Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll
Preview
Start a free Courses trial
to watch this video
Our login system will utilize cookies to store information about our user, however, we will be using JWT’s that are signed with a secret key to make sure the cookie is not modified or falsified to get into the system.
JWT Claim Details
Review JSON Web Tokens video
iss | Issuer | Who issues this claim? |
sub | Subject | Who is the subject? |
exp | Expiration Time | When this JWT expires |
iat | Issued At | Seconds since epoch |
nbf | Not Before | Seconds since epoch |
is_admin | Private Claim Data | Is the user an Admin? |
Additional Resources
- time() function: + number of seconds. 60 minutes in an hour, multiplied by 60 seconds in a minute, equals 3600 seconds.
- Cookies vs Session Storage
- Signing Algorithms
Now let's open our
functions_auth file again.
0:00
And we're ready to create our JOT.
0:08
Scroll down to the save user data.
0:10
Instead of data we're
going to create a JWT.
0:15
JWT equals, and we'll
0:20
use firebase\JWT\JWT encode.
0:26
This method takes three properties,
the data we want in our claim,
0:35
the signing key, and
the encryption algorithm.
0:41
Our claims will contain a few
items passed as an array.
0:44
Iss=request, GetBaseURL,
0:51
Our sub, for subject,
is going to be our user ID.
1:03
Our exp equals the expire time.
1:14
The iat = time.
1:24
This is when the JWT was issued.
1:32
NBF tells the JWT that it cannot
be used before this time,
1:37
which is this current time.
1:42
And then finally, the auth rolls.
1:46
After our claim, we're going to sign the
JOT with our secret key from our ENV file.
1:52
Getenv("SECRET_KEY") And
2:09
finally, as a default we'll use HS256 for
our algorithm.
2:17
This is the standard and
can be used for the majority of things.
2:23
If you want to learn
about signing algorithms,
2:26
see the notes associated with this video.
2:28
We'll close out our end code, and
2:33
then we'll move the expiration
time above our JOT.
2:36
Great, now we have a JOT and we're ready
to use it when we create our cookie.
2:44
You need to sign up for Treehouse in order to download course files.
Sign up