Thank you for this useful video. We can use JWT token to get an access to the API endpoint. Adding HTTP Header: "Authorization: Bearer " will help us. But what is a correct way of storing this access token in the application? Should we store it in the Database? Or maybe we should store this token in the cache (Redis, Memached)?
It's a long answer which really depends on your application but memory or DB would be ok for server-side applications. For mobile or desktop, you'll more likely need to rely on something else...Keychain / Keystore / CredsLocker
Hi Gary, I was excited about the topic and then got disappointed when i realized too soon that it was linked into TDD and Pest. I was expecting a course JWT on its own with the test dependency. 😢
No problems at all... hopefully it helps! 🙂 I was about to get to work writing JWT's into one of my web apps, although now I'm not sure what the advantage of using JWT is over sessions in PHP? I was originally going to do it because I'm having trouble with cookies expiring after 15 mins unattended (think its the web server)... then I read people say don't store JWT in local storage, only in cookies... but my cookies are expiring anyway, so JWT would die with the expired cookie. What do you think the key advantage to using a JWT is? Thanks for your time... :-)
Hey Gary great content. I was trying to generate a secret base64 encoding (verify signature ). Can shortly give me an idea about that . How can i generate that.
In php you can do something like this...this is a little simplified but you should get the idea // Your data and secret key $data = "Your data here"; $secret_key = "your_secret_key"; // Create a signature using a cryptographic hash function, e.g., SHA-256 $signature = hash_hmac('sha256', $data, $secret_key, true); // Encode the signature in Base64 $encoded_signature = base64_encode($signature); echo $encoded_signature;
![Kodak Black - Versatile 4 [Official Video]](http://i.ytimg.com/vi/VcP_1Ua__vY/mqdefault.jpg)
you are The King Of PHP
As always, great content! Thanks Gary!
Thank you for this useful video. We can use JWT token to get an access to the API endpoint. Adding HTTP Header: "Authorization: Bearer " will help us. But what is a correct way of storing this access token in the application? Should we store it in the Database? Or maybe we should store this token in the cache (Redis, Memached)?
It's a long answer which really depends on your application but memory or DB would be ok for server-side applications. For mobile or desktop, you'll more likely need to rely on something else...Keychain / Keystore / CredsLocker
Hi Gary, I was excited about the topic and then got disappointed when i realized too soon that it was linked into TDD and Pest. I was expecting a course JWT on its own with the test dependency. 😢
Hello Does not https transfer data in encrypted form between client and sever
Do we still need JWT?
Can you elaborate on this please?
JWT is used for authentication, not encryption.
@@GaryClarkeTech thank you nice video
Great video, thank you!! :-) Exceptional work... I gave a like & subscribed.
Awesome, thank you!
No problems at all... hopefully it helps! 🙂
I was about to get to work writing JWT's into one of my web apps, although now I'm not sure what the advantage of using JWT is over sessions in PHP?
I was originally going to do it because I'm having trouble with cookies expiring after 15 mins unattended (think its the web server)... then I read people say don't store JWT in local storage, only in cookies... but my cookies are expiring anyway, so JWT would die with the expired cookie.
What do you think the key advantage to using a JWT is?
Thanks for your time... :-)
Tnx ! Perfect content !
Hey Gary great content. I was trying to generate a secret base64 encoding (verify signature ). Can shortly give me an idea about that . How can i generate that.
In php you can do something like this...this is a little simplified but you should get the idea
// Your data and secret key
$data = "Your data here";
$secret_key = "your_secret_key";
// Create a signature using a cryptographic hash function, e.g., SHA-256
$signature = hash_hmac('sha256', $data, $secret_key, true);
// Encode the signature in Base64
$encoded_signature = base64_encode($signature);
echo $encoded_signature;