1
00:00:01,110 --> 00:00:05,730
In this video we're going to generate the sun web token and then store it inside of our cookie as a

2
00:00:05,730 --> 00:00:08,270
quick reminder on how to use cookie session.

3
00:00:08,400 --> 00:00:13,720
Once we have the Jason web token generated we can take a look down at the example section.

4
00:00:13,860 --> 00:00:18,240
Is the example section on the cookie section session documentation right here.

5
00:00:18,240 --> 00:00:20,310
That's how we store some information inside the cookie.

6
00:00:20,310 --> 00:00:26,320
We do a rect session record session is gonna be an object that is created by the cookie at session middleware.

7
00:00:26,730 --> 00:00:31,320
Any information we store on this object will be automatically serialized by Cookie session and stored

8
00:00:31,350 --> 00:00:32,490
inside the cookie.

9
00:00:32,520 --> 00:00:36,900
So once we generate that Jason what token we're going to set it on rect out session.

10
00:00:36,900 --> 00:00:37,720
And that's pretty much it.

11
00:00:37,740 --> 00:00:39,340
That's all we have to do.

12
00:00:39,360 --> 00:00:42,000
So how are we going to generate the Jason web token itself.

13
00:00:42,000 --> 00:00:44,210
Well we're going to use yet another package.

14
00:00:44,300 --> 00:00:50,240
So once again on NPM just dot com I'm going to do a search for Jason web token.

15
00:00:50,340 --> 00:00:52,610
There are many libraries with a very similar name.

16
00:00:52,620 --> 00:00:56,780
So make sure you put Jason web token all one word with no dashes in it.

17
00:00:56,800 --> 00:00:58,290
I'll then go to the first results.

18
00:00:58,290 --> 00:01:03,740
It should have the exact name Jason web token there's really just two things you need to know about

19
00:01:03,740 --> 00:01:04,770
this library.

20
00:01:04,790 --> 00:01:10,820
It has a method that allows us to create a Jason web token called sign when we call sign.

21
00:01:10,850 --> 00:01:13,480
We're gonna put in a payload as the first argument.

22
00:01:13,640 --> 00:01:17,980
The payload is gonna be the information we actually want to store inside the Jason Webb token.

23
00:01:18,050 --> 00:01:20,740
The second argument is going to be a signing key.

24
00:01:20,920 --> 00:01:25,040
We will have a further discussion about this signing key and just a little bit.

25
00:01:25,100 --> 00:01:31,880
The other thing about this library you need to understand is that there is a method called verify.

26
00:01:31,940 --> 00:01:35,750
So this is how we're going to make sure that a user did not somehow mess around with the Jason Webb

27
00:01:35,750 --> 00:01:37,330
token that was created.

28
00:01:37,360 --> 00:01:41,820
We are also gonna use this method to pull information out of the Jason token as well.

29
00:01:41,840 --> 00:01:48,160
So in other words the payload we had stored inside their OK so let's install this back in our terminal

30
00:01:49,060 --> 00:01:54,680
so I'll go back over to my terminal we'll do an npm install Jason Webb token and this library has the

31
00:01:54,680 --> 00:01:56,290
same issue as cookie session.

32
00:01:56,300 --> 00:01:58,510
It does not have native typescript support.

33
00:01:58,560 --> 00:02:02,450
So we have to add in a type definition file will add in at types.

34
00:02:02,540 --> 00:02:09,000
Flash Jason Webb token quick reminder make sure you're inside of your auth project directory.

35
00:02:09,140 --> 00:02:14,760
Let's run that these are once again very small modules so the installation should be pretty quick.

36
00:02:17,210 --> 00:02:22,740
Once that's all installed I'm going to go back over to my editor I'm going to find my roots directory

37
00:02:23,180 --> 00:02:26,940
and then the sign up folder inside their at the very top.

38
00:02:28,120 --> 00:02:31,150
I'm going to import JWT

39
00:02:35,090 --> 00:02:36,680
from Jason Webb.

40
00:02:36,770 --> 00:02:37,190
Token

41
00:02:40,370 --> 00:02:46,410
I'll then go down towards the bottom of our root handler right after we save the user to the database.

42
00:02:46,420 --> 00:02:52,030
Right up that is probably when we want to generate the Jason Webb token and then set it on the session

43
00:02:52,330 --> 00:02:58,780
on the Iraq object so right you're going to add some comments just to God myself we're going to generate

44
00:02:59,200 --> 00:03:08,600
Jason Webb token for it on the session object OK so let's get to it to actually generate the Jason Webb

45
00:03:08,600 --> 00:03:15,520
token we'll say const user JWT is data which you sign and then remember the first arguments.

46
00:03:15,530 --> 00:03:20,690
This is the payload the information we want to store inside the Jason Webb token the only requirement

47
00:03:20,690 --> 00:03:26,700
that we have for that payload is that we want to store inside there is some information about this user.

48
00:03:26,700 --> 00:03:30,540
So again we don't want to just have the fact that a user is signed in we don't want to just have an

49
00:03:30,570 --> 00:03:34,920
empty J somewhere token we want to know who this is and all of our other services that we are going

50
00:03:34,920 --> 00:03:37,410
to access the information inside of here.

51
00:03:37,410 --> 00:03:42,780
So at present the only real information that we have about a user is their I.D. that was generated by

52
00:03:42,780 --> 00:03:44,030
Mongo DB.

53
00:03:44,190 --> 00:03:47,310
We've got their email and their password.

54
00:03:47,310 --> 00:03:52,080
We probably don't want to share the password around with the world even though it is hash insulted but

55
00:03:52,080 --> 00:03:59,170
we probably do want to share the I.D. and email so when we sign the thing or when we generate the Jason

56
00:03:59,170 --> 00:04:05,780
web token we're going to provide a payload that has the idea of the user as user I.D. We'll have the

57
00:04:05,960 --> 00:04:08,360
email of the user as user dot.

58
00:04:08,360 --> 00:04:10,250
Email.

59
00:04:10,410 --> 00:04:11,430
I'm still getting an air here.

60
00:04:11,430 --> 00:04:15,810
That's because we are not providing the second argument of these secret or private key.

61
00:04:15,870 --> 00:04:19,770
Now as a reminder I said just a moment ago we're going to discuss this private key in just a moment

62
00:04:19,980 --> 00:04:24,480
and how to securely handle it in a Cuban ladies and Doctor environments right now.

63
00:04:24,510 --> 00:04:26,270
We'll just leave in a SDF.

64
00:04:26,350 --> 00:04:28,700
They're going to come back and replace that very shortly.

65
00:04:29,850 --> 00:04:34,530
Yes that's going to generate our Jason Webb token one little mistake here.

66
00:04:34,640 --> 00:04:40,480
If we double check the signature of this thing turns out that when we generate the Jason Webb token

67
00:04:40,550 --> 00:04:43,480
we have either an async or synchronous mode.

68
00:04:43,850 --> 00:04:45,820
We can go back to the documentation.

69
00:04:46,220 --> 00:04:51,630
So it will run asynchronously if we provide a callback in our case we are not providing a callback.

70
00:04:51,740 --> 00:04:57,440
That means we should get the Jason Webb token back instantly after it's been created.

71
00:04:57,480 --> 00:05:02,860
Now we're going to take that user Jason Webb token and we're going to store it on our session.

72
00:05:02,860 --> 00:05:09,320
They'll do a wreck dot session dot JWT is user JWT

73
00:05:13,150 --> 00:05:13,290
now.

74
00:05:13,300 --> 00:05:15,290
So getting a little error right here.

75
00:05:15,460 --> 00:05:21,400
The reason for that the type definition file that we installed for Cookie session is not assuming that

76
00:05:21,400 --> 00:05:27,250
we actually have an object present as record session rather than trying to just directly set a property

77
00:05:27,250 --> 00:05:30,250
like this right here which is what you saw back in the documentation.

78
00:05:30,310 --> 00:05:34,540
Usually what we do with typescript just to kind of circumvent this or get around this whole issue we

79
00:05:34,540 --> 00:05:40,880
usually redefine the entire object and set it on rect out session will create a new object give it a

80
00:05:40,900 --> 00:05:44,960
JWT property and input our user Jason Webb token on there.

81
00:05:45,130 --> 00:05:50,620
Again that's just because the type definition file that's being handed off to Jason or something to

82
00:05:50,630 --> 00:05:57,580
typescript doesn't want us to assume that there actually is an object on record session OK.

83
00:05:57,620 --> 00:05:58,750
So that looks pretty good.

84
00:05:58,760 --> 00:06:01,830
So we generated our token we set it on the session.

85
00:06:01,830 --> 00:06:06,290
The cookie session library is going to take this object serialize it and then send it back to the user's

86
00:06:06,290 --> 00:06:06,740
browser.

87
00:06:07,340 --> 00:06:08,690
So last thing here.

88
00:06:08,720 --> 00:06:12,920
Let's save this and let's do a quick test over in postman.

89
00:06:13,540 --> 00:06:18,980
So back inside of postman here we are right here.

90
00:06:19,060 --> 00:06:22,390
I'm going to change the e-mail address to something that is unique.

91
00:06:22,390 --> 00:06:31,390
Once again I'm going to make sure I've got a body requests or C I have body with raw and Jason selected.

92
00:06:31,390 --> 00:06:33,610
I'll make sure I've got a content type of application.

93
00:06:33,610 --> 00:06:37,950
Jason and I'll go ahead and send this thing now after I send it.

94
00:06:37,980 --> 00:06:43,470
We'll go over to the cookies tab right here and you'll notice no cookies where you turn from the server.

95
00:06:43,590 --> 00:06:48,240
Even though we successfully logged into the application the reason for this once again is because the

96
00:06:48,270 --> 00:06:53,760
cookie at session middleware that we just wired up we configured it to say ignore any cookies that or

97
00:06:53,940 --> 00:06:59,210
do not try to manage any cookies if the user is connecting over in each TTP connection.

98
00:06:59,230 --> 00:07:04,000
Right now we are making a request to ticketing dot dev and we have not specified the protocol which

99
00:07:04,000 --> 00:07:11,780
means that postman is going to default to H TTP if we change this to H TTP s o n slash slash and then

100
00:07:11,780 --> 00:07:13,410
make the request again.

101
00:07:13,440 --> 00:07:13,890
OK.

102
00:07:13,920 --> 00:07:21,720
Well emails in the US got a unique email and once I do now we are connecting over an h t DP s connection.

103
00:07:21,720 --> 00:07:26,730
If I go to the cookies tab now I'll see that a cookie has been sent.

104
00:07:26,760 --> 00:07:31,350
And so this right here this is our actual Jason web token.

105
00:07:31,380 --> 00:07:34,540
That's it well it's Alex pretty good.

106
00:07:34,540 --> 00:07:35,300
A quick thing here.

107
00:07:35,300 --> 00:07:40,940
If you made this follow up request and it resulted in an error if postman said sorry insecure connection

108
00:07:40,940 --> 00:07:46,340
or cannot connect or something like that but it was working previously without the HDD P.S. then here's

109
00:07:46,340 --> 00:07:47,310
what to do.

110
00:07:47,420 --> 00:07:54,450
Go up to postman preferences and then on this menu you're going to make sure that SSL certificate verification

111
00:07:54,480 --> 00:08:00,650
is turned off because remember right now we have an invalid temporary certificate being served by ingress

112
00:08:00,660 --> 00:08:06,650
engine X after you turn that thing off you should then able to be able to make a request with HPD.

113
00:08:06,660 --> 00:08:09,000
Yes and have it go through.

114
00:08:09,040 --> 00:08:09,320
All right.

115
00:08:09,370 --> 00:08:09,930
So that's it.

116
00:08:09,940 --> 00:08:11,640
We've now got our cookie being set.

117
00:08:11,650 --> 00:08:16,390
We've got our identifying piece of information on there which means any time we make a follow up request

118
00:08:16,600 --> 00:08:18,700
to anything at ticketing data.

119
00:08:18,730 --> 00:08:23,380
So any service and the rest of our application this cookie right here will be included and we're going

120
00:08:23,380 --> 00:08:26,200
to get our Jason web token.

121
00:08:26,280 --> 00:08:28,760
So let's take a pause right here and continue in just a moment.