1
00:00:00,610 --> 00:00:04,710
In the last section we finished up our serialise and serialise user functions.

2
00:00:04,830 --> 00:00:10,620
We are now ready to tell passport that it needs to make use of cookies to manage authentication inside

3
00:00:10,620 --> 00:00:11,910
of our application.

4
00:00:11,910 --> 00:00:15,470
In this section we're going to go through the set up of all that stuff pretty quickly.

5
00:00:15,510 --> 00:00:18,780
We will then test out our authentication flow in the following video.

6
00:00:18,780 --> 00:00:24,420
And then after that we're going to come back and do a completely optional discussion about exactly how

7
00:00:24,420 --> 00:00:26,860
passport is managing our cookies.

8
00:00:26,890 --> 00:00:30,990
So again that is completely optional and we'll cover that in like a video or two.

9
00:00:30,990 --> 00:00:32,580
So anyways let's get to it.

10
00:00:32,580 --> 00:00:38,780
We're going to instruct passport that it needs to make use of cookies to handle authentication for us.

11
00:00:38,940 --> 00:00:45,120
Now out of the box Express has no idea of how to handle cookies at all out of the box.

12
00:00:45,120 --> 00:00:46,140
It doesn't do it.

13
00:00:46,320 --> 00:00:53,310
So we're going to install a helper library called cookies session to manage cookies in our application.

14
00:00:53,310 --> 00:00:55,570
I'm going to change over to my terminal.

15
00:00:55,740 --> 00:01:02,820
I'm going to close my running server and we will install this library with and install dash dash save

16
00:01:03,510 --> 00:01:06,330
cookie dash session like so

17
00:01:09,600 --> 00:01:13,340
now while that does its thing I'm going to change back over to my code editor.

18
00:01:13,500 --> 00:01:19,530
I'm going to find my index file and remember the index start js file is where we really do all of our

19
00:01:19,530 --> 00:01:21,460
initial application setup.

20
00:01:21,540 --> 00:01:27,600
And so this would be a great location for us to tell express that it needs to make use of cookies inside

21
00:01:27,600 --> 00:01:29,160
of our application.

22
00:01:29,160 --> 00:01:32,800
So I'm going to require two libraries at the top of the file.

23
00:01:32,940 --> 00:01:38,730
I'm going to require the cookie session module that we just installed.

24
00:01:39,840 --> 00:01:46,820
Whoops cookie session and then I'm also going to require in the passport library as well.

25
00:01:48,690 --> 00:01:54,310
So remember what we've been saying we've been saying that we have to tell passport to keep track of

26
00:01:54,310 --> 00:02:01,810
our user session or our user or user authentication state for lack of a better term by using cookies.

27
00:02:01,840 --> 00:02:07,000
So we're going to tell passport that needs to do that inside this file but to enable cookies in the

28
00:02:07,000 --> 00:02:12,040
first place and get expressed to care about them at all we have to make use of the cookie session.

29
00:02:12,040 --> 00:02:17,100
So that's why we are requiring in both libraries here one is to give us access to cookies.

30
00:02:17,110 --> 00:02:20,430
The other is to tell passport to make use of them.

31
00:02:21,060 --> 00:02:21,400
OK.

32
00:02:21,430 --> 00:02:27,610
So underneath our apt declaration on line 11 or so we're going to add in one statement that's going

33
00:02:27,610 --> 00:02:31,680
to tell express that it needs to make use of cookies inside of our application.

34
00:02:31,690 --> 00:02:34,630
Now we're going to add in some code for this.

35
00:02:34,780 --> 00:02:40,240
We're going to talk very briefly about it but we're going to really get into exactly what it's doing

36
00:02:40,450 --> 00:02:43,550
in that further optional video that we'll talk about in a little bit.

37
00:02:43,570 --> 00:02:43,900
OK.

38
00:02:43,910 --> 00:02:48,700
So if you don't care about what we're about to do I don't want to make you listen to all about all of

39
00:02:48,700 --> 00:02:49,250
it.

40
00:02:49,420 --> 00:02:51,490
So we'll talk about exactly what it does.

41
00:02:51,490 --> 00:02:52,890
And just a little bit.

42
00:02:53,140 --> 00:02:55,990
So right here we're going to say apt News.

43
00:02:56,710 --> 00:03:01,680
This is a function we're going to pass to it cookie session.

44
00:03:02,470 --> 00:03:09,010
We're going to call cookie session and then to that we're going to provide a configuration object configuration

45
00:03:09,010 --> 00:03:12,880
object expects two different properties to be contained within it.

46
00:03:12,910 --> 00:03:20,320
The first is a max age property max age is how long this cookie can exist inside the browser before

47
00:03:20,320 --> 00:03:23,380
it is automatically expired for us.

48
00:03:23,380 --> 00:03:25,650
We're going to use 30 days.

49
00:03:25,750 --> 00:03:31,810
Now the only issue is that that 30 days has to be passed in as Micra early milliseconds.

50
00:03:31,990 --> 00:03:43,720
So we will say 30 days 24 hours a day 60 Minutes in an hour 60 seconds in an hour and then 1000 milliseconds

51
00:03:43,780 --> 00:03:44,940
to one second.

52
00:03:45,250 --> 00:03:50,890
So this statement right here says I want this cookie to last for 30 days before it will automatically

53
00:03:50,890 --> 00:03:56,980
expire and then the second required argument or assuming required property to this object is going to

54
00:03:56,980 --> 00:04:00,410
be a key that will be used to encrypt our cookie.

55
00:04:00,700 --> 00:04:07,510
So by default whenever we send out this cookie or this token in the cookie it will always be 100 percent

56
00:04:07,570 --> 00:04:13,450
automatically encrypted so that people cannot manually change the user ID that we're stuffing in there

57
00:04:13,720 --> 00:04:18,070
and somehow takeover or fake being someone else inside of our application.

58
00:04:18,490 --> 00:04:25,810
So we're going to pass in a key property and this key is going to use to sign or encrypt our cookie.

59
00:04:25,810 --> 00:04:31,420
Now of course any time we see the keys right here we want to always be thinking about hey I probably

60
00:04:31,420 --> 00:04:32,940
don't want to commit this thing.

61
00:04:33,190 --> 00:04:41,510
So we're going to create our keys or cookie key Scuse me inside of our config Yes file.

62
00:04:42,290 --> 00:04:49,270
So let's flip on over to config keystroke genius and then inside of here we're going to add another

63
00:04:49,270 --> 00:04:49,840
property.

64
00:04:49,870 --> 00:04:57,000
So make sure you get a comma at the end of the line right above it and we'll call this cookie key.

65
00:04:57,130 --> 00:05:01,990
Like so now your cookie key can be absolutely any random string of characters.

66
00:05:02,020 --> 00:05:04,210
It's something that you can freely make up on the fly.

67
00:05:04,380 --> 00:05:10,760
So I'm going to say basically that right there I don't think anyone's going to guess that anytime soon.

68
00:05:10,780 --> 00:05:12,980
Now back inside of index us.

69
00:05:13,330 --> 00:05:17,550
I'm going to pass that key that we just set up into this array.

70
00:05:17,920 --> 00:05:25,720
So I'll say these dot cookie key now do triple check make sure you say t's right here and make sure

71
00:05:25,720 --> 00:05:31,660
that you've got an array around our key this cookie session thing right here allows us to specify multiple

72
00:05:31,660 --> 00:05:32,170
keys.

73
00:05:32,200 --> 00:05:36,820
And if we do it will randomly pick one to use to encrypt any given cookie.

74
00:05:36,820 --> 00:05:42,890
And so it's just here to ride or just allows us to ride multiple keys as an additional level of security.

75
00:05:43,510 --> 00:05:43,780
OK.

76
00:05:43,780 --> 00:05:45,690
So that's pretty much it for our cookie session.

77
00:05:45,700 --> 00:05:48,400
So we spoke a little bit about the cookies session.

78
00:05:48,400 --> 00:05:51,750
We haven't really spoken about a lot about what it does behind the scenes.

79
00:05:51,760 --> 00:05:55,880
We also haven't spoken a lot about what this app used call is right here.

80
00:05:55,930 --> 00:06:01,060
So both these topics will be covered in an optional video that we're going to be covering in just a

81
00:06:01,060 --> 00:06:01,680
moment.

82
00:06:01,810 --> 00:06:06,550
Again I don't want to make you have to listen to all this stuff because it's going to be a pretty long

83
00:06:06,550 --> 00:06:07,250
lecture.

84
00:06:07,570 --> 00:06:11,070
And at this point you might be already very bored with all this authentication stuff anyway.

85
00:06:11,080 --> 00:06:15,870
So I want to make sure that you have the option to skip it if you want to.

86
00:06:15,970 --> 00:06:21,430
Now the last thing we have to do inside this file is tell passport that it should make use of cookies

87
00:06:21,580 --> 00:06:23,700
to handle authentication.

88
00:06:23,890 --> 00:06:29,240
To do that we're going to add two additional calls right beneath the one that we just put together.

89
00:06:29,240 --> 00:06:37,630
And the first one we will say apt use passport dot initialize and then make sure you get some parentheses

90
00:06:37,660 --> 00:06:47,260
after initialize and then in the second call we'll say don't use passport dot session and then put down

91
00:06:47,260 --> 00:06:49,160
a set of the seas as well.

92
00:06:49,650 --> 00:06:50,010
OK.

93
00:06:50,050 --> 00:06:51,340
So that's pretty much it.

94
00:06:51,760 --> 00:06:52,810
And when I say pretty much it.

95
00:06:52,840 --> 00:06:57,580
I'm talking about pretty much it for authentication in our app in general.

96
00:06:57,670 --> 00:07:03,640
So we now have a complete authentication flow but we don't really have any means to really test it yet

97
00:07:03,910 --> 00:07:07,670
or really be assured that a user is being correctly signed in.

98
00:07:07,700 --> 00:07:12,640
In fact we don't even really know what a user being signed in really gets us anyways.

99
00:07:12,700 --> 00:07:18,190
So one last thing I want to do is I want to flip over to the terminal and I want to start my server

100
00:07:18,190 --> 00:07:18,960
up.

101
00:07:19,300 --> 00:07:21,060
Now I'm just doing this right now.

102
00:07:21,070 --> 00:07:23,250
We'll test our flow out in the next section.

103
00:07:23,320 --> 00:07:28,110
But I just want to start my server right now to ensure that I don't have any errors popping up.

104
00:07:28,300 --> 00:07:32,140
If you see the deprecation of Waring's remember those are totally OK to have.

105
00:07:32,140 --> 00:07:34,680
But if you see any warning any errors right.

106
00:07:34,720 --> 00:07:39,760
Excuse me then that means you probably have a typo somewhere and you'll want to do a little bit of trouble

107
00:07:39,760 --> 00:07:40,180
shooting.

108
00:07:40,190 --> 00:07:44,890
And if you can't figure it out remember hop over to course discussion and I'll help you figure out what's

109
00:07:44,890 --> 00:07:45,890
going on.

110
00:07:46,450 --> 00:07:46,800
OK.

111
00:07:46,870 --> 00:07:51,850
So we finished up wiring up the flow but we still have to test it and really figure out what it means

112
00:07:51,850 --> 00:07:54,490
to be authenticated inside of our application.

113
00:07:54,490 --> 00:07:57,100
So let's talk about both those topics in the next section.