title
Node.js API Authentication With JWT

description
In this overview we will take a look at Node.js and JSON web tokens. I will show you how to create a route to generate a token and use that token to make a request to a protected route. SPONSOR: Check out Coding Dojo - http://www.codingdojo.com/l/yt/tr CODE: Github Repo With Example https://github.com/bradtraversy/node_jwt_example 💖 BECOME A PATRON: Show support & get perks! http://www.patreon.com/traversymedia ONE TIME DONATIONS: http://www.paypal.me/traversymedia VISIT MY WEBISTE: Check Out My Udemy Courses http://www.traversymedia.com FOLLOW TRAVERSY MEDIA: http://www.facebook.com/traversymedia http://www.twitter.com/traversymedia http://www.instagram.com/traversymedia https://discord.gg/traversymedia

detail
{'title': 'Node.js API Authentication With JWT', 'heatmap': [{'end': 595.438, 'start': 525.652, 'weight': 0.865}, {'end': 759.793, 'start': 745.56, 'weight': 0.801}, {'end': 904.013, 'start': 883.93, 'weight': 0.774}, {'end': 1122.461, 'start': 1063.173, 'weight': 0.746}], 'summary': 'Tutorial covers node.js api authentication with jwt, demonstrating protection of routes, token acquisition using express and nodemon, token authentication, route protection, token verification, and setting up token-based authentication in postman, including token expiration and accessing protected routes.', 'chapters': [{'end': 495.869, 'segs': [{'end': 34.378, 'src': 'embed', 'start': 7.25, 'weight': 0, 'content': [{'end': 11.955, 'text': 'Coding Dojo is a programming school that turns beginners into developers in only 14 weeks.', 'start': 7.25, 'duration': 4.705}, {'end': 18.242, 'text': 'Over 90% of their grads land jobs within 3 months of graduating, often making over $70k per year.', 'start': 12.375, 'duration': 5.867}, {'end': 22.346, 'text': 'To learn more, visit CodingDojo.com or click the link in the description below.', 'start': 18.562, 'duration': 3.784}, {'end': 30.916, 'text': 'hey guys, i had a request from one of my patrons to do a video on node authentication with json web tokens or jwt,', 'start': 23.53, 'duration': 7.386}, {'end': 34.378, 'text': 'and these tokens are used to protect routes in an api.', 'start': 30.916, 'duration': 3.462}], 'summary': 'Coding dojo turns beginners into developers in 14 weeks with over 90% grads landing jobs, often making over $70k/year.', 'duration': 27.128, 'max_score': 7.25, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/7nafaH9SddU/pics/7nafaH9SddU7250.jpg'}, {'end': 128.878, 'src': 'embed', 'start': 97.906, 'weight': 3, 'content': [{'end': 101.567, 'text': "I believe it's deprecated as a Chrome extension now.", 'start': 97.906, 'duration': 3.661}, {'end': 104.328, 'text': "So that's what we'll be using to make our requests.", 'start': 102.207, 'duration': 2.121}, {'end': 109.509, 'text': "We're using VS Code for a text editor and I'm using my VS Code terminal here.", 'start': 104.668, 'duration': 4.841}, {'end': 113.391, 'text': 'So I have an empty folder called node-auth-api.', 'start': 110.229, 'duration': 3.162}, {'end': 115.892, 'text': 'So if you want to follow along, just create a folder.', 'start': 113.731, 'duration': 2.161}, {'end': 120.294, 'text': "And then we're going to do an npm init to create a package.json.", 'start': 116.372, 'duration': 3.922}, {'end': 123.156, 'text': 'Just go through this description.', 'start': 120.935, 'duration': 2.221}, {'end': 128.878, 'text': "I'll just say JWT example.", 'start': 123.216, 'duration': 5.662}], 'summary': 'Using chrome extension, vs code, npm init for jwt example', 'duration': 30.972, 'max_score': 97.906, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/7nafaH9SddU/pics/7nafaH9SddU97906.jpg'}, {'end': 338.439, 'src': 'embed', 'start': 296.262, 'weight': 2, 'content': [{'end': 299.043, 'text': "so let's say HTTP.", 'start': 296.262, 'duration': 2.781}, {'end': 299.864, 'text': 'do I have it here?', 'start': 299.043, 'duration': 0.821}, {'end': 305.305, 'text': 'HTTP local host 5000 slash API.', 'start': 301.264, 'duration': 4.041}, {'end': 310.086, 'text': "Make sure it's a get request and send and we get welcome to the API.", 'start': 305.725, 'duration': 4.361}, {'end': 311.466, 'text': 'So so far so good.', 'start': 310.166, 'duration': 1.3}, {'end': 316.047, 'text': 'Now I want to create a route that I want to protect.', 'start': 312.606, 'duration': 3.441}, {'end': 325.369, 'text': "So let's do an app dot post to slash API slash posts.", 'start': 317.047, 'duration': 8.322}, {'end': 333.176, 'text': "And let's say request res.", 'start': 331.114, 'duration': 2.062}, {'end': 337.098, 'text': "And obviously we're not really going to create a post or anything.", 'start': 333.876, 'duration': 3.222}, {'end': 338.439, 'text': "We're not using a database.", 'start': 337.138, 'duration': 1.301}], 'summary': 'Creating a route to protect using app.post to /api/posts with request and response.', 'duration': 42.177, 'max_score': 296.262, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/7nafaH9SddU/pics/7nafaH9SddU296262.jpg'}, {'end': 469.888, 'src': 'embed', 'start': 434.78, 'weight': 1, 'content': [{'end': 440.402, 'text': "I forgot to create a user, so we're just going to create a mock user now.", 'start': 434.78, 'duration': 5.622}, {'end': 446.263, 'text': "usually you would make a request to this login and you'd be sending your username and password.", 'start': 440.402, 'duration': 5.861}, {'end': 452.985, 'text': "you'd go through all your your authentication stuff here with your database and then you get your user back.", 'start': 446.263, 'duration': 6.722}, {'end': 455.326, 'text': "so we're going to skip right to getting the user back.", 'start': 452.985, 'duration': 2.341}, {'end': 469.888, 'text': "So I'll say ID one, user name, Brad, and let's do email Brad at Gmail.", 'start': 456.974, 'duration': 12.914}], 'summary': 'Creating a mock user with id one, username brad, and email brad at gmail.', 'duration': 35.108, 'max_score': 434.78, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/7nafaH9SddU/pics/7nafaH9SddU434780.jpg'}], 'start': 7.25, 'title': 'Node authentication with jwt', 'summary': 'Discusses implementing node authentication with jwt, demonstrating protection of routes and token acquisition using express and nodemon.', 'chapters': [{'end': 495.869, 'start': 7.25, 'title': 'Node authentication with jwt', 'summary': 'Discusses how to implement node authentication with json web tokens (jwt), demonstrating how to protect routes and obtain tokens for accessing protected routes, using express and nodemon, with the goal of showing how to protect routes and obtain tokens for accessing protected routes.', 'duration': 488.619, 'highlights': ['Coding Dojo turns beginners into developers in 14 weeks with over 90% of graduates landing jobs within 3 months, often making over $70k per year Coding Dojo success rate and average salary', 'Token-based authentication allows protection of routes in an API and access to protected routes by obtaining and using tokens Explanation of token-based authentication and its application', 'Usage of Postman as a standalone program for making requests and VS Code for text editing Tools used for making requests and text editing', 'Installation of dependencies including Express, JSON web token, and nodemon for continuous application monitoring Installation of necessary dependencies for the application', 'Creation of a welcome route and a protected route in the API using Express Creation of routes using Express for the API', 'Demonstration of obtaining tokens and protecting routes by implementing JWT sign and creating a mock user Demonstration of obtaining tokens and protecting routes using JWT sign and a mock user']}], 'duration': 488.619, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/7nafaH9SddU/pics/7nafaH9SddU7250.jpg', 'highlights': ['Coding Dojo turns beginners into developers in 14 weeks with over 90% of graduates landing jobs within 3 months, often making over $70k per year', 'Token-based authentication allows protection of routes in an API and access to protected routes by obtaining and using tokens', 'Demonstration of obtaining tokens and protecting routes by implementing JWT sign and creating a mock user', 'Usage of Postman as a standalone program for making requests and VS Code for text editing', 'Creation of a welcome route and a protected route in the API using Express', 'Installation of dependencies including Express, JSON web token, and nodemon for continuous application monitoring']}, {'end': 774.725, 'segs': [{'end': 559.664, 'src': 'embed', 'start': 525.652, 'weight': 3, 'content': [{'end': 528.856, 'text': 'All right, we can even do this is six style and get rid of that.', 'start': 525.652, 'duration': 3.204}, {'end': 530.037, 'text': 'Same thing here.', 'start': 529.376, 'duration': 0.661}, {'end': 533.5, 'text': 'Since these are both the same, we can just do like that.', 'start': 530.117, 'duration': 3.383}, {'end': 535.723, 'text': 'All right.', 'start': 533.521, 'duration': 2.202}, {'end': 537.565, 'text': "And yeah, let's save.", 'start': 536.163, 'duration': 1.402}, {'end': 541.453, 'text': "So now we'll try and log in.", 'start': 539.372, 'duration': 2.081}, {'end': 548.037, 'text': "So we'll go to a post request to API slash login and send.", 'start': 543.154, 'duration': 4.883}, {'end': 549.018, 'text': 'And there it is.', 'start': 548.477, 'duration': 0.541}, {'end': 550.338, 'text': 'So we get our token back.', 'start': 549.078, 'duration': 1.26}, {'end': 559.664, 'text': "OK, so this token contains all the information we need to make a request to a protected route, which we don't have yet.", 'start': 551.119, 'duration': 8.545}], 'summary': 'Utilized api to successfully obtain token for protected route access.', 'duration': 34.012, 'max_score': 525.652, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/7nafaH9SddU/pics/7nafaH9SddU525652.jpg'}, {'end': 595.438, 'src': 'heatmap', 'start': 525.652, 'weight': 0.865, 'content': [{'end': 528.856, 'text': 'All right, we can even do this is six style and get rid of that.', 'start': 525.652, 'duration': 3.204}, {'end': 530.037, 'text': 'Same thing here.', 'start': 529.376, 'duration': 0.661}, {'end': 533.5, 'text': 'Since these are both the same, we can just do like that.', 'start': 530.117, 'duration': 3.383}, {'end': 535.723, 'text': 'All right.', 'start': 533.521, 'duration': 2.202}, {'end': 537.565, 'text': "And yeah, let's save.", 'start': 536.163, 'duration': 1.402}, {'end': 541.453, 'text': "So now we'll try and log in.", 'start': 539.372, 'duration': 2.081}, {'end': 548.037, 'text': "So we'll go to a post request to API slash login and send.", 'start': 543.154, 'duration': 4.883}, {'end': 549.018, 'text': 'And there it is.', 'start': 548.477, 'duration': 0.541}, {'end': 550.338, 'text': 'So we get our token back.', 'start': 549.078, 'duration': 1.26}, {'end': 559.664, 'text': "OK, so this token contains all the information we need to make a request to a protected route, which we don't have yet.", 'start': 551.119, 'duration': 8.545}, {'end': 568.543, 'text': "All right, so let's go ahead and go to our route we want to protect, which is this right here, this posts.", 'start': 561.36, 'duration': 7.183}, {'end': 577.227, 'text': "And we're just going to add in right here a middleware function called verify token like that.", 'start': 569.244, 'duration': 7.983}, {'end': 579.808, 'text': 'OK, and then we need to create that function.', 'start': 577.247, 'duration': 2.561}, {'end': 580.949, 'text': "So we'll go down here.", 'start': 579.869, 'duration': 1.08}, {'end': 587.172, 'text': "And let's just say verify token and function.", 'start': 580.969, 'duration': 6.203}, {'end': 595.438, 'text': 'verify token all right.', 'start': 591.335, 'duration': 4.103}], 'summary': 'Developed login functionality and implemented token verification for protecting routes.', 'duration': 69.786, 'max_score': 525.652, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/7nafaH9SddU/pics/7nafaH9SddU525652.jpg'}, {'end': 704.57, 'src': 'embed', 'start': 648.235, 'weight': 0, 'content': [{'end': 651.917, 'text': "I'm sorry, that did the actual token.", 'start': 648.235, 'duration': 3.682}, {'end': 659.529, 'text': "now, the way that this token is going to be formatted, Let's say format of token.", 'start': 651.917, 'duration': 7.612}, {'end': 660.649, 'text': "so it's a.", 'start': 659.529, 'duration': 1.12}, {'end': 662.85, 'text': "it's what's called a bearer token.", 'start': 660.649, 'duration': 2.201}, {'end': 666.891, 'text': "so it's gonna look like this authorization.", 'start': 662.85, 'duration': 4.041}, {'end': 674.372, 'text': "It's gonna have the word bearer Like that and then it's gonna be the token.", 'start': 666.891, 'duration': 7.481}, {'end': 678.515, 'text': "so we'll say access token, all right.", 'start': 674.372, 'duration': 4.143}, {'end': 682.198, 'text': "so it's gonna look like that and then we need to pull the token out of it.", 'start': 678.515, 'duration': 3.683}, {'end': 685.341, 'text': 'so we need to do a couple things down here.', 'start': 682.198, 'duration': 3.143}, {'end': 689.425, 'text': "so first thing we're gonna do is check to see if it's not undefined.", 'start': 685.341, 'duration': 4.084}, {'end': 693.429, 'text': 'so say check if bear.', 'start': 689.425, 'duration': 4.004}, {'end': 695.511, 'text': "I can never spell this while I'm talking.", 'start': 693.429, 'duration': 2.082}, {'end': 704.57, 'text': "bearer is undefined, so we'll say if and we're going to use typeof.", 'start': 695.511, 'duration': 9.059}], 'summary': "Bearer token format: 'authorization: bearer '.", 'duration': 56.335, 'max_score': 648.235, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/7nafaH9SddU/pics/7nafaH9SddU648235.jpg'}, {'end': 774.725, 'src': 'heatmap', 'start': 745.56, 'weight': 0.801, 'content': [{'end': 747.002, 'text': "Now let's just try that out.", 'start': 745.56, 'duration': 1.442}, {'end': 755.689, 'text': "So we'll save that and we're going to go and try to make a request to API posts, which has the verified token middleware.", 'start': 747.122, 'duration': 8.567}, {'end': 759.793, 'text': "And if we don't send the token, we should get the 403 status.", 'start': 756.35, 'duration': 3.443}, {'end': 762.996, 'text': "So I'm going to open a new tab and go to HTTP.", 'start': 759.813, 'duration': 3.183}, {'end': 772.344, 'text': "Let's go to localhost 5000 API posts, make sure it's a post request and send and it gives us back forbidden.", 'start': 763.736, 'duration': 8.608}, {'end': 774.725, 'text': "okay. so that's exactly what we want.", 'start': 772.964, 'duration': 1.761}], 'summary': 'Testing api posts with verified token middleware, receiving 403 status for unauthorized request.', 'duration': 29.165, 'max_score': 745.56, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/7nafaH9SddU/pics/7nafaH9SddU745560.jpg'}], 'start': 498.752, 'title': 'Token authentication and route protection', 'summary': 'Explains the process of token authentication, sending a response containing the token, and adding a middleware function to protect a route, allowing access only with a valid token. it also discusses sending a bearer token in the header for authorization, including checking if the token is undefined and sending a 403 status if it is, with an example resulting in a forbidden status.', 'chapters': [{'end': 614.429, 'start': 498.752, 'title': 'Token authentication and route protection', 'summary': 'Explains the process of token authentication, sending a response containing the token, and adding a middleware function to protect a route, allowing access only with a valid token.', 'duration': 115.677, 'highlights': ['The token received after logging in contains all the information needed to make a request to a protected route.', 'The process involves creating a middleware function called verify token, which takes in a request, response, and next, allowing access only with a valid token.', 'Sending a response containing the token using res.JSON allows the user to receive the token after logging in.']}, {'end': 774.725, 'start': 615.109, 'title': 'Bearer token authorization', 'summary': 'Discusses how to send a bearer token in the header for authorization, including checking if the token is undefined and sending a 403 status if it is, with an example resulting in a forbidden status.', 'duration': 159.616, 'highlights': ['Sending bearer token in the header for authorization by setting it as the authorization value.', 'Checking if the bearer token is undefined using typeof and sending a 403 status if it is.', 'Example of making a request to API posts without sending the token resulting in a forbidden status.']}], 'duration': 275.973, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/7nafaH9SddU/pics/7nafaH9SddU498752.jpg', 'highlights': ['The token received after logging in contains all the information needed to make a request to a protected route.', 'The process involves creating a middleware function called verify token, which takes in a request, response, and next, allowing access only with a valid token.', 'Sending a response containing the token using res.JSON allows the user to receive the token after logging in.', 'Sending bearer token in the header for authorization by setting it as the authorization value.', 'Checking if the bearer token is undefined using typeof and sending a 403 status if it is.', 'Example of making a request to API posts without sending the token resulting in a forbidden status.']}, {'end': 1159.738, 'segs': [{'end': 827.012, 'src': 'embed', 'start': 801.243, 'weight': 0, 'content': [{'end': 812.461, 'text': "so i'm going to say const, bearer, equals, and then we want the bearer header and we're going to do dot split.", 'start': 801.243, 'duration': 11.218}, {'end': 820.127, 'text': "what dot split does is it turns a string into an array and you can put here what you want to split it by, and it's going to be a space.", 'start': 812.461, 'duration': 7.666}, {'end': 827.012, 'text': "so it's going to look at this bearer space token and it's going to separate the two by a space and turn it into an array.", 'start': 820.127, 'duration': 6.885}], 'summary': 'Using dot split to turn a string into an array and separate by space.', 'duration': 25.769, 'max_score': 801.243, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/7nafaH9SddU/pics/7nafaH9SddU801243.jpg'}, {'end': 904.013, 'src': 'heatmap', 'start': 859.497, 'weight': 3, 'content': [{'end': 870.506, 'text': 'Then we want to actually set the token by simply saying request.token and setting that to the bearer token.', 'start': 859.497, 'duration': 11.009}, {'end': 878.629, 'text': 'And then we simply want to call the next middleware by saying next.', 'start': 872.847, 'duration': 5.782}, {'end': 880.469, 'text': "And that's it.", 'start': 879.989, 'duration': 0.48}, {'end': 882.85, 'text': "That's our verified token function.", 'start': 880.949, 'duration': 1.901}, {'end': 886.091, 'text': "So let's go ahead and save that.", 'start': 883.93, 'duration': 2.161}, {'end': 889.472, 'text': 'Let me just double check this.', 'start': 886.111, 'duration': 3.361}, {'end': 893.193, 'text': 'That should be good.', 'start': 892.413, 'duration': 0.78}, {'end': 904.013, 'text': 'So now what we need to do is when we enter this protected route here, API posts, we need to verify the token.', 'start': 895.131, 'duration': 8.882}], 'summary': 'The transcript outlines setting and verifying a bearer token for a protected api route.', 'duration': 33.696, 'max_score': 859.497, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/7nafaH9SddU/pics/7nafaH9SddU859497.jpg'}, {'end': 1044.359, 'src': 'embed', 'start': 1003.57, 'weight': 1, 'content': [{'end': 1006.651, 'text': "And then inside this verify, we'll first check for an error.", 'start': 1003.57, 'duration': 3.081}, {'end': 1013.694, 'text': "So we'll say if there is an error, then let's go ahead and send that 403 status.", 'start': 1007.432, 'duration': 6.262}, {'end': 1016.655, 'text': 'So res.sendStatus.', 'start': 1013.814, 'duration': 2.841}, {'end': 1019.136, 'text': "And we're going to send 403.", 'start': 1018.216, 'duration': 0.92}, {'end': 1020.957, 'text': "And let's do else.", 'start': 1019.136, 'duration': 1.821}, {'end': 1038.373, 'text': "Then we're going to take this res.json right here and we're going to just move this up into the else.", 'start': 1026.18, 'duration': 12.193}, {'end': 1040.856, 'text': "And we'll send the message post created.", 'start': 1038.393, 'duration': 2.463}, {'end': 1044.359, 'text': "Let's also send the auth data.", 'start': 1041.977, 'duration': 2.382}], 'summary': 'Code verifies for errors and sends 403 status, otherwise sends success message and auth data.', 'duration': 40.789, 'max_score': 1003.57, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/7nafaH9SddU/pics/7nafaH9SddU1003570.jpg'}, {'end': 1122.461, 'src': 'heatmap', 'start': 1063.173, 'weight': 0.746, 'content': [{'end': 1063.933, 'text': "So we'll save.", 'start': 1063.173, 'duration': 0.76}, {'end': 1066.594, 'text': "We'll go back to postman.", 'start': 1065.174, 'duration': 1.42}, {'end': 1071.876, 'text': 'Now, if we try to make a request here again, we get forbidden.', 'start': 1068.335, 'duration': 3.541}, {'end': 1073.217, 'text': "that's expected.", 'start': 1071.876, 'duration': 1.341}, {'end': 1075.057, 'text': 'we need to include our token.', 'start': 1073.217, 'duration': 1.84}, {'end': 1077.818, 'text': 'So the token we got when we logged in.', 'start': 1075.057, 'duration': 2.761}, {'end': 1084.16, 'text': "Now, if you had a front-end app, a front-end client with like, let's say, react or something or whatever vanilla JavaScript,", 'start': 1077.818, 'duration': 6.342}, {'end': 1087.121, 'text': 'You would save this token in local storage.', 'start': 1084.16, 'duration': 2.961}, {'end': 1090.862, 'text': "You could also use cookies, but it that's not really recommended anymore.", 'start': 1087.501, 'duration': 3.361}, {'end': 1092.203, 'text': 'You want to use local storage?', 'start': 1090.862, 'duration': 1.341}, {'end': 1101.369, 'text': 'And then, when you want to make a request to a protected route, you want to send in a header value for authorization.', 'start': 1092.943, 'duration': 8.426}, {'end': 1109.835, 'text': "So we'll say authorization and we're going to say in here bearer space and then the token.", 'start': 1101.389, 'duration': 8.446}, {'end': 1112.177, 'text': "Okay, so let's try this.", 'start': 1110.936, 'duration': 1.241}, {'end': 1113.437, 'text': "We'll go ahead and click send.", 'start': 1112.237, 'duration': 1.2}, {'end': 1115.058, 'text': 'And there we go.', 'start': 1114.457, 'duration': 0.601}, {'end': 1116.338, 'text': 'Post created.', 'start': 1115.498, 'duration': 0.84}, {'end': 1117.219, 'text': 'We get our message.', 'start': 1116.398, 'duration': 0.821}, {'end': 1122.461, 'text': 'We get our auth data, which includes the payload that we sent here.', 'start': 1117.299, 'duration': 5.162}], 'summary': 'Using tokens for authorization, send authorization header for protected routes, post created successfully', 'duration': 59.288, 'max_score': 1063.173, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/7nafaH9SddU/pics/7nafaH9SddU1063173.jpg'}, {'end': 1159.738, 'src': 'embed', 'start': 1128.783, 'weight': 5, 'content': [{'end': 1135.206, 'text': 'And then we get this IAT, which is issued at, I think.', 'start': 1128.783, 'duration': 6.423}, {'end': 1140.148, 'text': "What does this stand for? Pretty sure it's issued at.", 'start': 1136.406, 'duration': 3.742}, {'end': 1147.108, 'text': 'yeah, issued at.', 'start': 1146.007, 'duration': 1.101}, {'end': 1150.411, 'text': "so you can include a timestamp, but if you don't, it'll do.", 'start': 1147.108, 'duration': 3.303}, {'end': 1154.434, 'text': "it'll give you this issued at timestamp.", 'start': 1150.411, 'duration': 4.023}, {'end': 1159.738, 'text': 'so now you can continue to make this request as long as you have that header.', 'start': 1154.434, 'duration': 5.304}], 'summary': 'Iat issued at timestamp allows continued requests with header', 'duration': 30.955, 'max_score': 1128.783, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/7nafaH9SddU/pics/7nafaH9SddU1128783.jpg'}], 'start': 774.725, 'title': 'Token verification process', 'summary': 'Discusses splitting the bearer token to access the token needed for verification and implementing jwt token verification, resulting in successful post creation and retrieval of authentication data and timestamp.', 'chapters': [{'end': 859.417, 'start': 774.725, 'title': 'Token verification process', 'summary': 'Discusses splitting the bearer token to access the token needed for verification and emphasizes the process of turning a string into an array and retrieving the token from the array index, with the goal of enhancing the understanding of token verification.', 'duration': 84.692, 'highlights': ['The process of splitting the bearer token into an array is emphasized to access the token needed for verification, contributing to enhanced understanding of the token verification process.', 'The array index is utilized to retrieve the token from the split bearer token, reinforcing the importance of understanding array indexing in token verification.', 'The use of dot split to turn a string into an array is highlighted as a key step in the token verification process, facilitating the extraction of the token for verification.']}, {'end': 1159.738, 'start': 859.497, 'title': 'Implementing jwt token verification', 'summary': 'Discusses implementing jwt token verification by setting the token, verifying the token on a protected route, and sending the token in the header for authorization, resulting in successful post creation and retrieval of authentication data and timestamp.', 'duration': 300.241, 'highlights': ['Setting the token by saying request.token and setting that to the bearer token Setting the token for JWT verification by assigning request.token to the bearer token.', 'Verifying the token on a protected route by passing the token and using a secret key Demonstrating the process of verifying the token on a protected route with the use of a secret key.', 'Sending the token in the header for authorization to successfully create a post Illustrating the necessity of sending the token in the header for authorization, resulting in the successful creation of a post.']}], 'duration': 385.013, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/7nafaH9SddU/pics/7nafaH9SddU774725.jpg', 'highlights': ['The process of splitting the bearer token into an array is emphasized to access the token needed for verification, contributing to enhanced understanding of the token verification process.', 'Setting the token by saying request.token and setting that to the bearer token Setting the token for JWT verification by assigning request.token to the bearer token.', 'The array index is utilized to retrieve the token from the split bearer token, reinforcing the importance of understanding array indexing in token verification.', 'Verifying the token on a protected route by passing the token and using a secret key Demonstrating the process of verifying the token on a protected route with the use of a secret key.', 'The use of dot split to turn a string into an array is highlighted as a key step in the token verification process, facilitating the extraction of the token for verification.', 'Sending the token in the header for authorization to successfully create a post Illustrating the necessity of sending the token in the header for authorization, resulting in the successful creation of a post.']}, {'end': 1379.282, 'segs': [{'end': 1226.127, 'src': 'embed', 'start': 1190.594, 'weight': 1, 'content': [{'end': 1191.314, 'text': 'We can do that.', 'start': 1190.594, 'duration': 0.72}, {'end': 1196.177, 'text': "So let's go to see I can make this smaller here.", 'start': 1191.414, 'duration': 4.763}, {'end': 1206.492, 'text': 'We want to go to the login where we do the sign and we just want to put in some options right here.', 'start': 1200.089, 'duration': 6.403}, {'end': 1209.534, 'text': "So we'll put in an object like that.", 'start': 1207.793, 'duration': 1.741}, {'end': 1212.896, 'text': "And then in here we're going to say.", 'start': 1211.355, 'duration': 1.541}, {'end': 1216.458, 'text': 'Expires in.', 'start': 1215.377, 'duration': 1.081}, {'end': 1222.665, 'text': 'and then we can say we can do like 30 S for 30 seconds.', 'start': 1218.402, 'duration': 4.263}, {'end': 1226.127, 'text': 'We can do minutes and this is all in the documentation.', 'start': 1222.725, 'duration': 3.402}], 'summary': 'Implementing options for expiration time, including 30-second and minute intervals, in the login feature.', 'duration': 35.533, 'max_score': 1190.594, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/7nafaH9SddU/pics/7nafaH9SddU1190594.jpg'}, {'end': 1323.602, 'src': 'embed', 'start': 1287.01, 'weight': 0, 'content': [{'end': 1290.312, 'text': 'so this is issued at an expiration.', 'start': 1287.01, 'duration': 3.302}, {'end': 1291.972, 'text': "send again and now it's forbidden.", 'start': 1290.312, 'duration': 1.66}, {'end': 1297.823, 'text': 'okay, because it expired, so you can do that as well, all right.', 'start': 1291.972, 'duration': 5.851}, {'end': 1304.108, 'text': "so i know this isn't like the most put together thing, but hopefully this gives you an idea of how to protect your routes,", 'start': 1297.823, 'duration': 6.285}, {'end': 1309.973, 'text': 'how to get a token and then how to use that token to access protected routes.', 'start': 1304.108, 'duration': 5.865}, {'end': 1312.635, 'text': "and obviously we're using postman as our client,", 'start': 1309.973, 'duration': 2.662}, {'end': 1323.602, 'text': 'but you could just as well have a react application or an angular application and use the http client there and just send along your authorization in the header with the token.', 'start': 1312.635, 'duration': 10.967}], 'summary': 'Using tokens to access protected routes in different client applications.', 'duration': 36.592, 'max_score': 1287.01, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/7nafaH9SddU/pics/7nafaH9SddU1287010.jpg'}, {'end': 1362.432, 'src': 'embed', 'start': 1333.947, 'weight': 2, 'content': [{'end': 1338.75, 'text': 'get that user and then include that user here, not just create one like this.', 'start': 1333.947, 'duration': 4.803}, {'end': 1341.399, 'text': 'this is just a mock-up, All right.', 'start': 1338.75, 'duration': 2.649}, {'end': 1346.686, 'text': "so hopefully you guys enjoyed this and hopefully it was somewhat clear, and that's it.", 'start': 1341.399, 'duration': 5.287}, {'end': 1349.169, 'text': 'Thanks for watching, guys, and I will see you next time.', 'start': 1346.786, 'duration': 2.383}, {'end': 1355.528, 'text': 'Coding Dojo is a programming school that turns beginners into developers in only 14 weeks.', 'start': 1350.745, 'duration': 4.783}, {'end': 1362.432, 'text': "If you're serious about landing a career in tech but lack the formal education or background, Coding Dojo will get you there in no time.", 'start': 1355.688, 'duration': 6.744}], 'summary': 'Coding dojo transforms beginners into developers in 14 weeks.', 'duration': 28.485, 'max_score': 1333.947, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/7nafaH9SddU/pics/7nafaH9SddU1333947.jpg'}], 'start': 1159.738, 'title': 'Token-based authentication in postman', 'summary': 'Covers setting up token-based authentication in postman, including the process, importance of a precise token, setting token expiration, accessing protected routes, obtaining a new token after expiration, and token expiration flexibility.', 'chapters': [{'end': 1333.947, 'start': 1159.738, 'title': 'Token-based authentication in postman', 'summary': 'Covers the process of setting up token-based authentication in postman, including the importance of a precise token, setting token expiration, and accessing protected routes using the token. it also explains the process of obtaining a new token after expiration and highlights the flexibility of token expiration times.', 'duration': 174.209, 'highlights': ["The importance of a precise token is emphasized, as any alteration in the token value results in a 'forbidden' response. alteration in the token value leads to a 'forbidden' response", 'The process of setting token expiration is explained, including the option to specify expiration in various formats such as seconds, minutes, days, and hours. option to specify expiration in formats like seconds, minutes, days, and hours', 'Demonstration of obtaining a new token after expiration is provided, with the token including the expiration, and accessing protected routes using the new token is successful. successful access to protected routes using the new token']}, {'end': 1379.282, 'start': 1333.947, 'title': 'Coding dojo: transforming beginners into developers', 'summary': 'Introduces coding dojo, a programming school that transforms beginners into developers in 14 weeks, with over 3,000 graduates to date and over 90% of their grads landing jobs within 3 months, often making over $70k per year at tech firms.', 'duration': 45.335, 'highlights': ['Coding Dojo is a programming school that turns beginners into developers in only 14 weeks, with over 3,000 graduates to date.', 'Over 90% of their grads land jobs within 3 months of graduating, often making over $70k per year at tech firms of all sizes.']}], 'duration': 219.544, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/7nafaH9SddU/pics/7nafaH9SddU1159738.jpg', 'highlights': ["The importance of a precise token is emphasized, as any alteration in the token value results in a 'forbidden' response.", 'The process of setting token expiration is explained, including the option to specify expiration in various formats such as seconds, minutes, days, and hours.', 'Demonstration of obtaining a new token after expiration is provided, with the token including the expiration, and accessing protected routes using the new token is successful.']}], 'highlights': ['Token-based authentication allows protection of routes in an API and access to protected routes by obtaining and using tokens', 'Demonstration of obtaining tokens and protecting routes by implementing JWT sign and creating a mock user', 'The token received after logging in contains all the information needed to make a request to a protected route', 'The process involves creating a middleware function called verify token, which takes in a request, response, and next, allowing access only with a valid token', 'The process of splitting the bearer token into an array is emphasized to access the token needed for verification, contributing to enhanced understanding of the token verification process', "The importance of a precise token is emphasized, as any alteration in the token value results in a 'forbidden' response", 'The process of setting token expiration is explained, including the option to specify expiration in various formats such as seconds, minutes, days, and hours', 'Demonstration of obtaining a new token after expiration is provided, with the token including the expiration, and accessing protected routes using the new token is successful']}