Excellent video that captures node, postgres and jwt for authentication. Would be great to see an example now of postgres row level access for a user to only be able to edit their row in the users table.
Thank you so much. It helped a lot. I have a question. When accessing the API on client side, jwt-decode is not giving me the correct data. Refresh token is not generated correctly. Please make a second part how to access it from client server
@@caleb-codes Just depends on use-case. If it's something that you may want to instantly revoke access for, then sure. For things where read access does not need to be instantly revoked, JWT is always an option. When using JWT, create, update and delete actions can simply be verified against the user profile's version (any time status, password, etc, is changed, create new version number, or string) I'm assuming you've heard someone say that it isn't secure, or something along those lines and it's completely untrue. There is absolutely nothing unsecure about JWT authentication, as long as it is implemented properly. On most projects, it's more than adequate enough with it's access revoke limitations and will cost less money than sessions.