Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll

Using Cookies and JWTs for Secure Authentication

Preview

Start a free Courses trial
to watch this video

Sign up for Treehouse

Setting up the Packages

4:55 with Alena Holligan

To use a JWT with our user data, we'll be looking at a couple of additional packages that we will install via composer, php-jwt and phpdotenv. php-jwt is a JSON Web Token package that allows you to generate a JWT that we will store in our cookies. phpdotenv is a nice package to set environment variables based on a file.

Lean more about Dependency Management with Composer

Check out the packages:

  • firebase/php-jwt A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.
  • vlucas/phpdotenv Loads environment variables from .env to getenv(), $_ENV and $_SERVER automagically.

Steps to Creating a .env file

  1. Preview your site in a browser again and copy the domain name from the url.
  2. In the 'inc' folder, create a new file named env.txt
  3. open the file and create 2 lines:
    SECRET_KEY=kLQPGHwnHxTBcLkKtPyaUXt9jJgBZCffgXPDbyvb6XzBcPsXobtfzCyrjjqVyXxF COOKIE_PATH=/ COOKIE_DOMAIN=.treehouse-app.com COOKIE_SECURE=false COOKIE_HTTPONLY=true
    ** NOTE: Do NOT include the ending slash on the url **
  4. Close the file and rename env.txt to .env

Related Discussions

Have questions about this video? Start a discussion with the community and Treehouse staff.

Sign up

    Related Discussions

    Have questions about this video? Start a discussion with the community and Treehouse staff.

    Sign up

    To use a JWT with a user data we will be looking at a couple additional packages 0:00
    that will install via Composer, PHP JWT, and PHP.ENV. 0:05
    PHP JWT is a JSON web token package that allows you to generate 0:11
    a Jwt that will be stored in our cookie. 0:16
    PHP.ENV is a nice package to set environment variables based on a file. 0:19
    If you want want more details about environment variables 0:26
    check the notes associated with this video. 0:29
    Since we're going to need a new package for 0:32
    this system, let's install our new package to our composer. 0:34
    In workspaces, go to View>Show Console The package 0:37
    we're going to be using is the php-jwt by Firebase. 0:46
    So let's type composer 0:51
    require firebase/php-jwt. 0:56
    This will install the package and update your composer.json and 1:03
    composer.lock files. 1:08
    We also need to require the vlucas/php.env, 1:09
    another way of doing this is going into our composer.json. 1:14
    And we'll add it after the Firebase. 1:22
    Vlucas/php.env, 1:28
    3.3 is what we're using. 1:35
    Make sure that you add a comma to separate these two packages. 1:39
    Doing it this way requires that you know the latest stable release or 1:42
    version that you want to use. 1:46
    After updating your JSON file, go back to the console and run composer update, 1:49
    Composer update, oops, save our JSON. 1:58
    The last thing we'll need to do is create a new file named .env. 2:10
    This is where we'll store environment variables. 2:15
    As a reminder, you will want to make sure that any 2:19
    ENV files that you use are added to get ignore file. 2:22
    You don't want to be pushing that secure information to GitHub. 2:27
    Any file that starts with a period can be difficult to edit, 2:31
    especially in workspaces. 2:34
    So let's close our console and the composer file and in the Inc folder, 2:36
    we'll create a new file and we'll name this env.txt. 2:43
    We can rename it when we're done. 2:49
    This is where we're going to define any environment variables that we want to use. 2:51
    We can access this with GitEnv or the _env variable. 2:56
    This file should contain any secret keys that you need for your application. 3:02
    In our case, we need a secret key for our JWT to be signed. 3:06
    We'll type SECRET_KEY and 3:10
    set this equal to a string of 64 random characters. 3:13
    We can also use this environment file for 3:20
    our cookie settings that may change based on the environment. 3:22
    We'll use COOKIE_PATH, we'll set this equal to our root. 3:27
    Our COOKIE_DOMAIN, which is going 3:34
    to equal .treehouse-app.com. 3:39
    Our COOKIE_SECURE, 3:43
    which is going to equal false, and 3:47
    our COOKIE_HTTPONLY equals true. 3:52
    Let's close and rename this file. 3:58
    .env. 4:06
    The last thing we need to do is to tell our application to load this file. 4:08
    In our settings, Right at the top, 4:14
    let's add dotenv = 4:22
    Dotenv\Dotenv::create(__DIR). 4:27
    Then we'll use dotenv->load(). 4:42
    This will tell the system where to find our dotenv file, 4:48
    in the same folder as our settings file. 4:52

    You need to sign up for Treehouse in order to download course files.

    Sign up

      You need to sign up for Treehouse in order to set up Workspace

      Sign up