The thing I love about this playlist is using simple language, very easy to understand and please always give the scenario of how things work at enterprise level in your future video.😌
I thought the same even though I used to do the same in my MERN stack projects what shubham has asked But Thanks Piyush for getting us more clear on it also I found that OAuth and NextAuth use the same technique while authenticating users on each request they utilize tokens stored in the cookies and get users' data from it! Very very useful topic you have covered
If you encounter this error: Cannot read properties of undefined (reading 'split'), Follow the given steps: 1. first make changes only to handleLogin controller and send token as json instead of setting a cookie. 2. Now in postman, make POST req to /user/login and generate a token. 3. Now make change to our middleware functions i.e to checkAuth and restrictLogin middlewares. 4. And now finally make GET req to homepage and set the authorization header in postman. Reason: If you make changes to the middlewares first and then try to generate the token it will result in error because we don't have authorization header during initial token generation and the checkAuth middleware is still executed. Hence generate the token first and then make necesarry changes in the middlewares. Hope it helps!
16:10 what are you trying to do 🤔 According to mdn Fir domain value - "Only the current domain can be set as the value, or a domain of a higher order" "A cookie for a domain that does not include the server that set it should be rejected by the user agent."
21:06 but token match karne ke liye database access chahiye hoga na har bar request aane par!!..........to problem to same hi rahi jo aapne video ke starting me kaha tha
Sir i have a doubt because 11:04 you have directly providing user from jwt token but if the user is deleted from database but the user can still access logged in content.
getUser function doesnt "provide" user directly, it decodes the user data that was signed, i.e. id and email, adds it to req.user (code under restrictToLoggedInUser ) and finds that info from the database for each req, you can check the code at router.get('/'..) under staticRouter,
The authorization header is not present by default in the POST request in postman and hence you can get the error: Cannot read properties of undefined (reading 'split') as there's no authorization header present, you have to set the header in the Headers tab manually as "Authorization" and set its value to null so that it can be used further in the middleware functions.
Thank you for this tutorial - you have make an overview video about architecture of SSO (single sign on) authentication - if possible, can you make a full coding tutorial of SSO (basic only will do).
im facing problem regarding non existing authorization header in server side gives Cannot read properties of undefined (reading 'split'), though using res.set('Authorization', `Bearer ${token}`); inside handleUserLogin async function to set the valus, help me to debug it any one...
Agr hum Map or database ko combined use kry tu excess database request ka issue ni hoga, first time jab user login hoga tu map ma bhi or database ma bhi store hoga or getuser ma hum check laga day ka agr user exist krta ha map ma tu database sa query na kry or agr map sa ma ni ha tu database sa query kr kay usko map store krdy for further request verification
Hi Piyush, maine ek website banai hai jiska server or client different domain pe hai but jab mai sever me cookies ke option me domain ko apne client ke domain pe set karta hu, tab bhi cookie send nahi ho rahi. I've also used cors for cross platform sharing. kya browser ka kuch default behavior hota ki third party client par cookie send nahi karna? meanwhile maine localstorage me token send kar diya, but mai cookies me token send karna chahta hu..
@@BiGryuuu add with credentials: true in your frontend code and in backend use cors ( app.use(cors({ origin : '*', credentials: true, })) I think this might work for you
sir in my code it is showing can't read the properties of undefined after i switched to response section after cookie section, i copied exactly your code but it is not working, if someone know please help
Bro! You have to set your headers on your own like this that contain Authorization property here is the example! const headers = { 'Authorization':'Bearer ', 'Content-Type:'application/json', // just an example property you can add more property as you want! } now you can pass this header with your fetching methods like fetch or Axios Hope you get it
if one user logs in, but second user comes and copy your Authorization Bearer token or Cookie..... and that 2nd person then requests in the backend from his own laptop via the copied token/cookie. In this case, how to make it more secure ???? Can you please walk through this scenario ?
@@ArpitJain-kc7bl you don't have a choice to include it or not it's just how it's written whenever you'll pass the token in headers it will always be attached with word bearer
Bhaiya please make a video on cross site in which authorization header is sent to the backend my malicious website and produce hacking in the backend :)
Thanks sir taking my doubts..it's clear now
The thing I love about this playlist is using simple language, very easy to understand and please always give the scenario of how things work at enterprise level in your future video.😌
Excellent Videos Piyush... Explaining it in such a simple way.. makes it so easy
I thought the same even though I used to do the same in my MERN stack projects what shubham has asked
But Thanks Piyush for getting us more clear on it also I found that OAuth and NextAuth use the same technique while authenticating users on each request they utilize tokens stored in the cookies and get users' data from it!
Very very useful topic you have covered
Bro you are explaining very deep things in practical superb bro 🎉🎉
Bro just don’t stop posting videos u r just amazing tutor❤
This tutorial of nodejs is more useful to any other paid tut .
Thank you so much sir such a amazing series ❤️ 🙌 👏
No words, how you explain deep fully, at each word meaning fully explain😊 Thank you, Create An TH-cam channel and share your knowledge📚
Thank You Sir, It was one of the Best explanation of cookies on youtube.
Got to know many things this video thank you for the lecture😇😇
literally no words for uh bro !...excellent explaination 😃😃
If you encounter this error: Cannot read properties of undefined (reading 'split'), Follow the given steps:
1. first make changes only to handleLogin controller and send token as json instead of setting a cookie.
2. Now in postman, make POST req to /user/login and generate a token.
3. Now make change to our middleware functions i.e to checkAuth and restrictLogin middlewares.
4. And now finally make GET req to homepage and set the authorization header in postman.
Reason: If you make changes to the middlewares first and then try to generate the token it will result in error because we don't have authorization header during initial token generation and the checkAuth middleware is still executed. Hence generate the token first and then make necesarry changes in the middlewares.
Hope it helps!
still getting the same
@@Spotlight_Gaming same issues
Great work, it has compelled me to like and subscribe.
Thanks bhaiya for the video tutorials. 🥳🥳🔥🔥🤘🤘
You're welcome 😊
Thanks for the video 🔥✨
My pleasure!
i can't set cookie by res.cookie
use cookie parser and if you work on react and node you need to use cors package
@@sawaregamer8815I am also not able to set cookies using react. I have used both cookie parser and cors package.
Use res.cookies
Thank You Piyush For this great video!!! ; )
that was so useful and deep knowledge for newbie. awesome bro ❤.
Amazing explaination bro ❤👏🏻
Thank you so much for sharing this. Very good explanation :)
can you explain refresh token and access token?
excellent explanation brother
Good explanation👍
16:10 what are you trying to do 🤔
According to mdn
Fir domain value -
"Only the current domain can be set as the value, or a domain of a higher order"
"A cookie for a domain that does not include the server that set it should be rejected by the user agent."
superb bhai...
Thanks bro..excellent video .really helpful
U got one subscriber ❤
Thank you so much ❤️
From where you learn all this so well??
22:28 -->changes happen
2:00 what about storing user with their session id in redis instead of db
what is the difference? what does reddis do?
21:06 but token match karne ke liye database access chahiye hoga na har bar request aane par!!..........to problem to same hi rahi jo aapne video ke starting me kaha tha
Sir i have a doubt because 11:04 you have directly providing user from jwt token but if the user is deleted from database but the user can still access logged in content.
getUser function doesnt "provide" user directly, it decodes the user data that was signed, i.e. id and email, adds it to req.user (code under restrictToLoggedInUser ) and finds that info from the database for each req, you can check the code at router.get('/'..) under staticRouter,
The authorization header is not present by default in the POST request in postman and hence you can get the error: Cannot read properties of undefined (reading 'split') as there's no authorization header present, you have to set the header in the Headers tab manually as "Authorization" and set its value to null so that it can be used further in the middleware functions.
Thank you for this tutorial - you have make an overview video about architecture of SSO (single sign on) authentication - if possible, can you make a full coding tutorial of SSO (basic only will do).
Really good video but It would be good if you compare localstorage vs cookies which is better, limitations like that.
Bro you are great>>>
im facing problem regarding non existing authorization header in server side gives Cannot read properties of undefined (reading 'split'), though using res.set('Authorization', `Bearer ${token}`); inside handleUserLogin async function to set the valus, help me to debug it any one...
Too good brother
But jwt be to scrent check krna ka liya br br new page reload phr datbase wala sa match krta ha?
in browser based applications, in industry standard for authentication tokens are sent through cookies or response?
how to get this code
Agr hum Map or database ko combined use kry tu excess database request ka issue ni hoga, first time jab user login hoga tu map ma bhi or database ma bhi store hoga or getuser ma hum check laga day ka agr user exist krta ha map ma tu database sa query na kry or agr map sa ma ni ha tu database sa query kr kay usko map store krdy for further request verification
you should set the headers in ejs files only ,whats the use of creating them if we have to use postman only
19:35 reponse
kaise ho pankaj sir ham bhi yhi se padh rhe😁
Sir please tell us about new react JS series any idea when it's starting?
Thank you so much bro
Hi Piyush, maine ek website banai hai jiska server or client different domain pe hai but jab mai sever me cookies ke option me domain ko apne client ke domain pe set karta hu, tab bhi cookie send nahi ho rahi.
I've also used cors for cross platform sharing. kya browser ka kuch default behavior hota ki third party client par cookie send nahi karna?
meanwhile maine localstorage me token send kar diya, but mai cookies me token send karna chahta hu..
Bhai solution mila kya
@@JatinBedi69did you get any solution?
Sir I am sending cookie by res.cookie and 'm able to see that cookie in network but not in application-->Cookies
Did you find any solution for this problem?
@@DineshKumar-gt7xm did you?
@@BiGryuuu add with credentials: true in your frontend code and in backend use cors ( app.use(cors({
origin : '*',
credentials: true,
}))
I think this might work for you
sir in my code it is showing can't read the properties of undefined after i switched to response section after cookie section, i copied exactly your code but it is not working, if someone know please help
Adhyapak Diwas ki Shubhkamnaein! 🙏😇
Thank you so much 😄
How can I get a token set in cookies in browser
I didn't get authorization in req.headers, where am I wrong?
bhaia do you have short notes of this lecture
but first time in mobile device we have to login how can we send token in request in first time does it not required?
First time we need to login, after successful login server provide us token and subsequent we use provided token by server to communicate server
how we can take user information from tokens Piyush Garg
I am not getting authorization in the headers. Why?
Another potential concern might arise when dealing with stateful authentication in the context of load balancing.
Hi.. Need your help.. My req.headers does not contain authorization property
Bro! You have to set your headers on your own
like this that contain Authorization property here is the example!
const headers = {
'Authorization':'Bearer ',
'Content-Type:'application/json', // just an example property you can add more property as you want!
}
now you can pass this header with your fetching methods like fetch or Axios
Hope you get it
well if you're using postman then you've to set the bearer token by going in headers
if one user logs in, but second user comes and copy your Authorization Bearer token or Cookie..... and that 2nd person then requests in the backend from his own laptop via the copied token/cookie. In this case, how to make it more secure ???? Can you please walk through this scenario ?
He has said in his video that do not pass exact jwt token in cookie. Encrypt the token before passing it to the cookie
Thanks for the video sir
Tenks😊 gruudev
What is the need to send bearer, as it is getting split
It's a way in which bearer token is designed
@@pratyushpragyey7002 is it just to make code readable or it is compulsory
@@ArpitJain-kc7bl you don't have a choice to include it or not it's just how it's written whenever you'll pass the token in headers it will always be attached with word bearer
@@pratyushpragyey7002 Okay brother thanks for clearing it
Thanks
I am looking for the content on CSRF and CSP Headers in JAVA Filter. If you could provid it that would be really helpful.
In last, we use header base authentication, Will it work for browser?
Because, it is not working for browser in my case.
Same.
Bhaiya please make a video on cross site in which authorization header is sent to the backend my malicious website and produce hacking in the backend :)
why it showing this?
C:\Users\toshiba\Desktop\codes
ode js\URL shortcut project\index.js:50
res.redirect(entry.redirectURL)
^
TypeError: Cannot read properties of null (reading 'redirectURL')
at C:\Users\toshiba\Desktop\codes
ode js\URL shortcut project\index.js:50:21
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
Node.js v21.7.3
[nodemon] app crashed - waiting for file changes before starting...
Are you checking whether entry is null or not
still I got One error TypeError: Cannot read properties of undefined (reading 'split') if Anyone have solution for this...
getting same error. were you able to find the solution?
@@prateek_saxena2107 Not yet...
because you've to set authorization property if you're using postman by setting bearer token
excellent
Thank's man
ye Manish Paul bhai hai kya ??
what are http only cookie ?
Very useful video Piyush, but it could be helpul if you are teaching in English
this authorization thing got me confused like cookies, tokens, headers and all.
bade bahiya m soch kyo nahi pa rha hun😟
Bhaiya ji esse he videos aati rehye gii ?
haa
Pls provide the source code always
ddd
@piyushgarg sir