Setting up the Packages4:55 with Alena Holligan
To use a JWT with our user data, we'll be looking at a couple of additional packages that we will install via composer, php-jwt and phpdotenv. php-jwt is a JSON Web Token package that allows you to generate a JWT that we will store in our cookies. phpdotenv is a nice package to set environment variables based on a file.
Lean more about Dependency Management with Composer
Check out the packages:
- firebase/php-jwt A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.
vlucas/phpdotenv Loads environment variables from
Steps to Creating a .env file
- Preview your site in a browser again and copy the domain name from the url.
- In the 'inc' folder, create a new file named env.txt
- open the file and create 2 lines:
SECRET_KEY=kLQPGHwnHxTBcLkKtPyaUXt9jJgBZCffgXPDbyvb6XzBcPsXobtfzCyrjjqVyXxF COOKIE_PATH=/ COOKIE_DOMAIN=.treehouse-app.com COOKIE_SECURE=false COOKIE_HTTPONLY=true
- Close the file and rename env.txt to .env
To use a JWT with a user data we will be looking at a couple additional packages 0:00 that will install via Composer, PHP JWT, and PHP.ENV. 0:05 PHP JWT is a JSON web token package that allows you to generate 0:11 a Jwt that will be stored in our cookie. 0:16 PHP.ENV is a nice package to set environment variables based on a file. 0:19 If you want want more details about environment variables 0:26 check the notes associated with this video. 0:29 Since we're going to need a new package for 0:32 this system, let's install our new package to our composer. 0:34 In workspaces, go to View>Show Console The package 0:37 we're going to be using is the php-jwt by Firebase. 0:46 So let's type composer 0:51 require firebase/php-jwt. 0:56 This will install the package and update your composer.json and 1:03 composer.lock files. 1:08 We also need to require the vlucas/php.env, 1:09 another way of doing this is going into our composer.json. 1:14 And we'll add it after the Firebase. 1:22 Vlucas/php.env, 1:28 3.3 is what we're using. 1:35 Make sure that you add a comma to separate these two packages. 1:39 Doing it this way requires that you know the latest stable release or 1:42 version that you want to use. 1:46 After updating your JSON file, go back to the console and run composer update, 1:49 Composer update, oops, save our JSON. 1:58 The last thing we'll need to do is create a new file named .env. 2:10 This is where we'll store environment variables. 2:15 As a reminder, you will want to make sure that any 2:19 ENV files that you use are added to get ignore file. 2:22 You don't want to be pushing that secure information to GitHub. 2:27 Any file that starts with a period can be difficult to edit, 2:31 especially in workspaces. 2:34 So let's close our console and the composer file and in the Inc folder, 2:36 we'll create a new file and we'll name this env.txt. 2:43 We can rename it when we're done. 2:49 This is where we're going to define any environment variables that we want to use. 2:51 We can access this with GitEnv or the _env variable. 2:56 This file should contain any secret keys that you need for your application. 3:02 In our case, we need a secret key for our JWT to be signed. 3:06 We'll type SECRET_KEY and 3:10 set this equal to a string of 64 random characters. 3:13 We can also use this environment file for 3:20 our cookie settings that may change based on the environment. 3:22 We'll use COOKIE_PATH, we'll set this equal to our root. 3:27 Our COOKIE_DOMAIN, which is going 3:34 to equal .treehouse-app.com. 3:39 Our COOKIE_SECURE, 3:43 which is going to equal false, and 3:47 our COOKIE_HTTPONLY equals true. 3:52 Let's close and rename this file. 3:58 .env. 4:06 The last thing we need to do is to tell our application to load this file. 4:08 In our settings, Right at the top, 4:14 let's add dotenv = 4:22 Dotenv\Dotenv::create(__DIR). 4:27 Then we'll use dotenv->load(). 4:42 This will tell the system where to find our dotenv file, 4:48 in the same folder as our settings file. 4:52
You need to sign up for Treehouse in order to download course files.Sign up