วีดีโอ

JS doesn't belong on the backend mate!

Thank you. ❤

EXPLAINED WOUNDERFULLY! THANKS A LOT!

thanks!

Why do we moved to this kind of big tech thrid party fucking payed login system? Just keep your user in your database and every time one user log-in it ask for a token (that has an expiration time) than can now be use by the frontend to fetch the fuck it need. All those layer of fake security introduce only more complexity and more layer of possible failure or human error. Keep in mind that we are not running bank (and not even bank use those fucking systems)but 99% of us are running fucking website and note apps. and dont use the fucking PaaS or cloud or fucking shit overpriced that the industry convince coding monkey to use, just use a fucking VPS and if you need use also a CDN. Fuck this programming industry and fucking garbage language and framework like react ecosystem. Just program dont spent your time learning fucking slave instrument and mental masturbation system deseigned as gucci clothing to create a urge of need and run tech buisneeses with the money you give them and train fucking AI with the data you give them. I hate programmers so dumb and they feels so smart with their ununderstandable documentation and their fear to re-write the weel. Frankly said you are a waste of oxygen and mass producer of carbon-dioxide to maintain fucking inefficient and useless systems not to mention that 50% of all apps probably don’t even need to use https over http, wtf an hacker will do with the agar.io information of one user? Ridiculous

Excellent explanation, thank you!

on my wordpress website -chrome on my phone says not secure, safari on laptop also says not secure but my SSL certificate is good i checked. also chrome on my laptop doesn't say not secure. I went to inspect >console on website and this error was there but I don't know what it means or where the error is located. The Source Location is blank - "Content Security Policy of your site blocks the use of 'eval' in JavaScript` The Content Security Policy (CSP) prevents the evaluation of arbitrary strings as JavaScript to make it more difficult for an attacker to inject unathorized code on your site. To solve this issue, avoid using eval(), new Function(), setTimeout([string], ...) and setInterval([string], ...) for evaluating strings. If you absolutely must: you can enable string evaluation by adding unsafe-eval as an allowed source in a script-src directive. ⚠ Allowing string evaluation comes at the risk of inline script injection. 1 directive Source location Directive Status script-src blocked

Wonderful explanation

Thank You so much . I have complete a task. by following for video.

thanks! well prepared and informative, made my life much easier :)

So if im understanding this correctly, this just prevents loading scripts, from sources not allowed by the CSP. But an attacker could still use an inline script tag to run any javascript they could fit everything they need within the comment box (assuming stored and in a comment input)?

Thank you for explaining it in such detail. I looked for many videos for CORS explanation and yours might be one of the best ones.

thank you buddy ! :)

Great video! Short and simple explanation to share with colleagues and not look like an alien trying to explain it.

My hero

Thank you. Is there a way to add text on a loaded image without first doing it with canvas? Adding text on the image directly with pdfkit

fantastic explanation, thank you!!

How is this different from hashing passwords with salt? hash('sha256', 'My Password'.$salt)

one of the best video,I have seen about oauth 2.0

Best explanation for PKCE, Thanks so much

Thank you for the video, Jan.

Just to answer the question in min 12: Yes, a JWE video would be great (if you haven't already done it)

One of the best explanations about OAuth, thanks a lot!

Great video. I would also mention that the structured token has an expiration date. So if a token is revoked at the auth server but the resource server doesn't introspect, at least the resource server will only accept the token until it expires anyway.

Short but a Beautiful explanation of PKCE with OAuth. Thanks

Great video.

Damn clients...just unable to keep things confidential

Great video ,simple and directly into the point thanks a lot.

I have a question, while redirecting at very first time to Athorization server, we pass code challenge and the method with which it is hashed, if anyone steals that information then it can easily decrypt the original Code verifier and next time it can steal the Authorization Code and send the same code verifier string.

Perfect video! Only thanks to that I`ve understood why is token introspection sometimes needed with jwt tokens. Thank you very much!

Saved my project. Thanks.

Great video!

great explanation, it took a while to find one. You put it in a visual way and your explaination skills are like a teacher. ... you deserve a good old massaging of the balls.

I can not be grateful enough. This is my first comment ever on TH-cam. You are indeed a great Teacher!

hey i get that oauth2 is required by third party to access api, example when i say continue with google for the first time it will get my email name profile photo and all, this will help in getting those data and creating user but how login happens with "login with google" button.

Yes, I noticed times and again that whoever wrote the specification did not really go over them logically and make sure there was no overlap. The explanation here was good. The reality though is staggering as developers who never read the spec "REST-ful", or should I say REST-like code. Of course, I can't blame them - they are constantly assigned 2.5 their possible workload ALL the time. So who has time to read the spec!? The managers just wants them to close the tickets, so the report looks good.

Hi! Is it possible concatenate some custom log in the end of main log for each route?

Great stuff ! Thank you very much !

So you're saying it's just for displaying something immediately on the callback UI to reduce API calls? seems pretty pointless unless it's does something else.

thankssss

Wenn ich doch nur wüsste, wie man diese blöden Konfigurationsprofile (p12) mit Zertifikat & Key für iOS/iPadOS erstellen könnte. Bei macOS klapppt der Import in die Keychain über das Terminal. Doch wie macht man das bei iOS, wenn man mTLS in Safari zum Login nutzen möchte? Jemand eine Idee? Hab schon verschiedene Ansätze ausprobiert, alle sind gescheitert. 😞

Very good!

So well explained , thank you so much and just keep goin'.

Message digest algorithms don't use secret keys, where HMAC is a combination of a secret key and a hash function.

This makes me believe I am not dumb.

Great explanation.

Good video but really bad EQ, I had to really crank down 125HZ cut to keep the floor from shaking :/

Excellent video! Not verbose and tedious like many others, and very informative. The only small nit I have: at 4:45 you say "we will learn about the response type in a minute" but then I don't think you ever talk about it. You do talk about Grant Types which are related (I think?) but not response type.

Nice video and I think of using Oauth for the project am working on now but I want to ask a question. Did I need to pay or add my credit card before I can use it?

Explained well! Thank you.