Create a JWT

[00:00:00]
>> Speaker 1: OK, let's make the JSON Web Token So while we're here, in the same utilities folder we'll do JJWT And we will import some stuff, so we're gonna import something from Jose called signed JWT

[00:00:00]
We're gonna import something from crypto, which is built into Node, so technically you could just do Node crypto

[00:00:00]
To be specific, just in case someone on npm has something called crypto and you installed it But either is fine

[00:00:00]
And we're gonna import create secret key and we're gonna import our ENV Cool Let's just make a type for the JSON payload, so we'll make an interface here

[00:00:00]
Interface JWT Payload I talked a little bit about JSON Web Tokens, but you can just think of JSON Web Tokens as an object converted to a string based on some algorithm

[00:00:00]
It's also some level of deterministic creation based on a secret and the algorithm and some other things, but basically we can then take that string and on the API side we can reverse that process and get back the object, right

[00:00:00]
So I'm gonna convert this object to a string That string is a JSON Web Token Whenever the client wants to access the API, they send me that string every single time and I convert it back to the object that I used to create the string in the first place

[00:00:00]
So in that world, what on this object do you need to see so that you can validate it later when it comes to your API

[00:00:00]
So I would want to know like who is this I want their ID What is the ID of this user I would want that Maybe I want to know their email

[00:00:00]
And then maybe I also want to know their username So you notice these are all three things on a user that's unique

[00:00:00]
This helps me identify the user You can put whatever you want I wouldn't put sensitive things on there like don't put their password or credit card number on the JSON Web Token, but you want to put identifying traits so I can safely identify who this person is

[00:00:00]
Export const generate token = (payload) => { We're gonna create our secret first or get a reference to our secret

[00:00:00]
That would just be ENV.JWTSecret And we're gonna create a secret key This is another level of security According to the docs, create secret key creates and returns a new key object containing a secret key for symmetric encryption or HMAC

[00:00:00]
HMAC is an algorithm specifically used for encryption So now we can return a new JSON Web Token by using sign JWT, passing the payload

[00:00:00]
I want to set the protected header here JSON Web Tokens along with the payload will have other fields that are metadata to let the other part of the system that decodes this token know what to do

[00:00:00]
By default, it's gonna use HS256 We can add an issued timestamp to let you know when this token was created, which is helpful for debugging

[00:00:00]
I also want to set an expiration time because having JSON Web Tokens live forever is not a good thing If someone gets hold of your JSON Web Token, they'll have access to your stuff forever, and there's nothing you can do about it without completely changing your algorithm

[00:00:00]
So I'm gonna put an expiration time using ENV.JWTExpiresIn or something like 7 days if that wasn't set And then I'll sign it with the secret key

[00:00:00]
This will return a string, which is the signed JSON Web Token } The rest of the transcript continues in the same corrected style, maintaining technical accuracy, removing stutters and filler words, and preserving the speaker's explanatory tone.