![What are JSON Web Tokens? JWT Auth Explained [Tutorial]](https://i3.ytimg.com/vi/x5gLL8-M9Fo/maxresdefault.jpg)
What are JSON Web Tokens? JWT Auth Explained [Tutorial]
video description
Date: 2022-03-14
Related videos
Comments and reviews: 7
Mudahemuka
Hello -freecodecamp
Thanks for ur interesting and best remarkable courses you provide
but during using the refresh token to create new accesstoken, on frontend for me once I refresh the it takes me back to the login page
just help me to solve that thanks best regards
Here is my endpoint for the refreshtoken
app.post(-/refresh_token-, async (req, res, next)=>--
const token = req.cookies.refreshToken;-
//if there is no token-
if(!token) return res.json(-accessToken: ''-);-
//if we have token-
let payload = null;-
try --
payload = jwt.verify(token, process.env.REFRESH_TOKEN_SECRET);-
- catch (error) --
return res.send(--
accessToken: ---
-)-
--
//let's find the user-
let user = await User.findById(payload.userId);-
if(!user) return res.json(-accessToken: ---);-
if(user.refreshToken!==token) return res.send(-accessToken: ---)-
let accessToken = createAccessToken(user._id);-
let refreshToken= createRefreshToken(user._id);-
user.refreshToken = refreshToken;-
sendRefreshToken(res, refreshToken);-
return res.send(- accessToken -);-
-)
reply
Hello -freecodecamp
Thanks for ur interesting and best remarkable courses you provide
but during using the refresh token to create new accesstoken, on frontend for me once I refresh the it takes me back to the login page
just help me to solve that thanks best regards
Here is my endpoint for the refreshtoken
app.post(-/refresh_token-, async (req, res, next)=>--
const token = req.cookies.refreshToken;-
//if there is no token-
if(!token) return res.json(-accessToken: ''-);-
//if we have token-
let payload = null;-
try --
payload = jwt.verify(token, process.env.REFRESH_TOKEN_SECRET);-
- catch (error) --
return res.send(--
accessToken: ---
-)-
--
//let's find the user-
let user = await User.findById(payload.userId);-
if(!user) return res.json(-accessToken: ---);-
if(user.refreshToken!==token) return res.send(-accessToken: ---)-
let accessToken = createAccessToken(user._id);-
let refreshToken= createRefreshToken(user._id);-
user.refreshToken = refreshToken;-
sendRefreshToken(res, refreshToken);-
return res.send(- accessToken -);-
-)
reply
Captain
I never comment a video before, but I do it only for FCC, you are the light of a dark time, I'am sorry for not being able to make a donation, I live in a country where the online payment card are forbidden , where the technology and learning are just for governor's sons and the rich people , thanks you for the knowledge and you gave me hope after having lost you are the best school that I never could have with teachers that I never knew IRL, I'm sorry for not being able to make a donation, one day I will be the best,
free camp code --dear guardian of science
reply
I never comment a video before, but I do it only for FCC, you are the light of a dark time, I'am sorry for not being able to make a donation, I live in a country where the online payment card are forbidden , where the technology and learning are just for governor's sons and the rich people , thanks you for the knowledge and you gave me hope after having lost you are the best school that I never could have with teachers that I never knew IRL, I'm sorry for not being able to make a donation, one day I will be the best,
free camp code --dear guardian of science
reply
Akash
I learned a LOT from this tutorial! Not just about tokens. I learned about other things I'm new to: REST, React, CSS, HTML. Even things that were NOT explicitly part of the course I learned about: e.g. cool VSCode shortcuts. I couldn't figure out how to use POSTMAN so I was forced to figure out how to use cookies with cURLs! All super-valuable! I will definitely seek out other courses by this instructor.
reply
I learned a LOT from this tutorial! Not just about tokens. I learned about other things I'm new to: REST, React, CSS, HTML. Even things that were NOT explicitly part of the course I learned about: e.g. cool VSCode shortcuts. I couldn't figure out how to use POSTMAN so I was forced to figure out how to use cookies with cURLs! All super-valuable! I will definitely seek out other courses by this instructor.
reply
Ratna
If iam logged in a website through auth redirect url token in one browser and again if iam logged in the same website in another browser, it creates another different url token for login . Then which url token will be registerd or tracked by that website ? either First one or next one..?? Thankyou for ur valuable answer in advance..!!
reply
If iam logged in a website through auth redirect url token in one browser and again if iam logged in the same website in another browser, it creates another different url token for login . Then which url token will be registerd or tracked by that website ? either First one or next one..?? Thankyou for ur valuable answer in advance..!!
reply
z.x
Hi,
After log out, when I will use old access token (which should be invalid, from backend point of view), I'm taking protected data. Is it something missing in the tutorial? Or that is all well known and anyone should add next level for checking access token before returning protected data?
Or, this is how it should works?
reply
Hi,
After log out, when I will use old access token (which should be invalid, from backend point of view), I'm taking protected data. Is it something missing in the tutorial? Or that is all well known and anyone should add next level for checking access token before returning protected data?
Or, this is how it should works?
reply
Quince
Hello, In my refresh_token route, My token is successfully set, but when i'm trying to request it. And im console.log it out. it return undefined? How can i solve this please
reply
Hello, In my refresh_token route, My token is successfully set, but when i'm trying to request it. And im console.log it out. it return undefined? How can i solve this please
reply
Ricardo
How to persist the authenticated state after a page refresh?
No GET api/url performed to refresh the token, just hit F5
Edit: use a refreshToken
reply
How to persist the authenticated state after a page refresh?
No GET api/url performed to refresh the token, just hit F5
Edit: use a refreshToken
reply
Add a review, comment
Other channel videos
