1
00:00:01,310 --> 00:00:04,310
We've now established how we're going to handle all things authentication.

2
00:00:04,370 --> 00:00:08,520
So we're going to have a Jason web token as the actual authentication mechanism.

3
00:00:08,520 --> 00:00:13,670
And we're going to store or manage this chase on a token through the use of cookies.

4
00:00:13,670 --> 00:00:13,900
All right.

5
00:00:13,930 --> 00:00:14,840
So with all that in mind.

6
00:00:14,870 --> 00:00:20,390
Quick and a summary diagram right here of what is going on during the sign up process is that is still

7
00:00:20,420 --> 00:00:23,940
the thing that we are working on around our auto service right now.

8
00:00:23,960 --> 00:00:30,850
So we've gone through everything inside of your or hashing creating the user and storing them and considering

9
00:00:30,850 --> 00:00:32,040
user to now be logged in.

10
00:00:32,050 --> 00:00:38,440
We're going to handle that by sending back a Jason web token in a cookie though in other words we need

11
00:00:38,440 --> 00:00:42,910
to send back a response that has a header of set cookie and that should have the Jason web token more

12
00:00:42,910 --> 00:00:44,570
or less inside there.

13
00:00:44,590 --> 00:00:47,290
So how are we going to actually handle cookies.

14
00:00:47,290 --> 00:00:48,490
We're not going to handle them manually.

15
00:00:48,490 --> 00:00:51,040
Instead we're going to use a little helper library.

16
00:00:51,100 --> 00:00:55,840
We're going to use across all of our different services to read data out of this cookie.

17
00:00:55,840 --> 00:00:59,380
Let's take a look at the documentation for the cookie managing library.

18
00:00:59,380 --> 00:01:02,080
We are going to use inside of a new browser tab.

19
00:01:02,080 --> 00:01:09,610
I'm going to go to NPM J ask.com and then once there I will search for Cookie session.

20
00:01:09,820 --> 00:01:10,090
All right.

21
00:01:10,090 --> 00:01:11,810
So here's the documentation for it.

22
00:01:11,890 --> 00:01:13,540
If you've never used cookie session before.

23
00:01:13,540 --> 00:01:16,030
Feel free to read through this thing really quickly.

24
00:01:16,030 --> 00:01:20,800
The nice thing about cookies session in particular is that it allows us to store a bunch of information

25
00:01:21,040 --> 00:01:22,450
inside the cookie itself.

26
00:01:22,520 --> 00:01:24,740
And that's one of the big things that's mentioned right here.

27
00:01:24,760 --> 00:01:30,550
Remember that is a really big deal for us because as we had previously discussed back in our list of

28
00:01:30,550 --> 00:01:35,350
requirements we had said that we did not want to have to have a requirement of a backing data store

29
00:01:35,380 --> 00:01:41,620
or something like that on our individual services cookie session is specifically designed to not have

30
00:01:41,620 --> 00:01:44,290
to rely upon a backend data store.

31
00:01:44,320 --> 00:01:49,090
And again you can read the documentation right here that kind of expands on that just a little bit.

32
00:01:49,100 --> 00:01:52,880
Now you might recall that one of the other issues we discussed or one of the other requirements we had

33
00:01:52,880 --> 00:01:57,920
said that we kind of didn't really want to use cookies because we want to have a solution was easily

34
00:01:57,920 --> 00:02:00,100
understood between different languages.

35
00:02:00,360 --> 00:02:04,230
Cookies sometimes are a little bit challenging to handle across different languages.

36
00:02:04,340 --> 00:02:09,830
And the reason for that is that oftentimes you will see that the contents of a cookie will be encrypted

37
00:02:09,830 --> 00:02:11,270
in some way.

38
00:02:11,270 --> 00:02:14,800
So cookie session does handle or support encryption.

39
00:02:14,930 --> 00:02:20,720
We can use cookie session to encrypt the contents of a cookie that can really get us into trouble because

40
00:02:20,720 --> 00:02:25,400
cookie session is going to use some very particular encryption algorithm to encrypt the cookie.

41
00:02:25,880 --> 00:02:30,350
If we go off to Ruby on Rails and we need to read the contents of that cookie now we're going to need

42
00:02:30,350 --> 00:02:36,440
to make sure that Ruby on Rails can also support this encryption method as well so.

43
00:02:36,470 --> 00:02:37,820
Is that going to be an issue here.

44
00:02:37,820 --> 00:02:42,770
Well we're going to kind of circumvent this whole issue of having to worry about being easily understood

45
00:02:42,800 --> 00:02:44,240
between different languages.

46
00:02:44,360 --> 00:02:47,680
And really this entire idea of encrypting the contents of a cookie.

47
00:02:47,720 --> 00:02:51,110
So I want to show you a diagram I got.

48
00:02:51,230 --> 00:02:56,870
So we need to make sure that the contents of the cookie is easily understood between different languages.

49
00:02:56,930 --> 00:03:02,330
The reason that is a big problem most frequently is because we encrypt the data in the cookie.

50
00:03:02,330 --> 00:03:06,710
So again as I just mentioned cookie session might use some particular encryption algorithm that might

51
00:03:06,890 --> 00:03:09,640
not be easily supported by another language.

52
00:03:09,680 --> 00:03:15,070
So you're to get around that you and I are simply going to not encrypt the cookie contents.

53
00:03:15,110 --> 00:03:18,060
Now that might sound like a huge security issue.

54
00:03:18,080 --> 00:03:23,150
This essentially means that whatever information we store inside the cookie is going to be easily read

55
00:03:23,180 --> 00:03:23,990
by users.

56
00:03:23,990 --> 00:03:29,270
And in theory malicious users but that is really not a big deal for us.

57
00:03:29,330 --> 00:03:33,220
Remember Jason Webb tokens are naturally tamper resistant.

58
00:03:33,320 --> 00:03:38,720
If a malicious user starts to try to modify the information inside of a js on a Web token we are going

59
00:03:38,720 --> 00:03:44,300
to know right away we're going to see that the Jason Webb token is invalid because a user tried to tamper

60
00:03:44,300 --> 00:03:48,610
with the data inside their and that's really what we care about we want to make sure that users are

61
00:03:48,610 --> 00:03:52,900
not able to modify the information stored inside this cookie.

62
00:03:52,900 --> 00:03:58,320
And Jason what tokens are going to naturally prevent that from occurring now if this entire idea of

63
00:03:58,320 --> 00:04:03,240
having information that is unencrypted is really scary to you in any way I'm telling you right now that

64
00:04:03,240 --> 00:04:09,420
this is generally not a big cause for concern unless you are trying to store protected information inside

65
00:04:09,420 --> 00:04:13,530
of adjacent web token which you should not be doing anyways or inside of a cookie which you should not

66
00:04:13,530 --> 00:04:16,040
be doing anyways if that's still a big deal to you.

67
00:04:16,080 --> 00:04:20,740
You can always just go ahead and encrypt the cookie contents feel free to do so.

68
00:04:21,090 --> 00:04:26,670
Not a big deal but you just keep in mind you kind of run the risk of going and trying to create on their

69
00:04:26,670 --> 00:04:30,930
service in a different language and running into issues and trying to decrypt the information inside

70
00:04:30,930 --> 00:04:31,260
there.

71
00:04:31,260 --> 00:04:33,790
So again just a little bit of a disclaimer.

72
00:04:33,900 --> 00:04:34,140
OK.

73
00:04:34,170 --> 00:04:38,900
So cookie session is what we're going to use because I've been doing so much lecturing inside this video.

74
00:04:38,910 --> 00:04:43,110
I don't want to install this right away because sometimes people like to skip around inside of a video

75
00:04:43,530 --> 00:04:46,960
and I don't want you to skip the or skip over the installation guide.

76
00:04:46,980 --> 00:04:48,290
So another quick pause right here.

77
00:04:48,300 --> 00:04:51,030
Come back next video we're going to tie this thing up to our art service.