Authentication Study
Please take the time to read this article before proceeding.
Instructions
- Fork and Clone
Write your answers in the space provided in this readme.
A Note on Passwords
We never store passwords in our database. Instead, we use a hashing function to create a password hash or digest. We store the password digest in our database.
JSON Web Token (JWT) Authentication
Here is a flow for using JWT for Authentication
- The user signs up:
- The client creates a POST request to the
/signup
endpoint on the server with username, email, and password in the request body
- The server creates a JSON Web Token (JWT) based on a header, payload, and secret
- The server responds with the JWT
- The client saves the JWT in localStorage to persist subsequent server requests
Answer the following questions:
- Why do we need authentication in our Web Apps?
<--- ANSWER GOES HERE --->
- What is the point of a JSON Web Token? Why would we want to use it?
<--- ANSWER GOES HERE --->
- Why would we hash a user's password when they sign up? What's the point?
<--- ANSWER GOES HERE --->
- Go here. Create a JWT with the following as the payload (feel free to change the username/email):
{
"id": "1",
"username": "bruno",
"email": "[email protected]"
}
Paste your encoded JWT below:
<--- ANSWER GOES HERE --->
Bonus: Read https://blog.angular-university.io/angular-jwt
Submission
Submit a pull request utilizing the PR Template