Schedule > User Authentication using JSON Web Tokens

Today we’re going to learn how to ensure that only authorized users are able to access your web resources. There are a couple of different steps associate wit this process:

1. Creating a way to register and store usernames and passwords.
   • This will follow a very similar process to how we’ve been storing and retrieving doctors and companions.
2. Creating a method of figuring out whether a user requesting a resource is authenticated by your system.
   • This will involve using JWTs (JavaScript Web Tokens) that require that a client embed a web token – issued by the server – in its request header.
3. Creating a way to revoke access (by making it so the token times out).

The assigned videos are very instructive, and I highly recommend them (don’t skip these readings – they’re important).

Slides

• Intro to JSON Web Tokens

Lecture Video(s)

• Recorded Lecture Video (51:38)

Readings

1. Cook, Kyle What Is JWT and Why Should You Use JWT. Web Dev Simplified.
2. Cook, Kyle JWT Authentication Tutorial - Node.js. Web Dev Simplified.
   This is a nice Node.js code walkthrough of the key ideas of JWTs.
3. Introduction to JSON Web Tokens.
   This is a reference doc for learning more about the technical specification.