Collectives™ on Stack Overflow

Find centralized, trusted content and collaborate around the technologies you use most.

Teams

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

i am new to JWT concepts while i am learning in this site

https://code.tutsplus.com/tutorials/jwt-authentication-in-angular--cms-32006

in the above link at this line :

  var token = jwt.sign(user, JWT_Secret);
he has written the jwt.sign() with only two parameters but while i saw few other posts where they are sending 3 parameters 
my doubt is that jwt.sign() is correct 
2) how to create a secret_token 
3) and how to send all the required parameters to send in the jwt.sign() method
please help me i hope you understood my problem ,friends please help me
                Welcome to StackOverflow. You'll have to try first yourself. Try to write the code, make it work. In case you stuck somewhere try and retry again. In case you are still stuck with the issue, then post the code and error message in SO. And I am sure someone here will be able to help you out.
– Sukhi
                Jul 13, 2019 at 4:45
If you read the JWT docs, the function can run in two modes: Synchronously (sync) and asynchronously (async). The function can automatically decide on which method to use depending on the number of parameters and type of parameters you provide the function, and the parameters you can supply are (in order):
The data/payload
Secret key/token
Options/configs (optional, can use callback here if you use default options)
Callback function (optional, will run in async mode if you provide this)
To illustrate this, read the code below:
// Synchronous
const syncToken = jwt.sign({payload: { x: 1, y: '2'}}, 'JWT_SECRET');
console.log(syncToken);
// Asynchronous
jwt.sign({payload: { x: 1, y: '2'}}, 'JWT_SECRET', (err, asyncToken) => {
  if (err) throw err;
  console.log(asyncToken);
As for the secret token, just make a hard coded one with no need to randomize, otherwise you wouldn't be able to consistently verify your tokens if at all possible. Or as an alternative, you can perform signing and verification asymmetrically by using algorithms such as RS256, or ES256 (using public and private key pair).
I hope this answer helps.
Reference:
https://github.com/auth0/node-jsonwebtoken
                what does it mean to run this function in a sync or async way ? When running in a sync way, the token generated is synchronized with a timer and, thus, has an expiration date ?
– joaoricardotg
                Jun 1, 2021 at 20:03
                In summary, sync just means that the rest of the code need to wait for the operation (blocking) and async does not. Read more here: stackoverflow.com/questions/27659116/node-js-sync-vs-async
– ionizer
                Jun 2, 2021 at 5:02
        
Thanks for contributing an answer to Stack Overflow!
Please be sure to answer the question. Provide details and share your research!
But avoid …
Asking for help, clarification, or responding to other answers.
Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.