Skip to content

Commit

Permalink
feat: generate real jwt token for auth
Browse files Browse the repository at this point in the history
  • Loading branch information
@keikaavousi
keikaavousi committed Jun 13, 2022
1 parent 0125349 commit d03d27d
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion controller/auth.js
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
const User = require('../model/user');
const jwt = require('jsonwebtoken');

module.exports.login = (req, res) => {
const username = req.body.username;
Expand All @@ -11,7 +12,7 @@ module.exports.login = (req, res) => {
.then((user) => {
if (user) {
res.json({
token: 'eyJr389hbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9',
token: jwt.sign({ user: username }, 'secret_key'),
});
} else {
res.status(401);
Expand Down

3 comments on commit d03d27d

@SiimonStark
Copy link

@SiimonStark SiimonStark commented on d03d27d Aug 25, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is the 'secret_key'. The documentation only mentions sending username and password

@mohammad-taheri1
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@SiimonStark

'secret_key' is not a problem for consumers. It is a key that is used to sign the token. When you request something from the server using this token, this 'secret_key' will be used to verify that the token I s signed with this server

@Suman373
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is the 'secret_key'. The documentation only mentions sending username and password

It is part of the signing jwt, you need payload (here the name of user), the 'secret key', (generally a env var) and the 'expires in' for the life span of the token.

Please sign in to comment.