Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll

Using Cookies and JWTs for Secure Authentication

Well done!

You have completed Using Cookies and JWTs for Secure Authentication!

Sign up for Treehouse Back to Library
Preview
Video Player
00:00
00:00
00:00
  1. 2x 2x
  2. 1.75x 1.75x
  3. 1.5x 1.5x
  4. 1.25x 1.25x
  5. 1.1x 1.1x
  6. 1x 1x
  7. 0.75x 0.75x
  8. 0.5x 0.5x
Use Up/Down Arrow keys to increase or decrease volume.

Setting up the Packages

4:55 with Alena Holligan

To use a JWT with our user data, we'll be looking at a couple of additional packages that we will install via composer, php-jwt and phpdotenv. php-jwt is a JSON Web Token package that allows you to generate a JWT that we will store in our cookies. phpdotenv is a nice package to set environment variables based on a file.

To use a JWT with a user data we will be looking at a couple additional packages 0:00
that will install via Composer, PHP JWT, and PHP.ENV. 0:05
PHP JWT is a JSON web token package that allows you to generate 0:11
a Jwt that will be stored in our cookie. 0:16
PHP.ENV is a nice package to set environment variables based on a file. 0:19
If you want want more details about environment variables 0:26
check the notes associated with this video. 0:29
Since we're going to need a new package for 0:32
this system, let's install our new package to our composer. 0:34
In workspaces, go to View>Show Console The package 0:37
we're going to be using is the php-jwt by Firebase. 0:46
So let's type composer 0:51
require firebase/php-jwt. 0:56
This will install the package and update your composer.json and 1:03
composer.lock files. 1:08
We also need to require the vlucas/php.env, 1:09
another way of doing this is going into our composer.json. 1:14
And we'll add it after the Firebase. 1:22
Vlucas/php.env, 1:28
3.3 is what we're using. 1:35
Make sure that you add a comma to separate these two packages. 1:39
Doing it this way requires that you know the latest stable release or 1:42
version that you want to use. 1:46
After updating your JSON file, go back to the console and run composer update, 1:49
Composer update, oops, save our JSON. 1:58
The last thing we'll need to do is create a new file named .env. 2:10
This is where we'll store environment variables. 2:15
As a reminder, you will want to make sure that any 2:19
ENV files that you use are added to get ignore file. 2:22
You don't want to be pushing that secure information to GitHub. 2:27
Any file that starts with a period can be difficult to edit, 2:31
especially in workspaces. 2:34
So let's close our console and the composer file and in the Inc folder, 2:36
we'll create a new file and we'll name this env.txt. 2:43
We can rename it when we're done. 2:49
This is where we're going to define any environment variables that we want to use. 2:51
We can access this with GitEnv or the _env variable. 2:56
This file should contain any secret keys that you need for your application. 3:02
In our case, we need a secret key for our JWT to be signed. 3:06
We'll type SECRET_KEY and 3:10
set this equal to a string of 64 random characters. 3:13
We can also use this environment file for 3:20
our cookie settings that may change based on the environment. 3:22
We'll use COOKIE_PATH, we'll set this equal to our root. 3:27
Our COOKIE_DOMAIN, which is going 3:34
to equal .treehouse-app.com. 3:39
Our COOKIE_SECURE, 3:43
which is going to equal false, and 3:47
our COOKIE_HTTPONLY equals true. 3:52
Let's close and rename this file. 3:58
.env. 4:06
The last thing we need to do is to tell our application to load this file. 4:08
In our settings, Right at the top, 4:14
let's add dotenv = 4:22
Dotenv\Dotenv::create(__DIR). 4:27
Then we'll use dotenv->load(). 4:42
This will tell the system where to find our dotenv file, 4:48
in the same folder as our settings file. 4:52