Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll

Using Cookies and JWTs for Secure Authentication

Preview

Start a free Courses trial
to watch this video

Sign up for Treehouse

Building a JWT

2:49 with Alena Holligan

Our login system will utilize cookies to store information about our user, however, we will be using JWT’s that are signed with a secret key to make sure the cookie is not modified or falsified to get into the system.

JWT Claim Details

Review JSON Web Tokens video

iss Issuer Who issues this claim?
sub Subject Who is the subject?
exp Expiration Time When this JWT expires
iat Issued At Seconds since epoch
nbf Not Before Seconds since epoch
is_admin Private Claim Data Is the user an Admin?

Additional Resources

Related Discussions

Have questions about this video? Start a discussion with the community and Treehouse staff.

Sign up

    Related Discussions

    Have questions about this video? Start a discussion with the community and Treehouse staff.

    Sign up

    Now let's open our functions_auth file again. 0:00
    And we're ready to create our JOT. 0:08
    Scroll down to the save user data. 0:10
    Instead of data we're going to create a JWT. 0:15
    JWT equals, and we'll 0:20
    use firebase\JWT\JWT encode. 0:26
    This method takes three properties, the data we want in our claim, 0:35
    the signing key, and the encryption algorithm. 0:41
    Our claims will contain a few items passed as an array. 0:44
    Iss=request, GetBaseURL, 0:51
    Our sub, for subject, is going to be our user ID. 1:03
    Our exp equals the expire time. 1:14
    The iat = time. 1:24
    This is when the JWT was issued. 1:32
    NBF tells the JWT that it cannot be used before this time, 1:37
    which is this current time. 1:42
    And then finally, the auth rolls. 1:46
    After our claim, we're going to sign the JOT with our secret key from our ENV file. 1:52
    Getenv("SECRET_KEY") And 2:09
    finally, as a default we'll use HS256 for our algorithm. 2:17
    This is the standard and can be used for the majority of things. 2:23
    If you want to learn about signing algorithms, 2:26
    see the notes associated with this video. 2:28
    We'll close out our end code, and 2:33
    then we'll move the expiration time above our JOT. 2:36
    Great, now we have a JOT and we're ready to use it when we create our cookie. 2:44

    You need to sign up for Treehouse in order to download course files.

    Sign up

      You need to sign up for Treehouse in order to set up Workspace

      Sign up