Bummer! This is just a preview. You need to be signed in with a Basic account to view the entire video.

Preview

Start a free Basic trial
to watch this video

Sign up for Treehouse

Setting up the Packages

4:55 with Alena Holligan

To use a JWT with our user data, we'll be looking at a couple of additional packages that we will install via composer, php-jwt and phpdotenv. php-jwt is a JSON Web Token package that allows you to generate a JWT that we will store in our cookies. phpdotenv is a nice package to set environment variables based on a file.

Lean more about Dependency Management with Composer

Check out the packages:

  • firebase/php-jwt A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.
  • vlucas/phpdotenv Loads environment variables from .env to getenv(), $_ENV and $_SERVER automagically.

Steps to Creating a .env file

  1. Preview your site in a browser again and copy the domain name from the url.
  2. In the 'inc' folder, create a new file named env.txt
  3. open the file and create 2 lines:
    SECRET_KEY=kLQPGHwnHxTBcLkKtPyaUXt9jJgBZCffgXPDbyvb6XzBcPsXobtfzCyrjjqVyXxF COOKIE_PATH=/ COOKIE_DOMAIN=.treehouse-app.com COOKIE_SECURE=false COOKIE_HTTPONLY=true
    ** NOTE: Do NOT include the ending slash on the url **
  4. Close the file and rename env.txt to .env
  • 0:00

    To use a JWT with a user data we will be looking at a couple additional packages

  • 0:05

    that will install via Composer, PHP JWT, and PHP.ENV.

  • 0:11

    PHP JWT is a JSON web token package that allows you to generate

  • 0:16

    a Jwt that will be stored in our cookie.

  • 0:19

    PHP.ENV is a nice package to set environment variables based on a file.

  • 0:26

    If you want want more details about environment variables

  • 0:29

    check the notes associated with this video.

  • 0:32

    Since we're going to need a new package for

  • 0:34

    this system, let's install our new package to our composer.

  • 0:37

    In workspaces, go to View>Show Console The package

  • 0:46

    we're going to be using is the php-jwt by Firebase.

  • 0:51

    So let's type composer

  • 0:56

    require firebase/php-jwt.

  • 1:03

    This will install the package and update your composer.json and

  • 1:08

    composer.lock files.

  • 1:09

    We also need to require the vlucas/php.env,

  • 1:14

    another way of doing this is going into our composer.json.

  • 1:22

    And we'll add it after the Firebase.

  • 1:28

    Vlucas/php.env,

  • 1:35

    3.3 is what we're using.

  • 1:39

    Make sure that you add a comma to separate these two packages.

  • 1:42

    Doing it this way requires that you know the latest stable release or

  • 1:46

    version that you want to use.

  • 1:49

    After updating your JSON file, go back to the console and run composer update,

  • 1:58

    Composer update, oops, save our JSON.

  • 2:10

    The last thing we'll need to do is create a new file named .env.

  • 2:15

    This is where we'll store environment variables.

  • 2:19

    As a reminder, you will want to make sure that any

  • 2:22

    ENV files that you use are added to get ignore file.

  • 2:27

    You don't want to be pushing that secure information to GitHub.

  • 2:31

    Any file that starts with a period can be difficult to edit,

  • 2:34

    especially in workspaces.

  • 2:36

    So let's close our console and the composer file and in the Inc folder,

  • 2:43

    we'll create a new file and we'll name this env.txt.

  • 2:49

    We can rename it when we're done.

  • 2:51

    This is where we're going to define any environment variables that we want to use.

  • 2:56

    We can access this with GitEnv or the _env variable.

  • 3:02

    This file should contain any secret keys that you need for your application.

  • 3:06

    In our case, we need a secret key for our JWT to be signed.

  • 3:10

    We'll type SECRET_KEY and

  • 3:13

    set this equal to a string of 64 random characters.

  • 3:20

    We can also use this environment file for

  • 3:22

    our cookie settings that may change based on the environment.

  • 3:27

    We'll use COOKIE_PATH, we'll set this equal to our root.

  • 3:34

    Our COOKIE_DOMAIN, which is going

  • 3:39

    to equal .treehouse-app.com.

  • 3:43

    Our COOKIE_SECURE,

  • 3:47

    which is going to equal false, and

  • 3:52

    our COOKIE_HTTPONLY equals true.

  • 3:58

    Let's close and rename this file.

  • 4:06

    .env.

  • 4:08

    The last thing we need to do is to tell our application to load this file.

  • 4:14

    In our settings, Right at the top,

  • 4:22

    let's add dotenv =

  • 4:27

    Dotenv\Dotenv::create(__DIR).

  • 4:42

    Then we'll use dotenv->load().

  • 4:48

    This will tell the system where to find our dotenv file,

  • 4:52

    in the same folder as our settings file.

You need to sign up for Treehouse in order to download course files.

Sign up