WEBVTT 00:03.670 --> 00:05.050 Hated every everyone that they share. 00:05.050 --> 00:09.670 And in this video we're going to learn about the JWT not really learned because we have already worked 00:09.670 --> 00:11.110 with the JWT in the past. 00:11.260 --> 00:15.910 So it's now time just to simply go ahead and create the JWT tokens. 00:16.420 --> 00:20.920 So for this one, first, we need to go into the DOT EMV because these are a couple of things which 00:20.940 --> 00:23.380 would like to keep it absolutely as secret. 00:23.470 --> 00:30.070 So the first one is going to be JWT underscore secret and this secret can be anything. 00:30.100 --> 00:36.520 This is my JWT top secret. 00:36.520 --> 00:39.370 Again, make sure the secret is always same. 00:39.370 --> 00:44.260 And once you have added the secret into the database, Heroku or whatever you are using Digital Ocean, 00:44.260 --> 00:48.430 make sure you keep this exactly same because if you are going to change this, your entirety of token 00:48.430 --> 00:50.830 and everything is going to just go bonkers. 00:50.830 --> 00:51.910 So please don't do that. 00:52.030 --> 01:02.050 Now, apart from this, we're going to also have this JWT expire expiry and that is also going to be, 01:02.050 --> 01:07.270 let's just say three days is enough for us, but it's up to you totally your choice that you want to 01:07.270 --> 01:12.610 keep it the token alive for three days, two days, one day, maybe 24 hours, whatever you like. 01:12.760 --> 01:15.460 I'm happy with the three days, so I'm going to go back up here. 01:15.580 --> 01:16.050 Okay. 01:16.690 --> 01:20.110 So next up is what do we need to create the JSON web token? 01:20.110 --> 01:21.580 Of course, JSON Web token. 01:21.580 --> 01:23.020 So let's go ahead and bring that up. 01:23.020 --> 01:31.960 So we're going to say, hey, I am going to call you JWT, but you will come from require as JSON web 01:31.960 --> 01:32.560 token. 01:32.650 --> 01:34.660 So now the JSON Web token is here. 01:34.660 --> 01:38.860 Now again, the big question comes in is what you are going to put inside this token? 01:38.950 --> 01:44.110 My recommendation is usually just put the ID itself because anybody based on this ID can connect to 01:44.110 --> 01:46.780 the database and query the entire user. 01:46.780 --> 01:51.760 But again, if you think that this is much more feasible for you to have email, probably your application 01:51.760 --> 01:54.790 is email centric and you want to just extract email from there. 01:54.790 --> 01:56.050 Please go ahead and do that. 01:56.050 --> 02:00.820 But my personal recommendation is always just enclose the ID and that's it, nothing more than that. 02:01.390 --> 02:14.530 So okay, so this one actually is going to be a method for create and create and return JWT token again 02:14.530 --> 02:18.670 the same thing, user schema dot methods. 02:18.670 --> 02:23.050 And we're going to be calling this one as get token. 02:23.680 --> 02:25.660 So that is really nice. 02:25.840 --> 02:30.850 And let's call this one as get a JWT token. 02:30.850 --> 02:32.110 Yeah, that makes sense. 02:32.500 --> 02:34.390 Again, this might take some time. 02:34.390 --> 02:36.040 Again, JWT doesn't take time. 02:36.040 --> 02:36.610 My bad. 02:37.030 --> 02:39.580 But if you make it a synchronous, that is also fine. 02:39.580 --> 02:40.930 It's not going to harm anything. 02:40.930 --> 02:44.800 But this is really a fast operation, so you don't need to worry on that part. 02:45.940 --> 02:48.250 It doesn't take any parameter from the user itself. 02:48.250 --> 02:52.240 User can just run it simply and get the token itself in order to generate the token. 02:52.240 --> 02:55.690 We remember we do have two methods dot, sign and verify. 02:55.690 --> 02:58.330 We use sign for creating the token itself. 02:58.690 --> 03:01.390 Now in this first you pass on the payload itself. 03:01.390 --> 03:09.310 So the payload is going to be the ID and this ID is going to be coming up from this dot underscore ID. 03:09.340 --> 03:16.300 Now remember this ID up here, what we are seeing here is the field that we are creating. 03:16.300 --> 03:17.320 So that is fine. 03:17.320 --> 03:23.860 But this dot underscore ID is a field which is going to be given to you by the mongoose or the MongoDB 03:23.860 --> 03:24.520 in general. 03:24.610 --> 03:31.420 Whenever you save any data in the MongoDB, it automatically generates an ID field, just a side info. 03:31.420 --> 03:32.710 This is not a JSON field. 03:32.710 --> 03:33.970 This is a based on the field. 03:33.970 --> 03:39.310 Again, coming back onto the main part, whenever you save anything into the MongoDB, it automatically 03:39.310 --> 03:44.110 generates an ID for you and this ID field can be accessed by underscore. 03:44.110 --> 03:49.540 ID always remain same underscore ID so it is not this dot ID, this is underscore ID. 03:49.540 --> 03:53.650 So whenever you need to access that, you have to mention that in case you want to add more field. 03:53.650 --> 03:55.360 Again, this really remains the same. 03:55.360 --> 04:00.880 You go ahead and say email this, come on this, dot email and you can adjust access that. 04:00.880 --> 04:04.030 But again, my recommendation, please go ahead and work on just like that. 04:04.300 --> 04:07.480 Okay, so this is the only field that we have. 04:07.810 --> 04:08.500 So that's nice. 04:08.500 --> 04:10.300 Now we need to provide a secret as well. 04:10.300 --> 04:13.240 So let's go ahead and as it says, hey, provide me a secret. 04:13.270 --> 04:16.870 The secret is going to come up from process E and V dot. 04:16.900 --> 04:22.600 Let's go ahead and copy that JWT secret, copy that and paste that. 04:22.660 --> 04:24.520 I go ahead and put up a comma. 04:24.520 --> 04:29.650 Now it says, Hey, once this is all done, you can actually go ahead and provide me options of something 04:29.650 --> 04:31.180 like, which is expiry time. 04:31.330 --> 04:32.530 Obviously we want to give that. 04:32.530 --> 04:34.270 So let's go ahead and have this one. 04:34.390 --> 04:37.600 This one is going to have this expires in again. 04:37.600 --> 04:40.630 We want to control the entire expiry time from one file. 04:40.630 --> 04:41.860 That's why we are having this one. 04:41.860 --> 04:47.950 So we're going to go ahead and say process and EMV, dot, dot, and we'll bring it up from environment 04:47.950 --> 04:48.460 variables. 04:48.460 --> 04:51.520 So JWT expiry, there we go. 04:51.520 --> 04:55.630 Now this helps me that whenever I want to change anything or something, I can just go ahead and do 04:55.630 --> 04:57.280 it in one single file and that's it. 04:57.460 --> 04:59.470 Now this is going to just create a token. 04:59.470 --> 05:00.760 We obviously need to return it. 05:00.760 --> 05:01.870 So let's just say return. 05:02.140 --> 05:07.810 So anybody who says like something they shouldn't get JWT token he will be able to just get the token 05:07.810 --> 05:08.560 right out of the box. 05:08.570 --> 05:09.460 So no big deal. 05:09.460 --> 05:10.600 No big issue there. 05:10.970 --> 05:11.230 Okay. 05:11.230 --> 05:13.730 So this is the basics of creating the JWT token. 05:13.750 --> 05:18.460 I hope you have understood the exact same code, why we are writing it and interesting details as well. 05:18.490 --> 05:20.830 Let's go ahead and catch up in next video.