1
00:00:00,600 --> 00:00:01,433
Presenter: In the last section,

2
00:00:01,433 --> 00:00:04,200
we started wiring up our JWT strategy.

3
00:00:04,200 --> 00:00:06,720
As a reminder, strategies are plugins

4
00:00:06,720 --> 00:00:08,970
of sorts that work with Passport.

5
00:00:08,970 --> 00:00:11,070
Passport is a library that we use to figure out

6
00:00:11,070 --> 00:00:13,530
whether or not a user is currently authenticated to

7
00:00:13,530 --> 00:00:14,910
use our application.

8
00:00:14,910 --> 00:00:17,640
In a strategy, attempts to authenticate that user

9
00:00:17,640 --> 00:00:20,190
in a very particular fashion.

10
00:00:20,190 --> 00:00:22,620
So we're using JWTs for authentication.

11
00:00:22,620 --> 00:00:24,780
So we grabbed a strategy to help us

12
00:00:24,780 --> 00:00:28,083
with JWT authentication and Passport.

13
00:00:29,460 --> 00:00:32,369
We created a new JWT strategy

14
00:00:32,369 --> 00:00:33,810
and passed a call back into it.

15
00:00:33,810 --> 00:00:38,430
That's going to be ran whenever a request comes across

16
00:00:38,430 --> 00:00:41,253
or into our application containing a JWT.

17
00:00:42,240 --> 00:00:43,530
Once this function is ran,

18
00:00:43,530 --> 00:00:46,840
we're going to try to find a user ID

19
00:00:47,850 --> 00:00:50,370
with the ID that is contained within the token.

20
00:00:50,370 --> 00:00:52,530
Remember, the token contains some amount

21
00:00:52,530 --> 00:00:55,440
of encoded data that we set up already

22
00:00:55,440 --> 00:00:59,610
inside of our authentication controller right here

23
00:00:59,610 --> 00:01:02,013
when we encoded the JWT.

24
00:01:03,690 --> 00:01:05,430
If we were able to find a user

25
00:01:05,430 --> 00:01:09,000
then we called the done callback with that particular user.

26
00:01:09,000 --> 00:01:11,910
Otherwise, we said nope, we didn't find a user

27
00:01:11,910 --> 00:01:14,460
and we passed false as the second argument to done.

28
00:01:16,800 --> 00:01:20,550
The last thing we have to do is fill out these JWT options.

29
00:01:20,550 --> 00:01:22,770
So there's kinda a little magic that's going

30
00:01:22,770 --> 00:01:24,270
on the behind the scenes here.

31
00:01:24,270 --> 00:01:27,330
Number one, you know, we're expecting

32
00:01:27,330 --> 00:01:31,110
that this JWT strategy is going to somehow get access

33
00:01:31,110 --> 00:01:33,900
to our JWT off the request, right?

34
00:01:33,900 --> 00:01:35,760
We're assuming that somehow it's going to look

35
00:01:35,760 --> 00:01:37,200
through the entire request

36
00:01:37,200 --> 00:01:39,330
and it's just gonna figure out, okay

37
00:01:39,330 --> 00:01:42,093
this is where the JWT is on the request.

38
00:01:43,410 --> 00:01:47,220
But a JWT token can sit anywhere on the request.

39
00:01:47,220 --> 00:01:48,870
It can be contained within the body,

40
00:01:48,870 --> 00:01:50,670
it can be within the URL,

41
00:01:50,670 --> 00:01:52,980
it can be on the headers of the request.

42
00:01:52,980 --> 00:01:56,160
And so we have to specifically tell this strategy

43
00:01:56,160 --> 00:01:59,493
where to look on request to find this key.

44
00:02:00,690 --> 00:02:02,010
So to tell it where to look,

45
00:02:02,010 --> 00:02:07,010
we're going to pass it an option called JWT from request

46
00:02:09,180 --> 00:02:12,750
and we're gonna tell it extract the token

47
00:02:12,750 --> 00:02:16,320
from a header called Authorization.

48
00:02:16,320 --> 00:02:18,660
So right now, or right here with this line, Oops

49
00:02:18,660 --> 00:02:19,770
I put a semicolon on.

50
00:02:19,770 --> 00:02:21,210
Don't want that.

51
00:02:21,210 --> 00:02:24,240
With this line right here, we're telling JWT strategy

52
00:02:24,240 --> 00:02:26,460
that whenever a request comes in

53
00:02:26,460 --> 00:02:29,040
and we want Passport to handle it,

54
00:02:29,040 --> 00:02:32,070
it needs to look at the request's header

55
00:02:32,070 --> 00:02:34,620
and specifically a header called authorization

56
00:02:34,620 --> 00:02:36,093
to find the token.

57
00:02:37,290 --> 00:02:38,580
Okay, so that's step one.

58
00:02:38,580 --> 00:02:41,250
The other piece of setup that we have to do in here,

59
00:02:41,250 --> 00:02:43,410
the other option that we're gonna pass in,

60
00:02:43,410 --> 00:02:44,910
you'll notice that we assumed that

61
00:02:44,910 --> 00:02:47,880
the payload would just mysteriously pop up in here, right?

62
00:02:47,880 --> 00:02:50,220
Like the decoded payload.

63
00:02:50,220 --> 00:02:52,920
And as we discussed before, when we create a payload,

64
00:02:52,920 --> 00:02:55,983
we are encoding it with some very particular secret.

65
00:02:56,820 --> 00:02:58,680
So whenever we use JWT strategy,

66
00:02:58,680 --> 00:03:00,360
we also have to tell it the secret

67
00:03:00,360 --> 00:03:03,390
that it should use to decode this token.

68
00:03:03,390 --> 00:03:08,250
So as a second argument, I'll say secret or key

69
00:03:08,250 --> 00:03:11,340
and that's gonna be config.secret.

70
00:03:11,340 --> 00:03:14,490
Remember, we already imported config up here at the top.

71
00:03:14,490 --> 00:03:16,770
Okay, So let's save this.

72
00:03:16,770 --> 00:03:18,300
I'm gonna go over and check my terminal.

73
00:03:18,300 --> 00:03:19,170
Verify. Yep.

74
00:03:19,170 --> 00:03:20,970
Everything is still green over here.

75
00:03:22,080 --> 00:03:25,473
At this point in time, we've now set up our JWT strategy.

76
00:03:26,790 --> 00:03:28,950
The last thing we have to do is tell Passport

77
00:03:28,950 --> 00:03:30,450
to actually use this strategy.

78
00:03:30,450 --> 00:03:32,280
So we have to, you know, there's no magic going on here.

79
00:03:32,280 --> 00:03:34,500
We have to wire up everything together.

80
00:03:34,500 --> 00:03:36,510
So to tell Passport to use this strategy,

81
00:03:36,510 --> 00:03:41,510
we just have to say passport.use JWT login.

82
00:03:42,870 --> 00:03:45,510
And this variable right here, remember we created it.

83
00:03:45,510 --> 00:03:48,000
That was the name of the strategy that we created.

84
00:03:48,000 --> 00:03:50,340
So at this point, we've now told Passport, "Hey

85
00:03:50,340 --> 00:03:53,247
be sure to use this very particular strategy right here."

86
00:03:54,330 --> 00:03:55,740
All right, this looks good.

87
00:03:55,740 --> 00:03:57,330
Let's continue the next section where

88
00:03:57,330 --> 00:03:59,100
we will put this strategy to use

89
00:03:59,100 --> 00:04:01,773
and try to make an authenticated request.