Please take the time to read this article before proceeding.
- Fork and Clone
Write your answers in the space provided in this readme.
We never store passwords in our database. Instead, we use a hashing function to create a password hash or digest. We store the password digest in our database.
Here is a flow for using JWT for Authentication
- The user signs up:
- The client creates a POST request to the
/signup
endpoint on the server with username, email, and password in the request body
- The server creates a JSON Web Token (JWT) based on a header, payload, and secret
- The server responds with the JWT
- The client saves the JWT in localStorage to persist subsequent server requests
Answer the following questions:
- Why do we need authentication in our Web Apps?
to make sure the correct entities get the information
- What is the point of a JSON Web Token? Why would we want to use it?
It is an open standard that defines a compact and self contained way to securely transmit data between two parties as a JSON object. we use it to make sure the correct parties and only the correct parties get access to the information
- Why would we hash a user's password when they sign up? What's the point?
It is another layer of security. instead of storing the password as an unaltered string in the database, where anyone can see the raw password, you hash it so it looks nothing like the original password.
- Go here. Create a JWT with the following as the payload (feel free to change the username/email):
{
"id": "1",
"username": "bruno",
"email": "[email protected]"
}
Paste your encoded JWT below:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjEiLCJ1c2VybmFtZSI6ImJydW5vIiwiZW1haWwiOiJicnVub0BnYS5jbyJ9.SNHM7vL6ehTkvM4Rg-IH-SanpKkCN3KtQ68qESpkcZU
Bonus: Read https://blog.angular-university.io/angular-jwt
Submit a pull request utilizing the PR Template