Get a GitHub client ID and Secret for an OAuth Application

Add GitHub Authorization to an OAuth Client App

Create an OAuth Client-Server for code/token exchange

Parse for the Auth Code in a Query before Sending It to a Server

Exchange Auth Code in a Request for an Access Token

Fetch Protected Data from a Resource Server with an Access Token

Encode User Data with JSON Web Token (JWT)

Identify Users with JWT

Use JWT to Make a Protected Request

Handle a Protected Request with JWT

Add Github Login to Your Web App with OAuth 2.0

Now that we have our encoded JWT we need to be able to decode it!

The `jsonwebtoken` library makes this very easy. All we have to do is pass the `jwt` and our `token` to a decoder function. In that function definition we pass the arguments into the `verify` method and return the result.

https://app.egghead.io/api/v1/lessons/jwt-identify-users-with-jwt/subtitles

Instructor: [0:00] Create a decoded variable that stores the return value of an async function named verifyJWT. This function takes the token to be decoded and the secrets the token was encoded with.

[0:16] Log the decoded value to the console for inspection. Create the verified JWT function and call the verify method from the JSON Web Token library, passing it to JWT and the token secret.

[0:33] Head to the browser and click the Authorize link. Then head to the terminal, and you should see that the decoded values have been printed.

[0:44] If the verification threw an error, it means that either the JWT is invalid, has been messed with, or you have supplied a wrong secret. You can confirm this by passing a random string instead of the token as a secret. Click the Authorize link again, and you should get an error in the console.

Identify Users with JWT

Share this video with your friends

Course

Add Github Login to Your Web App with OAuth 2.0