Building a JWT

Name: Building a JWT
Uploaded: 2019-05-08T10:43:09Z
Duration: 169 s
Description: Our login system will utilize cookies to store information about our user, however, we will be using JWT’s that are signed with a secret key to make sure the cookie is not modified or falsified to get into the system.

2:49 with Alena Holligan

Our login system will utilize cookies to store information about our user, however, we will be using JWT’s that are signed with a secret key to make sure the cookie is not modified or falsified to get into the system.

Teacher's Notes
Video Transcript
Downloads

JWT Claim Details

Review JSON Web Tokens video

iss	Issuer	Who issues this claim?
sub	Subject	Who is the subject?
exp	Expiration Time	When this JWT expires
iat	Issued At	Seconds since epoch
nbf	Not Before	Seconds since epoch
is_admin	Private Claim Data	Is the user an Admin?

Additional Resources

time() function: + number of seconds. 60 minutes in an hour, multiplied by 60 seconds in a minute, equals 3600 seconds.
Cookies vs Session Storage
Signing Algorithms

Now let's open our functions_auth file again. 0:00

And we're ready to create our JOT. 0:08

Scroll down to the save user data. 0:10

Instead of data we're going to create a JWT. 0:15

JWT equals, and we'll 0:20

use firebase\JWT\JWT encode. 0:26

This method takes three properties, the data we want in our claim, 0:35

the signing key, and the encryption algorithm. 0:41

Our claims will contain a few items passed as an array. 0:44

Iss=request, GetBaseURL, 0:51

Our sub, for subject, is going to be our user ID. 1:03

Our exp equals the expire time. 1:14

The iat = time. 1:24

This is when the JWT was issued. 1:32

NBF tells the JWT that it cannot be used before this time, 1:37

which is this current time. 1:42

And then finally, the auth rolls. 1:46

After our claim, we're going to sign the JOT with our secret key from our ENV file. 1:52

Getenv("SECRET_KEY") And 2:09

finally, as a default we'll use HS256 for our algorithm. 2:17

This is the standard and can be used for the majority of things. 2:23

If you want to learn about signing algorithms, 2:26

see the notes associated with this video. 2:28

We'll close out our end code, and 2:33

then we'll move the expiration time above our JOT. 2:36

Great, now we have a JOT and we're ready to use it when we create our cookie. 2:44

You need to sign up for Treehouse in order to download course files.

Using Cookies and JWTs for Secure Authentication

Building a JWT

JWT Claim Details

Additional Resources