Bummer! This is just a preview. You need to be signed in with a Basic account to view the entire video.
Building a JWT2:49 with Alena Holligan
Our login system will utilize cookies to store information about our user, however, we will be using JWT’s that are signed with a secret key to make sure the cookie is not modified or falsified to get into the system.
JWT Claim Details
Review JSON Web Tokens video
|iss||Issuer||Who issues this claim?|
|sub||Subject||Who is the subject?|
|exp||Expiration Time||When this JWT expires|
|iat||Issued At||Seconds since epoch|
|nbf||Not Before||Seconds since epoch|
|is_admin||Private Claim Data||Is the user an Admin?|
Now let's open our functions_auth file again. 0:00 And we're ready to create our JOT. 0:08 Scroll down to the save user data. 0:10 Instead of data we're going to create a JWT. 0:15 JWT equals, and we'll 0:20 use firebase\JWT\JWT encode. 0:26 This method takes three properties, the data we want in our claim, 0:35 the signing key, and the encryption algorithm. 0:41 Our claims will contain a few items passed as an array. 0:44 Iss=request, GetBaseURL, 0:51 Our sub, for subject, is going to be our user ID. 1:03 Our exp equals the expire time. 1:14 The iat = time. 1:24 This is when the JWT was issued. 1:32 NBF tells the JWT that it cannot be used before this time, 1:37 which is this current time. 1:42 And then finally, the auth rolls. 1:46 After our claim, we're going to sign the JOT with our secret key from our ENV file. 1:52 Getenv("SECRET_KEY") And 2:09 finally, as a default we'll use HS256 for our algorithm. 2:17 This is the standard and can be used for the majority of things. 2:23 If you want to learn about signing algorithms, 2:26 see the notes associated with this video. 2:28 We'll close out our end code, and 2:33 then we'll move the expiration time above our JOT. 2:36 Great, now we have a JOT and we're ready to use it when we create our cookie. 2:44
You need to sign up for Treehouse in order to download course files.Sign up