors i will say axios and interceptors and i'm gonna use request method and if i say use it's gonna do something before every request so if you write here response for example it's gonna run after turning a response so right now before sending any request we can check our expiration date if our access token is expired we can just call this function and we can refresh our tokens and send request with new access token i know it can be confusing if you don't know anything about interceptors but it really makes sense you will understand better after giving this example so what i'm gonna change here before making request i'm gonna change my header here to do that i should change my config because config includes our headers so let's do that i will say config it's gonna be async function and i'm gonna create a current date i will say current date and it's going to be new date and right now i should check my access token expiration date how i'm going to reach that data i should decode my token to reach my expiration date to do that we are going to use a library let's open here another terminal i will go to my client site cd client and i'm going to install a library yarn add and jwt decode oops i made a mistake there should be space here so let's call this library i will say import jwt decode from jwt decode ok let's use it i will say const decoded token and it's going to be jwt decode and my access stock let's see actually what we have here i will copy this and just print the console i will open my console and here there is an object and inside our user id is admin and issued at an expiration time so we need this variable here okay so let's delete this and here i can make my condition i will say if decoded token and expiration date and i'm gonna multiply this by a thousand and compare with our current date i'll say current date and i will get time so basically we said if expiration time is smaller than current time it means our token is expired and we should refresh it and get new one let's call this refresh token function which we created here and after that it should return us our new access and refresh token and we will be able to use this inside our config and headers so i will write here return response and data remember it returns us a new access token and refresh token and i can use those tokens i will say const data a way to refresh token function and after that i'm gonna update my headers i will say config and headers and what's our header remember here authorization i'm gonna use it and my new value will be bearer and space and my new token it's gonna be data dot access talk right now i can return my token right now i can return my config and one more thing it can be any error if any error occurs i should just reject my promise basically we say if there is an error just cancel everything i'm gonna say return promise dot reject and error okay let's try to see this of course i should decrease this expiration date it's not going to be 15 minutes it's gonna be just five seconds and here let's comment this out first and see and let's run our application again i will say john i'm gonna delete john as you can see it's successful i'm gonna delete again you are not allowed to delete this user that because your access token has been expired perfect so if i open this i have to refresh my application again but there will be another problem here but because this is our login api request but actually we don't need to use any interceptors we don't need to refresh token or check this token that because we don't have any user yet so what i will do is creating new axios instance you can create as many axios instance as you want for example for authentication requests for get requests that we don't need to use any jwt token i'm gonna create another instance so i will say const axios let's say jwt or axios with authentication or whatever you say and i'm gonna write axios dot create and that's all so right now i don't have to use this common axios instance instead of this i'm gonna use my new instance so i will copy this and paste here so where i'm gonna use this inside handle delete it's not gonna be axios is gonna be axios jwt but for login we are not gonna use it that because we don't need to refresh any token or verify our identity it's just a login process okay let's save and refresh our application right now i will log in again john and my password i'm clicking deleted after five seconds i'm clicking again as you can see it's still successful that because we refreshed our access token again i'm deleting successful [Music] perfect [Music] so whenever i make a request it's gonna check our time and if our token is expired it's gonna refresh token and set our headers again perfect so i will refresh page chain i'm trying to delay chain after five seconds perfect if i try to delete john we are not allowed awesome i hope you understood how to implement jwt inside react application by the way it's not an only option some of people sets response here instead of request and they are sending requests first and when they get a response they check their error code and if it's expression error they just call this refresh token function and set their headers again and send the request again but in my opinion this is the better option that because before sending any requests we are checking this inside our client site so it's the less expensive solution i think okay we finished this tutorial in the next video we are gonna keep doing our amazing projects so make sure that you subscribe to the channel if you learned something new today please like the video so i hope i will see you in the next tutorial goodbye you

Info

Channel: Lama Dev

Views: 159,499

Rating: undefined out of 5

Keywords: jwt, json web token, jwt react, jwt node, jwt auth, jwt authentication, jwt authorization, jwt login, jwt course, jwt tutorial, learn jwt, jwt refresh token, jwt axios, axios refresh token, react.js, react, react auth, react cookie, react session, react jwt tutorial, node cookie, node session, node jwt tutorial, react security, jwt security, advanced react

Id: Yh5Lil03tpI

Channel Id: undefined

Length: 62min 53sec (3773 seconds)

Published: Sat Jun 19 2021