Oh, boy I hate 'courses' like this, SOO, we are jumping from lession 6 to do some cors changes, to lession 5, then back to lession 2 code example to do this video. What a mess of a cours.

...

This is super helpful. I've been looking for a good resource on JWT since I got hungup on a Prisma project. Thanks!

I believe there is a step that is missing. When getting a valid JWT from https://jwt.io, you need to update the secret key to match the secret key in your code, in this example, "mysupersecretkey".

You can update the secret key on https://jwt.io in the last section of "Decoded" where it says "Verify Signature". There is a text input to enter your secret key. After updated your key, the encoded JWT will update automatically. Copy and paste this key into Postman to fix the "invalid signature" error.

Not sure what Postman version the course instructor is using, but mine do not have 'Bearer' as an option in the Authorization tab. I had to add it manually by going to the 'Headers' tab and adding a header with the key as 'Authorization' and value as 'Bearer JWT_TOKEN_STRING'

This course is pretty disorganized, it's definitely not the same quality that I normally experience with Egghead. For it to be better, the videos need to be ordered better, and as mentioned it feels like bits are missing, it is hard to follow along when the code from lesson to lesson does not match up. Also, this is a very technical subject and there is not enough information to really feel confident I can integrate this into my own project and be confident I have a secure auth system. It's a shame because this is an intersting subject.

If the intention of the video was to offer a brief overview of auth and then advocate AuthO, this should be mentioned.

THANK YOU @Todd!!

I believe there is a step that is missing. When getting a valid JWT from https://jwt.io, you need to update the secret key to match the secret key in your code, in this example, "mysupersecretkey".

You can update the secret key on https://jwt.io in the last section of "Decoded" where it says "Verify Signature". There is a text input to enter your secret key. After updated your key, the encoded JWT will update automatically. Copy and paste this key into Postman to fix the "invalid signature" error.

Thanks, @Todd

I believe there is a step that is missing. When getting a valid JWT from https://jwt.io, you need to update the secret key to match the secret key in your code, in this example, "mysupersecretkey".

You can update the secret key on https://jwt.io in the last section of "Decoded" where it says "Verify Signature". There is a text input to enter your secret key. After updated your key, the encoded JWT will update automatically. Copy and paste this key into Postman to fix the "invalid signature" error.

I hit a wall in this course at this video. Spending a lot of time trying to make up for knowledge gaps and inconsistencies in the lessons code. Philips comment sums it up well.

If someone is running into a "algorithms should be set" error, just add the algorithms array to the jwtCheck definition like so:

const jwtCheck = expressjwt({ secret: "mysupersecretkey", algorithms: ["HS256"], })

Just to expand on the comment above, if you do run into an "algorithms should be set" error, there's a change between the version of jwt-express used in this video and the current one (version 6 at time of writing). You can either run "npm install express-jwt@5.3.3" to install the latest version of version 5.x.x, or you can add the algorithm as an option in the expressjwt constructor (more info here https://stackoverflow.com/questions/62665636/if-options-algorithms-throw-new-erroralgorithms-should-be-set-error-alg)

I'm getting an error while running this file: expressjwt is not a function can someone please help me out?

@anatta with new version of expressjwt there is no default export so use it like that

const { expressjwt } = require('express-jwt');
...
const jwtCheck = expressjwt({
  secret: 'secret',
  algorithms: ["HS256"],
});

Argument alghoritms is required