This channel is highly underrated, as a lead software engineer in our start up we are using nextjs and I used this channel's refresh and access tokens for authentication tutorials and it has been our day to day application because it enables us hit the same API for our mobile application
Just opened the repo to see its goods and you can always tell the developer is going to be competent by looking at their choice of technologies used. Right on, bro
I must say this is an amazing course on next-auth, your way of teaching is very clear and easy to understand sir. I've learnt so much from this video, really useful for my uni project, going to share this with my friends. Thank you so much once again🙏🙏
You have no idea how many incomplete videos I had to go through until I found this one. First person to explain every step properly and I finally get it. Took me a week to learn nextauth and without your vid it might've been a month.
@@SakuraDev I have a noob question if that's ok. Some websites have the ability to sign in with either an username or an email interchangably in a single field. Is this possible with next auth? Can I implement some kind of conditional logic to my authentication that accepts either parameter as a sign-in credential?
Yes it is possible. In your authorize function of the next auth, you can find the user in in user table where it emails match with entered username or matched with user's email
Sekura ❤ I’m only at the first hour of this tutorial. Had to submit a comment to say a big thank you! You absolutely know how to explain and teach. I love every minute of it.
Man, you deserve a lot more subscribers. As a beckend developer, I had hard time understading the working of Nextjs, you nailed it with your best in class course. Now I could build an awesome application.
First time here, and I'm blown away by your content! Your teaching is exceptional. Looking forward to more! Could you cover Role and Permission-based Access in your upcoming videos? Thanks for the great work!
I am highly appreciative of this tutorial! Like others I have had many false starts due to gaps in my knowledge of all the necessary packages/libraries that work together in a nice onboarding service. This tutorial answers a majority of my knowledge gaps as a noob. Thank you for putting this together as I know how much effort and planning goes into something like this. I look forward to many more tutorials from you!
Thanks for you vid. I've watched your Nest/Next vídeo from last year, and comparing with this new one, it's much better. I also think you improved your explaning skills a lot. Congratz bud.
You're very welcome! I'm glad you found the tutorial helpful. Creating valuable content is my passion, so hearing positive feedback is incredibly rewarding. If you have any questions or need further assistance, feel free to ask!
hey Sakura, nice video! in one of your last videos you showed how to create a custom authentication service using nestjs and nextjs with jwt tokens send via the header. could you make a new fullstack authentication video using http only cookies? i would really appreciate. 🎉
I have followed the tut and was so proud that all works now. But a bit too well? I noticed that all server actions can be called from the client side even without authorization. I don’t use Prisma but just a executeQuery function for mysql2. That server function can be used on client, as it should, to make database queries with normal sql (can just put the query in there). But: Anyone can use it. I made a button on a client page (just the home page outside of protected routes) that accesses the server action. And it works! And whatever I do I cannot prevent the client to always and anywhere use that server action. No idea how to protect it… Really frustrating because that would mean I need to use api routes for database queries??
This video is the best explanation on next auth with a credentials provider period. Thanks for your great work. Do you have a video on how to verify a jwt token returned by a backend?
Thanks for amazing video. But your video sound is very low. I have set to maximun volume i my pc and youtube video player. still sound is low. Cordial Suggestion to improve sound quality.
Hi bro how to set the default page to be login when go to npm run dev in the browser it to be handle localhost:3000/login not the home page localhost:3000 I implemented but when I gave localhost:3000 its changing to localhost:3000/login but the issue is white space occuring 2secs then login page occuring how to resolve this issue
great tutorial thank you so much can you also make project based tutorial using microservices architectures with nestjs,graphql,prisma,nextjs,docker so on
Thank you for sharing this content. I have one question, how do you handle redirecting the user to the profile page when that user tries to access the login page after successful authentication using middleware.
There are so many videos on Auth on this channel. There's a playlist but it doesn't have all the videos on Auth from this channel. Can you please tell me the order in which I am supposed to watch these videos?
Is there a reason why we're creating 'pages/api/auth/[...nextauth].route.ts' instead of 'pages/api/auth/[...nextauth].ts' like the documentation suggested on their site?
have one question, first case if both frontend and backend as next, how to store session and access token and refresh token, should i store it in cookie or what?? how to recall the refresh token . same question about separate backend. bit stuck here, thank you.
Hi Sekura! It's me again! I've done some custom stuff to the project, and it's working fine on my machine. After that, I've send to Netlify, but after the deploy for some reason I'm getting error messages when trying to comunicate with prisma. Wich aditional configuration I need to do to make it work?
Thank you so much for sharing such a great tutorial video! sorry for asking, When exactly we need to use Nest.js too, for authentication? I mean while Next.js is capable of authentication what is the point of using Nest.js?
Thanks. We are using nextjs as a full stack project, so we don't have a backend server. If we use nextjs just as front end, then we need a back end server like nest.js to keep track of our user data. I have a video on that. You can find it on my channel
I have a question since it's been a month since I completed this and since then I've learned about the difference between token based and session based auth. With your method of implementing auth can I revoke user access instantly or will they still have an active token if I delete them from my database? There are multiple written and video tutorials on the web but all of them use jwt token sessions and it's very hard to manage access with them as the client keeps them even if they're removed from db.
I came up with some solution getting google OAuth and refresh token strategy to work, thanks to your video: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-khNwrFJ-Xqs.html It's is working but I don't know is it a good solution, I can share the code with you if you are interested. @@SakuraDev
Hey Sakura, I have followed your NestJs and nextJs combine tutorial for handling refresh token. I replicate the same using Nextauth-5 In callback, we check the expire time and if expire we made call to refreshToken then we get But if in case, refreshToken also expire, the function will give 401. Under this condition, still nextauth keep user login. Is there any way yo trigger signOut() without clicking button ? Or is there any way to auto signout when such event happen
unfortunately nextauth signOut() is only working in client side ... all you can do is to redirect the user to an client side page which will call the signOut() function. in my opinion i think nextauth is really not well designed to work with refresh tokens (especially when using http only cookies)
Hey Sakura, I have a question. I've watched you vid, an ultil the part 17 when you finish the signin form, you dont talk about the authentication expires. If I'm not wrong, the authentication goes like: 1st access? - create a token and insert user data inside a token 2nd access? - use the session to get the token and retrieve the user info But for how long the token is up? Or its only expires when you log out? You can change the expire time like the commom Jwt method ou your NestJS vid? Thanks! Edit: Also, I added two new columns to user table (createdAt and updatedAt) to manage future updates. But I can't find a way to insert the values for this two new fields. I cant do this in the formSingUp with zod, but because of this I cant also do it on the registerUser function on routes.ts method because to make it work, I need to inputs these new fields to Omit. Can you give me an idea to make it work please? Lov u!
Hi, For the first connection, when we use nextjs as a fullstack, I believe, we do not need to worry about refresh token. but if we have a separate backend we need to think about the refreshing the access token.
and for the second question, you can set a default value in the schema for createdAt or you can set the createdAt manually when you creating a user, i.e. inserting a new user with Prisma. In this case you don't need to change the zod schema because we don't want to take the value of createdAt from the user in the Form. So just handle it inside the create user function. the same goes with the updated at
Since we are using the next.js as full stack project, we don't need refresh token. but I have covered it in my previous video which is about combination of Nest.js and Next.js: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-khNwrFJ-Xqs.html
as I said you should register with your company email address in the mailtrap. with free email accounts like Gmail, we can just test the process. Although you can set SMTP Server with Gmail Server and send emails through your account.
sakura thank you for this amazing tutorial but i have little bug when i try to load my env variable from .env it doesn't load it shows me this error "Error: Missing credentials for "PLAIN"" but it works well when i hard coded it works when i hard code it like this user: "myemail", pass: "mypass", but it doesn't work in this case user: process.env.SMPT_EMAIL, pass: process.env.SMTP_GMAIL_PASS,
