Moonshoot
- Intro
You may read the “JOSE” keyword when searching the Internet for details on JSON web tokens. Well, you’re likely to find “JOSE” in references to the JWT specification and not in actionable tutorials.
What is JOSE in combination with JWT? That’s a good question!
JWT defines the token format, but JOSE defines a collection of specifications. For example, JOSE defines how to handle signing or encryption when using JWTs.
Let’s explore JWT and JOSE in more detail and how both work together!
hapi Series Overview
- hapi
- Futureflix
- Futureflix API
- Build a Rate Limiter
- JWT Authentication
- Server
- Authentication
- Views
- Plugins
- Routes
- Requests
- Responses
- Validation
- Security
- Logging
- Testing
- Deployments
-
What You’ll Build
-
Prepare Your Project: Stack & Structure
-
Environment Variables and Storing Secrets
-
Set Up MongoDB and Connect With Mongoose
-
Sending Emails in Node.js
-
Load the User’s Profile Picture From Gravatar Using Virtuals in Mongoose
-
Implement a User Profile Editing Screen
-
Generate a Username in Mongoose Middleware
-
Displaying Seasons and Episodes for TV Shows with Mongoose Relationship Population
-
Implementing Pagination for Movies
-
Implement a Watchlist
-
Create a Full Text Search with MongoDB
- What You’ll Build
- Prepare Your Project: Stack & Structure
- Environment Variables and Storing Secrets
- Set Up MongoDB and Connect With Mongoose
- Sending Emails in Node.js
- Load the User’s Profile Picture From Gravatar Using Virtuals in Mongoose
- Implement a User Profile Editing Screen
- Generate a Username in Mongoose Middleware
- Displaying Seasons and Episodes for TV Shows with Mongoose Relationship Population
- Implementing Pagination for Movies
- Implement a Watchlist
- Create a Full Text Search with MongoDB
-
Create a REST API with JSON Endpoints
-
Update Mongoose Models for JSON Responses
-
API Pagination for TV Shows
-
Customize API Endpoints with Query Parameters
-
Always Throw and Handle API Validation Errors
-
Advanced API Validation With Custom Errors
-
Create an API Documentation with Swagger
-
Customize Your Swagger API Documentation URL
-
Describe Endpoint Details in Your Swagger API Documentation
-
10 Tips on API Testing With Postman
-
JWT Authentication in Swagger API Documentation
-
API Versioning with Request Headers
- Create a REST API with JSON Endpoints
- Update Mongoose Models for JSON Responses
- API Pagination for TV Shows
- Customize API Endpoints with Query Parameters
- Always Throw and Handle API Validation Errors
- Advanced API Validation With Custom Errors
- Create an API Documentation with Swagger
- Customize Your Swagger API Documentation URL
- Describe Endpoint Details in Your Swagger API Documentation
- 10 Tips on API Testing With Postman
- JWT Authentication in Swagger API Documentation
- API Versioning with Request Headers
-
API Login With Username and Password to Generate a JWT
-
JWT Authentication and Private API Endpoints
-
Refresh Tokens With JWT Authentication
-
Create a JWT Utility
-
JWT Refresh Token for Multiple Devices
-
Check Refresh Token in Authentication Strategy
-
Rate Limit Your Refresh Token API Endpoint
-
How to Revoke a JWT
-
Invalidate JWTs With Blacklists
-
JWT Logout (Part 1/2)
-
JWT “Immediate” Logout (Part 2/2)
-
A Better Place to Invalidate Tokens
-
How to Switch the JWT Signing Algorithm
-
Roll Your Own Refresh Token Authentication Scheme
-
JWT Claims 101
-
Use JWT With Asymmetric Signatures (RS256 & Co.)
-
Encrypt the JWT Payload (The Simple Way)
-
Increase JWT Security Beyond the Signature
-
Unsigned JSON Web Tokens (Unsecured JWS)
-
JWK and JWKS Overview
-
Provide a JWKS API Endpoint
-
Create a JWK from a Shared Secret
-
JWT Verification via JWKS API Endpoint
-
What is JOSE in JWT
-
Encrypt a JWT (the JWE Way)
-
Authenticate Encrypted JWTs (JWE)
-
Encrypted and Signed JWT (Nested JWT)
-
Bringing Back JWT Decoding and Authentication
-
Bringing Back JWT Claims in the JWT Payload
- API Login With Username and Password to Generate a JWT
- JWT Authentication and Private API Endpoints
- Refresh Tokens With JWT Authentication
- Create a JWT Utility
- JWT Refresh Token for Multiple Devices
- Check Refresh Token in Authentication Strategy
- Rate Limit Your Refresh Token API Endpoint
- How to Revoke a JWT
- Invalidate JWTs With Blacklists
- JWT Logout (Part 1/2)
- JWT “Immediate” Logout (Part 2/2)
- A Better Place to Invalidate Tokens
- How to Switch the JWT Signing Algorithm
- Roll Your Own Refresh Token Authentication Scheme
- JWT Claims 101
- Use JWT With Asymmetric Signatures (RS256 & Co.)
- Encrypt the JWT Payload (The Simple Way)
- Increase JWT Security Beyond the Signature
- Unsigned JSON Web Tokens (Unsecured JWS)
- JWK and JWKS Overview
- Provide a JWKS API Endpoint
- Create a JWK from a Shared Secret
- JWT Verification via JWKS API Endpoint
- What is JOSE in JWT
- Encrypt a JWT (the JWE Way)
- Authenticate Encrypted JWTs (JWE)
- Encrypted and Signed JWT (Nested JWT)
- Bringing Back JWT Decoding and Authentication
- Bringing Back JWT Claims in the JWT Payload
-
Basic Authentication With Username and Password
-
Authentication and Remember Me Using Cookies
-
How to Set a Default Authentication Strategy
-
Define Multiple Authentication Strategies for a Route
-
Restrict User Access With Scopes
-
Show „Insufficient Scope“ View for Routes With Restricted Access
-
Access Restriction With Dynamic and Advanced Scopes
-
hapi - How to Fix „unknown authentication strategy“
-
Authenticate with GitHub And Remember the Login
-
Authenticate with GitLab And Remember the User
-
How to Combine Bell With Another Authentication Strategy
-
Custom OAuth Bell Strategy to Connect With any Server
-
Redirect to Previous Page After Login
-
How to Implement a Complete Sign Up Flow With Email and Password
-
How to Implement a Complete Login Flow
-
Implement a Password-Reset Flow
- Basic Authentication With Username and Password
- Authentication and Remember Me Using Cookies
- How to Set a Default Authentication Strategy
- Define Multiple Authentication Strategies for a Route
- Restrict User Access With Scopes
- Show „Insufficient Scope“ View for Routes With Restricted Access
- Access Restriction With Dynamic and Advanced Scopes
- hapi - How to Fix „unknown authentication strategy“
- Authenticate with GitHub And Remember the Login
- Authenticate with GitLab And Remember the User
- How to Combine Bell With Another Authentication Strategy
- Custom OAuth Bell Strategy to Connect With any Server
- Redirect to Previous Page After Login
- How to Implement a Complete Sign Up Flow With Email and Password
- How to Implement a Complete Login Flow
- Implement a Password-Reset Flow
-
Views in hapi 9 (and above)
-
How to Render and Reply Views
-
How to Reply and Render Pug Views (Using Pug 2.0)
-
How to Create a Dynamic Handlebars Layout Template
-
Create and Use Handlebars Partial Views
-
Create and Use Custom Handlebars Helpers
-
Specify a Different Handlebars Layout for a Specific View
-
How to Create Jade-Like Layout Blocks in Handlebars
-
Use Vue.js Mustache Tags in Handlebars Templates
-
How to Use Multiple Handlebars Layouts
- Views in hapi 9 (and above)
- How to Render and Reply Views
- How to Reply and Render Pug Views (Using Pug 2.0)
- How to Create a Dynamic Handlebars Layout Template
- Create and Use Handlebars Partial Views
- Create and Use Custom Handlebars Helpers
- Specify a Different Handlebars Layout for a Specific View
- How to Create Jade-Like Layout Blocks in Handlebars
- Use Vue.js Mustache Tags in Handlebars Templates
- How to Use Multiple Handlebars Layouts
-
How to Access and Handle Request Payload
-
Access Request Headers
-
How to Manage Cookies and HTTP States Across Requests
-
Detect and Get the Client IP Address
-
How to Upload Files
-
Quick Access to Logged In User in Route Handlers
-
How to Fix “handler method did not return a value, a promise, or throw an error”
-
How to Fix “X must return an error, a takeover response, or a continue signal”
- How to Access and Handle Request Payload
- Access Request Headers
- How to Manage Cookies and HTTP States Across Requests
- Detect and Get the Client IP Address
- How to Upload Files
- Quick Access to Logged In User in Route Handlers
- How to Fix “handler method did not return a value, a promise, or throw an error”
- How to Fix “X must return an error, a takeover response, or a continue signal”
-
Query Parameter Validation With Joi
-
Path Parameter Validation With Joi
-
Request Payload Validation With Joi
-
Validate Query and Path Parameters, Payload and Headers All at Once on Your Routes
-
Validate Request Headers With Joi
-
Reply Custom View for Failed Validations
-
Handle Failed Validations and Show Errors Details at Inputs
-
How to Fix AssertionError, Cannot validate HEAD or GET requests
- Query Parameter Validation With Joi
- Path Parameter Validation With Joi
- Request Payload Validation With Joi
- Validate Query and Path Parameters, Payload and Headers All at Once on Your Routes
- Validate Request Headers With Joi
- Reply Custom View for Failed Validations
- Handle Failed Validations and Show Errors Details at Inputs
- How to Fix AssertionError, Cannot validate HEAD or GET requests
Continue reading
Build “Futureflix” and be hapi 😉
Futureflix is your own Netflix-like streaming platform and the app you’re building throughout the learn hapi learning path.
Other courses in the Internet use basic and simple examples. That leaves you with a guessing game on complex features.
In learn hapi, you’ll implement an advanced hapi application from start to end
Grow yourself by working through user accounts & authentication, security, developer goodies, sending emails, building a REST API, full text search, powerful pagination.
