Bummer! This is just a preview. You need to be signed in with a Basic account to view the entire video.
Building a JWT4:52 with Alena Holligan
Our login system will utilize cookies to store information about our user, however, we will be using JWT’s that are signed with a secret key to make sure the cookie is not modified or falsified to get into the system.
Steps to Creating a .env file
- Preview your site in a browser again and copy the domain name from the url.
- In the 'inc' folder, create a new file named env.txt
- open the file and create 2 lines:
SECRET_KEY= string_of_64_random_characters COOKIE_DOMAIN= url_from_step_1** NOTE: Do NOT include the ending slash on the url **
- Close the file and rename env.txt to .env
$user['role_id'] == 1
This check if the users role id is equal to 1, meaning an admin, and returns true or false.
JWT Claim Details
Review JSON Web Tokens video
|iss||Issuer||Who issues this claim?|
|sub||Subject||Who is the subject?|
|exp||Expiration Time||When this JWT expires|
|iat||Issued At||Seconds since epoch|
|nbf||Not Before||Seconds since epoch|
|is_admin||Private Claim Data||Is the user an Admin?|
There are a few parts to a job that we're going to use,
the first of which is an expire time.
We're going to use this time in a couple of places.
So let's make it a variable,
$expTime = time() + 3600.
This says the expire time is in one hour.
Now we need to create the .env file.
Any file that starts with a period can be difficult to edit.
Let's start by naming this env.txt.
We'll put it in our inc folder.
We can rename this once we're done.
This is where you can define any environment variables that you want to
access with a get env function or the _env variable.
This file should contain any secret keys that you need for your application.
In our case we need a secret key for our jobs to be signed.
We'll add the following line SECRET_KEY = and
then fill out a secret key with a string of 64 random characters.
We also need to add the domain where our cookie will live.
For this we can preview our site in the browser again.
And we copy our URL.
We don't want the HTTP at the beginning.
Let's close this file and rename it.
The last thing we need to do is to tell our application to load this file.
So, let's open our Bootstrap file.
We add $dotenv =
And the current directory.
This will tell the system where to find our dotenv file.
Now let's go back to our do login file.
We're ready to create our job.
We're going to use the static method
in code that lives in the class
This method takes three properties, the data we want in our claim,
the signing key, and the encryption algorithm.
Our claims will contain a few items passed in an array.
All of them but one, are part of the RFC for jots.
You can see the details for each in the notes.
Iss will equal request.
Will equal a user id.
Exp for expire will equal our expire time.
Iat will equal time.
This is the time stamp of when the jot is issued.
Nbf will also equal time.
This tells the jot that it cannot be used before the current time stamp.
This is going to be set to the user role_id.
After our claims, we can sign the jot with our secret key from our env file.
And finally as a default we use
the HS256 for our algorithm.
Great, we now have a jot that we can set in a cookie.
You need to sign up for Treehouse in order to download course files.Sign up