Thank you Milan, I follow your videos Authentication & Authorization playlists and implement it on my current project, it's work great. And your CA template is great.
Let's presume that there is specific set of actions which user should not be able to do until email is verified. For example: CreateOrder. How would you suggest to check if user has permission to do it? Put EmailVerified true claim inside a JWT or other options? Because retrieving user from database and checking if EmailVerified every time can be consuming operation.
| Put EmailVerified true claim inside a JWT or other options? Exactly, that would the easiest way. I actually have a video coming up next week that will cover JWT and claims, and this is one of the points I bring up.
Thank you I’ve been thinking about how to implement this on my api but you’ve just saved me a ton of work 😅 Can you also do refresh tokens for jwt authentication?
great video, what happen if the user was registered but the verfication token was rejected because it expired, you need another endpoint to resend the email to verify the user
Hey Milan awesome stuff my train ride every morning is not wasted now, i see you using the link generator to add query params and generate the link is it possible to do that for route params as well for rest endpoints?
Can you not generate the code store it in the http session and for it to scale well, use redis, rather than the database. This way, you can set cache expiration, which will effectively delete the code. Then, the user receives an email and enters the code.
Unfortunately FluentEmail seems dead. It hasn't been updated in two years (since 2022), is still being built with .NET Core 3.1 and contains some DI bugs when using it with the MailKitSender. It's a nice Project though but if it stays dead, sooner or later I'll need to find a replacement. I'll probably revert back to plain MailKit although the RazorRendering will be missed.
@@MilanJovanovicTech I will when I'm completely sure of the change. I need time for studying the code base to see if the change I think should be done is the correct one for everyone not just for me. Unfortunately, I don't think the PR will be acted on because as I said, there is no activity on the repo for a long time.
Do you want to simplify your development process? Grab my free Clean Architecture template here: bit.ly/3Andaly
Thank you Milan, I follow your videos Authentication & Authorization playlists and implement it on my current project, it's work great. And your CA template is great.
Your videos are as always great. Please keep up the good work.
Thanks, will do!
I was going to implement email service to my side project, it's perfect timing.I also enjoyed video.
Glad it was helpful!
It was great as ever, Milan. Thanks!
Awesome
Most useful content thank you Milan
My pleasure!
Very good! Thank you for producing great content.
Glad you enjoy it!
Best Tutorial!
Glad it helped!
I've been waiting for this
Thanks and regards, Milan
Glad I delivered 😁
@@MilanJovanovicTech 🥰
Impactful content. Would be great to learn more about PaperCut and inspect source code, if it is possible.
Noted!
Let's presume that there is specific set of actions which user should not be able to do until email is verified.
For example: CreateOrder. How would you suggest to check if user has permission to do it? Put EmailVerified true claim inside a JWT or other options? Because retrieving user from database and checking if EmailVerified every time can be consuming operation.
| Put EmailVerified true claim inside a JWT or other options?
Exactly, that would the easiest way. I actually have a video coming up next week that will cover JWT and claims, and this is one of the points I bring up.
@@MilanJovanovicTech looking forward mate
Hello
Will you make a video using external/third party auth using something like Google or Facebook?
That might be something I cover, yes
Thank you I’ve been thinking about how to implement this on my api but you’ve just saved me a ton of work 😅
Can you also do refresh tokens for jwt authentication?
Probably, but need to cover some other videos first
great video, what happen if the user was registered but the verfication token was rejected because it expired, you need another endpoint to resend the email to verify the user
@@haroldpepete Exactly. So just extract the token generation logic to make it reusable.
Hey Milan awesome stuff my train ride every morning is not wasted now, i see you using the link generator to add query params and generate the link is it possible to do that for route params as well for rest endpoints?
Yes, it should work just fine
but have you increased the minimum cost of the Patreon subscription for access code ?
Yes, just last month
Can you not generate the code store it in the http session and for it to scale well, use redis, rather than the database. This way, you can set cache expiration, which will effectively delete the code. Then, the user receives an email and enters the code.
Why introduce an entire infrastructure component (Redis) to achieve the same functionality?
@MilanJovanovicTech Suppose you are right, but if I did have a redis instance or cluster, I would probably use that way
Unfortunately FluentEmail seems dead. It hasn't been updated in two years (since 2022), is still being built with .NET Core 3.1 and contains some DI bugs when using it with the MailKitSender. It's a nice Project though but if it stays dead, sooner or later I'll need to find a replacement. I'll probably revert back to plain MailKit although the RazorRendering will be missed.
Why not make a PR?
@@MilanJovanovicTech I will when I'm completely sure of the change. I need time for studying the code base to see if the change I think should be done is the correct one for everyone not just for me. Unfortunately, I don't think the PR will be acted on because as I said, there is no activity on the repo for a long time.
Ha. Nice. being using papercut for 4 years
Pretty cool tool