Reading 13 Bearer Authorization - liz-kavalski-401-advanced-javascript/seattle-javascript-401n13 GitHub Wiki

Intro to jwt

Already done it for Reading 11

Are jwts secure?

  • JWTs can be either signed, encrypted or both.
  • It cares about validation

jsonwebtoken docs

  • jwt.sign(payload, secretOrPrivateKey, [options, callback])
    • Asynchronous: If a callback is supplied, the callback is called with the err or the JWT.
    • Synchronous: Returns the JsonWebToken as string
      • payload could be an object literal, buffer or string representing valid JSON.
      • secretOrPrivateKey is a string, buffer, or object containing either the secret for HMAC algorithms or the PEM encoded private key for RSA and ECDSA.
      • options-not quite sure what it dose.
  • Can set a experation on the tokens
  • jwt.verify(token, secretOrPublicKey, [options, callback]) check if it vaild.
  • jwt.decode(token [, options]) return the decoded payload. *Possible issuse that can come along