WEBVTT

00:01.470 --> 00:06.690
So now that we know that everything seems to be connected properly, let's generate a token and we're

00:06.690 --> 00:13.170
of course, we're going to initiate that request here in Handler's API right before we generate and

00:13.170 --> 00:14.100
send the payload.

00:14.310 --> 00:16.160
So how are we going to generate the token?

00:18.350 --> 00:22.140
Well, to start with, I'm going to create a new file in my model's folder.

00:22.190 --> 00:28.250
Now I'm putting it in my model's folder because I might at some point in the future, need to have access

00:28.250 --> 00:33.470
to this functionality from some other application that uses this same code base as a starting point.

00:34.070 --> 00:39.470
So I'll create a new file in there in models called Tokens Go.

00:41.720 --> 00:47.810
And it will be package models and what I'm going to do, first of all, is declare constant and I'll

00:47.810 --> 00:51.500
explain why this exists before too long and I might have more than one constant.

00:51.510 --> 00:52.400
So I'll put it this way.

00:53.000 --> 00:59.320
I'm going to call this scope authentication, and that will be equal to the string authentication.

01:00.020 --> 01:05.090
I quite often when you're working with an API, you'll have different kinds of scope.

01:05.100 --> 01:10.010
And it's generally considered good practice to identify the scope for some particular piece of your

01:10.010 --> 01:10.330
code.

01:10.850 --> 01:15.010
And of course, right now we just have one scope authentication, but we might have more later on.

01:15.020 --> 01:21.740
So I'm going to declare that now I'll declare a type and this type will be called token and it is a

01:21.740 --> 01:22.160
structure.

01:22.310 --> 01:25.440
And this is what we're going to store our token in this type.

01:26.480 --> 01:32.180
So the first field will be plaintext and this will be the actual token itself and it will be a string

01:32.900 --> 01:40.770
and it will be in JSON called Token, because that's more meaningful to the end user.

01:42.350 --> 01:47.580
It's also going to have a user ID and that will be the idea of the user from the database.

01:47.600 --> 01:52.970
I'm going to make this one in sixty four because that's what Jason likes to have, but I'm not going

01:52.970 --> 01:54.530
to hand that back in Jason.

01:54.560 --> 01:57.740
OK, so we'll make this nothing in Jason.

01:58.400 --> 01:59.630
I might change that later on.

01:59.630 --> 02:01.550
That's why I'm using it.

02:01.550 --> 02:07.250
Sixty four as the type and the hash which will be a slice of bytes.

02:08.720 --> 02:12.410
And again I'm not going to hand that back in any Jason I generate

02:16.190 --> 02:17.380
next to have the expiry.

02:17.810 --> 02:20.630
How long does this token last and that be a type time.

02:20.840 --> 02:21.230
Time.

02:22.940 --> 02:27.200
And I am going to hand that back with Jason and I'll call that expiry.

02:30.230 --> 02:33.290
And finally, the scope, which will be a string.

02:33.860 --> 02:35.770
And I'm not going to hand that back in Jason either.

02:37.340 --> 02:38.710
OK, so that's my type.

02:38.720 --> 02:39.290
That's format.

02:39.290 --> 02:41.090
This looks good.

02:41.840 --> 02:43.190
It's important time for me.

02:43.190 --> 02:43.840
So we're good.

02:45.020 --> 02:50.480
So the next thing I'll do is create a function and it will be exported because I need to have access

02:50.480 --> 02:52.160
to it from outside of this package.

02:52.340 --> 02:58.010
I'll call that generate token and it will take a few parameters.

02:58.010 --> 03:00.200
It'll take user ID which will be in it.

03:01.430 --> 03:08.390
It will take ttle or time to life, which is time, duration, and it will take the scope, which is

03:08.390 --> 03:14.840
a strength and it will return a pointer to the type we just created, token and potentially an error.

03:17.060 --> 03:19.700
Now let's create a token.

03:20.210 --> 03:27.350
So I'll create a local variable called Token and it will be assigned the value of a reference to token

03:29.420 --> 03:32.360
and we'll populate its fields so its user ID

03:36.230 --> 03:41.540
will be the user already cast to sixty four, which is what this type expects to find.

03:41.990 --> 03:43.430
So our parameter user ID.

03:45.930 --> 03:55.590
It's expiry will be timed now don't add and we'll add the time to life which you received as a parameter

03:55.590 --> 04:01.260
to this function, and the scope will be the scope which we also received as a parameter in this function.

04:01.980 --> 04:03.140
So now I have this variable.

04:04.110 --> 04:08.340
The next thing I need to do is to make sure that this token is going to be secure.

04:08.490 --> 04:11.430
And one way to do that is by assigning some random bytes.

04:11.430 --> 04:14.880
So I'm going to generate a local variable called random bytes

04:17.610 --> 04:24.250
and that will be make slice of byte with the length of 16.

04:24.780 --> 04:31.830
OK, and now I'm going to ignore the first response from the function I'm about to call check for an

04:31.830 --> 04:34.890
error, and that comes from the random package.

04:34.920 --> 04:36.300
Now make sure you get the right one.

04:36.930 --> 04:40.380
Visual Studio code helpfully tells you this one is Krypto Rande.

04:40.380 --> 04:41.600
That is the one I want.

04:41.610 --> 04:45.440
I do not want Matheran, which is not suitable for cryptography.

04:45.570 --> 04:48.660
So Crypto Rande and that should do the import for me.

04:48.660 --> 04:53.520
And I did someone to call Randon read and I'll pass it.

04:53.520 --> 04:54.170
Renovates.

04:55.920 --> 04:59.430
OK, we'll check for an error if error is not equal to nil.

05:02.150 --> 05:03.830
Then return nil in the air.

05:04.370 --> 05:05.160
Something went wrong.

05:05.490 --> 05:07.450
OK, unlikely, but possible.

05:08.720 --> 05:11.060
Now we'll create our token plaintext.

05:11.060 --> 05:16.490
So token plaintext, the actual token we're going to be sending back to the end user and that's going

05:16.490 --> 05:20.340
to be equal to and we want it to be in a very specific format.

05:20.700 --> 05:30.680
OK, so the format is based thirty two, which is right from the encoding package, dot STD encoding,

05:32.060 --> 05:38.960
and I'm going to call with padding on that if necessary, and then it's going to be based thirty to

05:40.890 --> 05:41.590
no padding.

05:41.870 --> 05:48.350
So we're not going to have any padding, not in code to string and we're going to pass that random randomize

05:50.420 --> 05:58.220
and that will generate a hash hash is assigned the value of S.H. A and we want to fifty six right there,

05:58.460 --> 06:09.230
Krypto S.A.G. fifty six and we're going to call some two fifty six and that takes as its parameter casta

06:09.230 --> 06:16.750
a slice of bytes, token dot plain text and that gives us the necessary hash for our token.

06:17.180 --> 06:21.710
OK, and we take that value and stored in token don't hash.

06:25.030 --> 06:27.100
And that's going to be equal to hash

06:30.160 --> 06:36.100
like that, square brackets with a colon in the middle and that gets it in precisely the format we want

06:36.100 --> 06:36.550
it to be.

06:36.680 --> 06:40.020
And then we just return our token return token and no error.

06:41.380 --> 06:43.250
So generally, token is now available to us.

06:43.270 --> 06:44.110
Let's give it a comment.

06:48.190 --> 06:58.060
Generate token, generates a token that lasts for TDL and returns it.

06:58.570 --> 06:59.200
That's sufficient.

06:59.380 --> 07:03.180
OK, so this will generate our token.

07:03.190 --> 07:04.570
We've got to give this a comment too.

07:06.130 --> 07:07.420
And that one is comic.

07:07.560 --> 07:13.610
Tolkan is the type for authentication tokens.

07:14.680 --> 07:20.500
OK, so we've created this and in the next lecture we'll actually use it to generate a token and there's

07:20.500 --> 07:22.830
still a few steps left, but we're getting much closer.