Bummer! This is just a preview. You need to be signed in with a Basic account to view the entire video.
Building a JWT2:49 with Alena Holligan
Our login system will utilize cookies to store information about our user, however, we will be using JWT’s that are signed with a secret key to make sure the cookie is not modified or falsified to get into the system.
JWT Claim Details
Review JSON Web Tokens video
|iss||Issuer||Who issues this claim?|
|sub||Subject||Who is the subject?|
|exp||Expiration Time||When this JWT expires|
|iat||Issued At||Seconds since epoch|
|nbf||Not Before||Seconds since epoch|
|is_admin||Private Claim Data||Is the user an Admin?|
Now let's open our functions_auth file again.
And we're ready to create our JOT.
Scroll down to the save user data.
Instead of data we're going to create a JWT.
JWT equals, and we'll
use firebase\JWT\JWT encode.
This method takes three properties, the data we want in our claim,
the signing key, and the encryption algorithm.
Our claims will contain a few items passed as an array.
Our sub, for subject, is going to be our user ID.
Our exp equals the expire time.
The iat = time.
This is when the JWT was issued.
NBF tells the JWT that it cannot be used before this time,
which is this current time.
And then finally, the auth rolls.
After our claim, we're going to sign the JOT with our secret key from our ENV file.
finally, as a default we'll use HS256 for our algorithm.
This is the standard and can be used for the majority of things.
If you want to learn about signing algorithms,
see the notes associated with this video.
We'll close out our end code, and
then we'll move the expiration time above our JOT.
Great, now we have a JOT and we're ready to use it when we create our cookie.
You need to sign up for Treehouse in order to download course files.Sign up