1
00:00:01,350 --> 00:00:03,090
Instructor: I want to take a minute to review everything

2
00:00:03,090 --> 00:00:05,760
that we did with this server before I move on.

3
00:00:05,760 --> 00:00:08,610
So the key critical part was this diagram right here,

4
00:00:08,610 --> 00:00:10,620
this kind of flow that we assigned.

5
00:00:10,620 --> 00:00:13,770
We had three possible flows coming into our server.

6
00:00:13,770 --> 00:00:16,410
Either you were signing up, signing in,

7
00:00:16,410 --> 00:00:19,830
or trying to get access to some protected resource.

8
00:00:19,830 --> 00:00:22,230
In the case that a user was first signing up

9
00:00:22,230 --> 00:00:25,410
we verified that the email was not already in use

10
00:00:25,410 --> 00:00:27,450
and then we gave them a token.

11
00:00:27,450 --> 00:00:30,300
The token was some identifying piece of information.

12
00:00:30,300 --> 00:00:33,690
It was a JWT or JSON web token.

13
00:00:33,690 --> 00:00:37,410
We created this token using the user's user ID

14
00:00:37,410 --> 00:00:40,680
and we also encoded the issued at time in there as well,

15
00:00:40,680 --> 00:00:43,233
just so we know when the token was first created.

16
00:00:44,940 --> 00:00:48,720
Then whenever a user came back to use our application again,

17
00:00:48,720 --> 00:00:50,850
let's say that they were supplying their email

18
00:00:50,850 --> 00:00:52,470
and password again, so again,

19
00:00:52,470 --> 00:00:55,590
an end user has no idea that a token exists.

20
00:00:55,590 --> 00:00:58,470
They only know that they have a username and password.

21
00:00:58,470 --> 00:01:02,010
So when a user supplied their email and password to log in,

22
00:01:02,010 --> 00:01:05,099
we verified that their email and password were correct

23
00:01:05,099 --> 00:01:08,943
using the local strategy plugin for the passport.

24
00:01:09,810 --> 00:01:11,910
After we verified that they had the correct email

25
00:01:11,910 --> 00:01:15,480
and password, we assigned a token to them.

26
00:01:15,480 --> 00:01:18,360
Finally, whenever a user came back to our application

27
00:01:18,360 --> 00:01:21,360
to make an authenticated request with a token,

28
00:01:21,360 --> 00:01:23,640
we verified that the token existed

29
00:01:23,640 --> 00:01:25,410
and that it was the correct token,

30
00:01:25,410 --> 00:01:28,380
and then we gave them access to the resource access,

31
00:01:28,380 --> 00:01:32,130
to whatever their, you know, protected resource was.

32
00:01:32,130 --> 00:01:36,990
This verified token step was done using the JWT strategy

33
00:01:36,990 --> 00:01:40,533
which is, again, a plugin for the passport library.

34
00:01:41,730 --> 00:01:43,860
I hope you've enjoyed this section.

35
00:01:43,860 --> 00:01:46,010
I know it's probably been very challenging.

36
00:01:46,950 --> 00:01:48,750
Definitely not the easiest content in the world

37
00:01:48,750 --> 00:01:52,080
but we have built from scratch a very solid,

38
00:01:52,080 --> 00:01:54,570
very secure API server that we can use,

39
00:01:54,570 --> 00:01:56,250
not only for web applications,

40
00:01:56,250 --> 00:01:59,160
but also for mobile applications as well.

41
00:01:59,160 --> 00:02:01,620
If we want to add any protected route in the future

42
00:02:01,620 --> 00:02:03,180
for absolutely anything,

43
00:02:03,180 --> 00:02:06,210
all we have to do is define our route handler

44
00:02:06,210 --> 00:02:09,990
and then pass in this require auth as the second argument.

45
00:02:09,990 --> 00:02:12,060
And then the third argument is always gonna be

46
00:02:12,060 --> 00:02:14,040
whatever the protected route is.

47
00:02:14,040 --> 00:02:16,650
So very versatile, very flexible,

48
00:02:16,650 --> 00:02:19,290
and we can really take this in any direction we want.

49
00:02:19,290 --> 00:02:20,430
If I were in your shoes

50
00:02:20,430 --> 00:02:22,650
I would probably commit everything that I have right now

51
00:02:22,650 --> 00:02:24,480
to GitHub and I would treat this

52
00:02:24,480 --> 00:02:27,060
like a boiler plate project that I could spin up on the fly

53
00:02:27,060 --> 00:02:29,460
for any project I wanna work on and know that

54
00:02:29,460 --> 00:02:33,690
I've got a rock solid authentication server ready to go.

55
00:02:33,690 --> 00:02:35,130
So I hope you've enjoyed this

56
00:02:35,130 --> 00:02:38,223
and it's definitely been my pleasure to show it to you.