-
Notifications
You must be signed in to change notification settings - Fork 0
Lesson 08 JWT Basics
Students are presented with a choice of two assignments:
- Create a new Express app with JWT auth from scratch (from written instructions)
- Following along with the video exactly
If students do the “preferred” assignment (#1), they will put it in 05-JWT-Basics/preferred. Otherwise, their work will be in 05-JWT-Basics/starter.
Note to reviewers:
If students do the preferred assignment, compare their work to the written instructions; expect to spend more focus on the code review.
If students do the starter assignment, you can copy and paste their work into the final directory, and then view the resultant diff to get a narrower focus on what, if anything, they changed compared to what the instructor demonstrated.
This lesson explains the basics of JSON Web Tokens as an authentication method. There is no use of the database in this lesson. Instead when the user signs in, whatever password is entered is accepted. A front end is provided for student testing, but students should also learn how to use Postman to log in, by setting the authentication header. In this lesson, the student just has to copy/paste the token into the authentication header of subsequent Postman requests. However, in future lessons, the students will learn how to use the tests function of Postman to parse the token out of the logon response and to add it to the environment. The lesson code is in the 05-JWT-Basics directory.
I did include an editorial about storing the JWT in browser local storage, which is a bad security practice.