Please take the time to read this article before proceeding.
- Fork and Clone
Write your answers in the space provided in this readme.
We never store passwords in our database. Instead, we use a hashing function to create a password hash or digest. We store the password digest in our database.
Here is a flow for using JWT for Authentication
- The user signs up:
- The client creates a POST request to the
/signup
endpoint on the server with username, email, and password in the request body
- The server creates a JSON Web Token (JWT) based on a header, payload, and secret
- The server responds with the JWT
- The client saves the JWT in localStorage to persist subsequent server requests
Answer the following questions:
- Why do we need authentication in our Web Apps?
To ensure that each user has their own private experience.
- What is the point of a JSON Web Token? Why would we want to use it?
The point of a JWT is to securely transmit information between parties. We would want to use it because its digital signature means that it can be "verified and trusted".
- Why would we hash a user's password when they sign up? What's the point?
It encrypts the user's information (in this case password) to make it more secure.
- Go here. Create a JWT with the following as the payload (feel free to change the username/email):
{
"id": "1",
"username": "bruno",
"email": "[email protected]"
}
Paste your encoded JWT below:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjEiLCJ1c2VybmFtZSI6ImJydW5vIiwiZW1haWwiOiJicnVub0BnYS5jbyJ9.SNHM7vL6ehTkvM4Rg-IH-SanpKkCN3KtQ68qESpkcZU
Bonus: Read https://blog.angular-university.io/angular-jwt
Submit a pull request utilizing the PR Template