1
00:00:01,230 --> 00:00:05,700
In this video we're going to generate a on a Web token and send it back to a user after they sign up

2
00:00:05,700 --> 00:00:07,140
for our application.

3
00:00:07,200 --> 00:00:12,180
So to get started at the very top of our author out Scott J.S. file I'm going to add in an additional

4
00:00:12,180 --> 00:00:13,060
require statement.

5
00:00:13,080 --> 00:00:19,020
I'm going to require JWT from the Jason Webb token library.

6
00:00:19,020 --> 00:00:24,100
Remember we installed this library at the very start of our application then back down inside of our

7
00:00:24,100 --> 00:00:25,540
request handler.

8
00:00:25,540 --> 00:00:30,430
Instead of sending back a response of you made a post request right there we're going to instead create

9
00:00:30,490 --> 00:00:33,190
our Jason Webb token and send that back instead.

10
00:00:33,340 --> 00:00:34,370
It's on the line right above.

11
00:00:34,400 --> 00:00:41,510
I'm going to say const token is JWT dot sign so this is how we create a token.

12
00:00:41,590 --> 00:00:45,700
The first argument to this function is going to be the information that we want to put inside of the

13
00:00:45,700 --> 00:00:46,520
token.

14
00:00:46,570 --> 00:00:54,610
So in our case we're going to encode the user's I.D. so that will be user I.D. is user dot underscore

15
00:00:54,630 --> 00:00:54,950
idea.

16
00:00:54,960 --> 00:01:00,610
Like so then as a second argument we're going to put in our key that we're going to use to sign the

17
00:01:00,610 --> 00:01:01,270
token.

18
00:01:01,360 --> 00:01:05,950
Remember this key is some very special secret piece of information that we don't want to share with

19
00:01:05,950 --> 00:01:07,210
the outside world.

20
00:01:07,420 --> 00:01:13,930
If we share this information than anyone can create a token with any given arbitrary user I.D. so the

21
00:01:13,930 --> 00:01:19,790
user or some malicious user could very easily impersonate some other person inside of application.

22
00:01:19,940 --> 00:01:28,300
But right now we'll just put in a rostering right here and say like my secret key like so now of course

23
00:01:28,300 --> 00:01:32,020
we would probably want you security store this piece of information and we'll figure out how to handle

24
00:01:32,020 --> 00:01:33,500
that a little bit later on.

25
00:01:33,610 --> 00:01:38,350
Right now we'll just use that my secret key so that's going to generate our token.

26
00:01:38,440 --> 00:01:41,290
And now we can send this token back to our user.

27
00:01:41,290 --> 00:01:47,170
So rather than sending back some plain text right here I'm gonna instead send back an object that has

28
00:01:47,200 --> 00:01:50,940
a token property and inside there it will place our token.

29
00:01:50,940 --> 00:01:53,410
Now as usual we've got an identical key and value.

30
00:01:53,410 --> 00:01:57,260
So I'll condense that down to just token like so.

31
00:01:57,270 --> 00:01:57,570
All right.

32
00:01:57,580 --> 00:01:59,550
Let's save this and test it out.

33
00:01:59,700 --> 00:02:04,590
So I going to flip back over to post man and then gonna change the email that I'm trying to sign up

34
00:02:04,590 --> 00:02:05,120
with.

35
00:02:05,130 --> 00:02:09,600
Remember if we tried to create a new account right now with that same email we would get a error because

36
00:02:09,600 --> 00:02:11,370
we have to have a unique email.

37
00:02:11,450 --> 00:02:17,880
So I'll change that e-mail to test one at test dot com and then send that out and immediately I get

38
00:02:17,880 --> 00:02:19,410
a response of my token.

39
00:02:19,860 --> 00:02:23,890
So that is our information right there that has encoded inside of it.

40
00:02:23,970 --> 00:02:30,000
This user's I.D. So if we now include that string right there with any future request we can use that

41
00:02:30,000 --> 00:02:35,690
token to validate the person making the request and make sure that they are who they say they are.

42
00:02:35,910 --> 00:02:36,200
All right.

43
00:02:36,230 --> 00:02:37,700
Now we've got that token right there.

44
00:02:37,700 --> 00:02:38,720
Let's take a quick pause.

45
00:02:38,720 --> 00:02:39,980
We start to come back the next video.

46
00:02:39,980 --> 00:02:44,320
We're going to figure out how we can use that token to actually validate a user inside of some follow

47
00:02:44,320 --> 00:02:47,530
up request so quick pause and I'll see you in just a minute.