WEBVTT 1 00:00:02.000 --> 00:00:07.860 Slowly but steadily, this application is taking shape, I mean we're still only working on 2 00:00:07.860 --> 00:00:12.720 the users part, we haven't started working on the events part yet, but this is of course 3 00:00:12.720 --> 00:00:18.180 an important part and we're seeing how we can use AI for different use cases. 4 00:00:19.780 --> 00:00:26.020 Now one thing is still missing here for this part regarding authentication, signup, login, 5 00:00:26.880 --> 00:00:29.960 and that's the JSON Web Token part. 6 00:00:31.620 --> 00:00:35.780 And here I don't want to go into too much detail because it's not the focus of this 7 00:00:35.780 --> 00:00:42.400 course, but in the end this JSON Web Token thing I'm mentioning here is simply a popular 8 00:00:42.400 --> 00:00:47.180 approach for actually adding authentication to REST APIs. 9 00:00:48.820 --> 00:00:53.340 Because right now we're able to sign up users and we're able to log in users, but if we 10 00:00:53.240 --> 00:01:00.100 had some application, some frontend that would use this API on the backend, then that 11 00:01:00.100 --> 00:01:06.940 frontend application would need some identifier, some token it could store which it could send 12 00:01:06.940 --> 00:01:14.180 with subsequent requests to other routes, for example to routes that allow us to create 13 00:01:14.180 --> 00:01:21.280 or edit events to prove that it previously did sign up or log in a user. 14 00:01:22.720 --> 00:01:27.280 So some proof that some decoupled frontend has an authenticated user. 15 00:01:27.400 --> 00:01:32.720 We need some proof and that's such a JSON Web Token which we can generate and issue 16 00:01:32.720 --> 00:01:39.660 on the server when the signup or login route is hit and which we then send back to the 17 00:01:39.660 --> 00:01:44.460 frontend when that happens and then the frontend could store it and send it for subsequent 18 00:01:44.460 --> 00:01:45.140 requests. 19 00:01:45.640 --> 00:01:51.700 And we'll see it how it gets used in practice over the next minutes and lectures of course. 20 00:01:53.540 --> 00:01:58.500 Now therefore we need to generate such a token and there is a package that can help us with 21 00:01:58.500 --> 00:01:58.760 that. 22 00:01:59.260 --> 00:02:05.620 Hence I'll quit this server and now run npm install to install that package and the name 23 00:02:05.620 --> 00:02:07.860 of that package is JSON Web Token. 24 00:02:09.080 --> 00:02:11.300 And we could ask AI about this. 25 00:02:11.400 --> 00:02:17.560 We could also ask chat, gpt or clod to explain this approach in greater detail but here I 26 00:02:17.560 --> 00:02:23.320 already know what I need to do so I will just install this package, restart my development 27 00:02:23.320 --> 00:02:31.780 server here and then use this package to create such tokens when users are created or logged 28 00:02:31.780 --> 00:02:32.160 in. 29 00:02:33.980 --> 00:02:40.220 Now we could store the code where we generate such a token here in this user's controller 30 00:02:40.200 --> 00:02:45.480 js file but I'll actually outsource it into a separate folder and file. 31 00:02:46.860 --> 00:02:52.900 For that I'll add a new folder which I'll name util for utility and in there I'll add 32 00:02:52.900 --> 00:02:58.720 an auth.js file and it's in this file now where I want to add utility methods for creating 33 00:02:58.720 --> 00:03:03.960 and verifying tokens which I will then need later in different parts of the app. 34 00:03:05.940 --> 00:03:15.140 So it's in this file where I'll now tell cursor to add functions for generating JWTs 35 00:03:15.140 --> 00:03:22.780 with the JSON Web Token package and for verifying. 36 00:03:24.000 --> 00:03:31.120 The JWT, the JSON Web Token should include the user ID and email of the user to whom 37 00:03:31.120 --> 00:03:32.160 it belongs. 38 00:03:35.220 --> 00:03:43.220 And now if I hit generate hopefully the AI again goes ahead and tries to add functions 39 00:03:43.220 --> 00:03:45.980 that will do exactly what I told it to do. 40 00:03:47.060 --> 00:03:53.060 Now this JWT secret thing here is important because these tokens that are generated are 41 00:03:53.060 --> 00:03:58.880 generated with help of a secret key, a secret string which only we on the backend know which 42 00:03:58.880 --> 00:04:03.820 we will use for verifying the token to make sure that any token that's sent to the backend 43 00:04:03.780 --> 00:04:09.820 from some frontend is really a token that has been generated by this backend. 44 00:04:11.100 --> 00:04:16.640 So that not any arbitrary token is accepted but only tokens that have been generated by 45 00:04:16.640 --> 00:04:17.920 this very backend. 46 00:04:19.240 --> 00:04:25.800 And this is confirmed by using a special key which only we on the backend know for generating 47 00:04:25.800 --> 00:04:26.660 those tokens. 48 00:04:28.120 --> 00:04:32.520 That's why this part here is important and correctly included by the AI here. 49 00:04:33.620 --> 00:04:38.780 And this secret is used for both generating and decoding and verifying tokens. 50 00:04:40.560 --> 00:04:44.620 So we got these utility functions here looking good to me. 51 00:04:45.280 --> 00:04:53.140 I will actually remove this error handling code here, don't need that, whoops, like this 52 00:04:53.140 --> 00:04:54.800 and then accept this part. 53 00:04:56.200 --> 00:04:57.100 Yeah, sure. 54 00:04:57.540 --> 00:04:59.620 And that can be removed too with tab. 55 00:05:00.000 --> 00:05:03.940 Thank you. And therefore this is now the final file. 56 00:05:05.400 --> 00:05:09.960 Here you can enter any secret key you want like ABC test token 57 00:05:10.780 --> 00:05:16.180 But again, that is up to you. And now with these functions added and exported here 58 00:05:16.180 --> 00:05:20.420 We can use them in other files like for example in the user controller file 59 00:05:21.140 --> 00:05:29.740 Where I now want to generate and send back tokens to the front-end who tried to sign up or log in a user 60 00:05:30.460 --> 00:05:35.159 So I will select the entire code here and say use the 61 00:05:35.159 --> 00:05:40.100 And then again, I'll point at the generate token function with at 62 00:05:40.100 --> 00:05:42.340 Code and then generate token 63 00:05:42.340 --> 00:05:45.240 function to generate 64 00:05:46.760 --> 00:05:52.120 JWT's which are sent back with the response after 65 00:05:52.120 --> 00:05:55.580 successful sign up or log in 66 00:05:56.380 --> 00:05:57.100 And 67 00:05:57.100 --> 00:06:05.240 Then again, the appropriate changes are hopefully made like adding this import here and 68 00:06:05.240 --> 00:06:08.159 Then down here the token is generated 69 00:06:09.380 --> 00:06:10.100 and 70 00:06:10.100 --> 00:06:15.659 Attached to the outgoing response for sign up and the same for login 71 00:06:16.740 --> 00:06:23.140 Again, we could have done this manually, but it's arguably maybe a bit quicker if we use AI for that 72 00:06:24.039 --> 00:06:28.860 But as always it's up to you and it's simply also a game of trial and error 73 00:06:28.860 --> 00:06:32.220 To find out what's quicker and what works best for you 74 00:06:33.760 --> 00:06:41.880 With that all done if you save everything and you try logging in again by again sending a POST request to the login route 75 00:06:43.020 --> 00:06:45.260 with valid email and password 76 00:06:46.039 --> 00:06:49.420 You should get back such a token here 77 00:06:50.360 --> 00:06:53.400 And that is a token you would normally store 78 00:06:53.400 --> 00:06:59.200 Somewhere if you were a front-end if you were a mobile app, for example that communicates with the API 79 00:06:59.200 --> 00:07:01.940 You would store that somewhere in your internal storage 80 00:07:02.960 --> 00:07:09.600 And you would then send it back to that REST API for future requests to other routes 81 00:07:09.600 --> 00:07:12.980 Which are only available to authenticated users 82 00:07:13.320 --> 00:07:21.200 And that's exactly what we'll work on next other routes which are only available to authenticated users