This past week I focused on user authentication and authorization with JSON web tokens (JWT) in .NET Core. I also completed my mid semester progress report, slightly modifying my goals and schedule after much reflection.

User Auth is a tricky subject. It falls under security and that could be a whole course on its own. Looking at the documentation and Microsoft learning resources I have come to love, as well as my .NET books, I could not find a beginner friendly tutorial so that I could have a basic amount of user authorization in my application. I also realized since this is my first project in a long time that separates the back end from the front end, I needed to relearn JWT. In other words, I was looking at a mountain of documentation on security and not finding a foothold. (Also the original tutorial I bookmarked no longer exists on Microsoft’s website and redirects to a different tutorial!).

An interesting thing I tried was asking ChatGPT to make me a beginner friendly tutorial on user authentication with JWT. This was helpful to give me a broad sense of all the parts and pieces but I was skeptical of the information and nervous about hallucinations.

I am so grateful for this YouTube video, JWT Authentication with .NET 9, which ended up really putting everything together on a beginner level. I watched it a couple times (it’s one hour long) and made my own miniproject implementation with SQLite and a basic version of my projects API. The great thing is that in between viewings the .NET documentation on Auth and JWT started making a lot more sense.

This week I will take my auth miniproject as a starting template for my actual project. I plan to take a break from structured learning and focus on my project planning documents as well as building a minimum viable product for my backend API that I can improve on for the rest of the summer. I’m also reviewing code commenting standards for .NET as well as git commit standards. I plan to exhibit professionalism from the very first commit.

My main impediment right now is taking care of a sick baby at home. I am able to get some things done intermittently on my phone, for example this weekly update, piazza, etc. but my time in front my computer is limited until he is back in daycare.

For my reflection: I think we often forget how much work is put in to securing our data and take it for granted. I know many people are annoyed when they have to enter in another password (again) but don’t often think about the countless hours in an ever evolving field to build trust in using technology. For reference, I remember when the internet was new, and my mother refused to enter her credit card in to a payment field on a website. Nowadays, with Amazon same day delivery and browsers storing your credit card number there is a tremendous amount of trust built on a tremendous amount of work done behind the scenes.

Screenshot

I learned of a fun new API testing interface called Scalar. This screenshot shows user authorization and authentication with JWT.

scalar screenshot