Please take the time to read this article before proceeding.
- Fork and Clone
Write your answers in the space provided in this readme.
We never store passwords in our database. Instead, we use a hashing function to create a password hash or digest. We store the password digest in our database.
Here is a flow for using JWT for Authentication
- The user signs up:
- The client creates a POST request to the
/signupendpoint on the server with username, email, and password in the request body
- The server creates a JSON Web Token (JWT) based on a header, payload, and secret
- The server responds with the JWT
- The client saves the JWT in localStorage to persist subsequent server requests
Answer the following questions:
- Why do we need authentication in our Web Apps?
So we can make sure that sensitive data is not accessible to people it should not be.
- What is the point of a JSON Web Token? Why would we want to use it?
The point of the JSON Web Token is securely transfer information between two parties. We want to use it because it is compact and can be used on the client-side.
- Why would we hash a user's password when they sign up? What's the point?
So that the password isnt visible to everybody.
- Go here. Create a JWT with the following as the payload (feel free to change the username/email):
{
"id": "1",
"username": "bruno",
"email": "bruno@ga.co"
}Paste your encoded JWT below:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjEiLCJ1c2VybmFtZSI6ImZyYW5rIiwiZW1haWwiOiJmcmFua0BmcmFuay5mcmFuayJ9.YSu2kVZK0DtSq2FwjPmOa81XuOb2HFuDM-f-ubPVI-U
Bonus: Read https://blog.angular-university.io/angular-jwt
Submit a pull request utilizing the PR Template