These videos are quite nice and serve as a great guidance! However it would be amazing if you could also give short explanations on what's happening in the background and shed light on some of the in-built DRF functionalities to make everything a bit clearer! Keep up the good work! :)
Sorry for silly question. If I want to make forms in React app for registration and login so I may not to implement UserCreationForm and UserChangeForm alright ?
Thank you mush Piko your video help me to understand the process of backend in Django and frontend in React, but I have question regarding the the forms, login and register is necessary to use CSFT to avoid vulnerabilities or only using JWS. I other words we need to protect the forms. Thank you again for your explanation : )
Hello, thank you for you comment. I am glad my video helped. Incorporating CSRF protection is indeed important. One common approach is to use CSRF tokens in your React application and include them in the headers of your requests to the Django backend. Django provides a view (django.middleware.csrf.get_token) that you can use to retrieve the CSRF token. You can read more about that in Django's Official Docs: docs.djangoproject.com/en/5.0/ref/csrf/
@@khalidbouychou I made a newer DRF-Auth tutorial where tokens are stored http-only cookies in the backend: th-cam.com/video/TS1v_-ppICk/w-d-xo.htmlsi=_rECEtNHL1K6BN7x A tutorial about handling images in DRF could be interesting, I will consider it.
Piko, another question. Why are you implementing your custom login API view when we have /api/token/ endpoint and we have an opportunity to send our email and password to pass authentication? Now I’ve implemented my custom backend where I receive an email and password and try to authenticate. Thus we haven’t to write any custom login view. All right?
You’re right that /api/token/ can handle authentication. However, I implemented a custom login API view with a custom serializer to address some specific needs that /api/token/ doesn’t fully cover. For example, the custom serializer not only validates the user's credentials but also checks if the user is active before issuing tokens. It also returns user details like ID, email, and username alongside the tokens. It also provides error handling. That being said, if /api/token/ meets all your requirements, there’s no need for a custom view.
Using local storage for tokens like JWTs is commonly used however it is sometimes regarded as risky because it can be compromised through XSS attacks; Ensuring your site is free from XSS can mitigate this risk.
@@PikoCanFly thank u . i saw in an article that we can use httonly cookies, will u be able to do a video on that . also in this project token is getting expired , how can we implement proper refreshing in react like axios intercepors or authcontext with jwtdecode and timer to refresh ,
These videos are quite nice and serve as a great guidance! However it would be amazing if you could also give short explanations on what's happening in the background and shed light on some of the in-built DRF functionalities to make everything a bit clearer! Keep up the good work! :)
I would like you publish more videos about django, you helped me with another videos...thanks very much. Greetings from Arica, CL ❤
Very happy to hear the videos helped! 😃
Thank you for your encouraging comment! 😊
This video gave me another life, thank you very much :')
New subscriber, you have very good content
Thank you so much
Thank you for the simplicity of this video. Pls how do we handle the access token when it expires to avoid login out the user
Amazzzing....thank you so much
I am so glad you like it! 😊
Thank you very much, I loved the project
You are very welcome! Glad you liked it! 😊
Great. Can you modify it such that we use cookie which is more secure compare to localstorage?
This was the simplest tutorial
Glad you found it helpful. :)
@@PikoCanFly Please make more content around Django rest framework and React Js
Sorry for silly question. If I want to make forms in React app for registration and login so I may not to implement UserCreationForm and UserChangeForm alright ?
It's not a silly a question, but the forms are server side for customizing user management in the admin.
Thank you mush Piko your video help me to understand the process of backend in Django and frontend in React, but I have question regarding the the forms, login and register is necessary to use CSFT to avoid vulnerabilities or only using JWS. I other words we need to protect the forms. Thank you again for your explanation : )
Hello, thank you for you comment. I am glad my video helped. Incorporating CSRF protection is indeed important.
One common approach is to use CSRF tokens in your React application and include them in the headers of your requests to the Django backend. Django provides a view (django.middleware.csrf.get_token) that you can use to retrieve the CSRF token.
You can read more about that in Django's Official Docs:
docs.djangoproject.com/en/5.0/ref/csrf/
why u save tokens in local storage instead of cookies from back end ... and we want video about handling images in DRF ..... thanks
@@khalidbouychou I made a newer DRF-Auth tutorial where tokens are stored http-only cookies in the backend:
th-cam.com/video/TS1v_-ppICk/w-d-xo.htmlsi=_rECEtNHL1K6BN7x
A tutorial about handling images in DRF could be interesting, I will consider it.
Piko, another question. Why are you implementing your custom login API view when we have /api/token/ endpoint and we have an opportunity to send our email and password to pass authentication? Now I’ve implemented my custom backend where I receive an email and password and try to authenticate. Thus we haven’t to write any custom login view. All right?
You’re right that /api/token/ can handle authentication. However, I implemented a custom login API view with a custom serializer to address some specific needs that /api/token/ doesn’t fully cover. For example, the custom serializer not only validates the user's credentials but also checks if the user is active before issuing tokens. It also returns user details like ID, email, and username alongside the tokens. It also provides error handling. That being said, if /api/token/ meets all your requirements, there’s no need for a custom view.
@ , thank you for fully answer 😇 Btw, Happy New Year 2025 !)
@Munchen888 No problem. Happy new year!
Great video, can you add or show us in a video how to store the tokens in state other than local storage.😊
Since it'll help secure user's information
Awesome! ❤
Thank you!
thats amazing please can you add a video on how we can deploy this on server?
Thank you! I am considering making videos on deployment at some point in the future - I have a long to do list though so fingers crossed 😅
home.jsx i was getting forbidden error for user info api
is this how profuction grade live projects do auth too , do they set items like this in localstorage
Using local storage for tokens like JWTs is commonly used however it is sometimes regarded as risky because it can be compromised through XSS attacks; Ensuring your site is free from XSS can mitigate this risk.
@@PikoCanFly thank u . i saw in an article that we can use httonly cookies, will u be able to do a video on that .
also in this project token is getting expired , how can we implement proper refreshing in react like axios intercepors or authcontext with jwtdecode and timer to refresh ,
should venv folder stay inside django project or along with it outside
Outside. In your project's root directory.
i have not started the project but does doing this give us session also like i want the app to have user logged in . i am a beginner
Yes this project features JWT sessions and authentication management.
Большое спасибо за помощь в обучении
very helpful video (yeaaah cool ) lady
Glad it was helpful! 😃
Can you make a video on Stripe payment gateway on Django REST Framework and React with Vite.
Hey I know it's been ages but this is the first time I see this comment. This is a good suggestion. I will definitely think about it. 😊
loved it
🙏😊
hy pico i am here your subs
Mam increase your code font size
Will do for future videos 😊
i love you