Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:02,100 --> 00:00:04,960 So now that we are able to login 2 00:00:04,960 --> 00:00:08,330 let's make sure we actually do send this request 3 00:00:08,330 --> 00:00:10,150 to a protected resource 4 00:00:10,150 --> 00:00:13,480 so that we see how that authentication token can 5 00:00:13,480 --> 00:00:16,290 and should be used in such cases. 6 00:00:16,290 --> 00:00:17,340 And for this, I wanna stick 7 00:00:17,340 --> 00:00:20,090 to this Firebase auth REST API, 8 00:00:20,090 --> 00:00:23,550 though, of course a protected API end point 9 00:00:23,550 --> 00:00:25,560 could be any kind of end point. 10 00:00:25,560 --> 00:00:28,570 It could be from the Firebase REST API 11 00:00:28,570 --> 00:00:31,633 for talking to that real time database as well. 12 00:00:32,950 --> 00:00:36,230 There you could also end force authentication 13 00:00:36,230 --> 00:00:38,420 through those rules here. 14 00:00:38,420 --> 00:00:39,860 We haven't done this yet, 15 00:00:39,860 --> 00:00:41,820 but you could do that here as well. 16 00:00:41,820 --> 00:00:44,660 But I wanna stick to this basic example 17 00:00:44,660 --> 00:00:47,240 of changing the user password. 18 00:00:47,240 --> 00:00:51,090 And for this we got this extra API end point here 19 00:00:51,090 --> 00:00:54,170 in the Firebase Auth REST API docs. 20 00:00:54,170 --> 00:00:58,510 And it's this URL we need to send the request to. 21 00:00:58,510 --> 00:01:00,070 The important thing here 22 00:01:00,070 --> 00:01:01,900 is that in the request body, 23 00:01:01,900 --> 00:01:04,599 we need to attach such a ID token 24 00:01:04,599 --> 00:01:06,730 that identifies the user 25 00:01:06,730 --> 00:01:09,840 for whom we wanna change the password. 26 00:01:09,840 --> 00:01:11,300 And that makes a lot of sense 27 00:01:11,300 --> 00:01:12,970 because for changing the password, 28 00:01:12,970 --> 00:01:15,670 we need to know which user that is. 29 00:01:15,670 --> 00:01:18,170 And you could of course think that 30 00:01:18,170 --> 00:01:21,820 we could also specify the email address here 31 00:01:21,820 --> 00:01:25,090 instead of the token for identifying a user. 32 00:01:25,090 --> 00:01:26,780 But if that would be the case, 33 00:01:26,780 --> 00:01:29,590 any user who knows that email address 34 00:01:29,590 --> 00:01:33,620 would be able to send such a request to change the password 35 00:01:33,620 --> 00:01:35,270 for that email address; 36 00:01:35,270 --> 00:01:38,020 even if that's not your email address. 37 00:01:38,020 --> 00:01:40,810 And that's of course definitely nothing we want, 38 00:01:40,810 --> 00:01:43,540 definitely nothing to Firebase team wants. 39 00:01:43,540 --> 00:01:47,210 And that's why instead, we need to send this ID token 40 00:01:47,210 --> 00:01:49,963 which we only have after logging in. 41 00:01:50,960 --> 00:01:54,860 And therefore it's now this profile page. 42 00:01:54,860 --> 00:01:56,240 Here's the profile form, 43 00:01:56,240 --> 00:01:57,900 where we get to the user input 44 00:01:57,900 --> 00:02:00,800 where we wanna send such a request. 45 00:02:00,800 --> 00:02:02,830 For this I'll first of all quickly start 46 00:02:02,830 --> 00:02:04,570 by handling this form submission 47 00:02:04,570 --> 00:02:06,440 and gathering that user input. 48 00:02:06,440 --> 00:02:10,600 And uh, for that all again use, useRef here. 49 00:02:10,600 --> 00:02:13,000 Of course, you could also work with state, 50 00:02:13,000 --> 00:02:15,030 instead if you prefer that. 51 00:02:15,030 --> 00:02:20,030 But I'll just quickly get my new password input ref here 52 00:02:20,280 --> 00:02:21,113 with useRef 53 00:02:22,320 --> 00:02:26,000 and then add my submit handler function here, 54 00:02:26,000 --> 00:02:28,520 where I also get the, that event object 55 00:02:28,520 --> 00:02:30,263 and where we then call event 56 00:02:30,263 --> 00:02:33,360 preventDefault as we did it before. 57 00:02:33,360 --> 00:02:36,070 And it's just separate handler, which we bind 58 00:02:36,070 --> 00:02:40,033 to the onSubmit event on that form, like this. 59 00:02:41,300 --> 00:02:42,890 Now in that submit handler 60 00:02:42,890 --> 00:02:47,890 we want to extract the enteredNewPassword the user provided 61 00:02:48,270 --> 00:02:49,103 by reaching out 62 00:02:49,103 --> 00:02:52,930 to the new password inputRef dot current dot value. 63 00:02:52,930 --> 00:02:53,810 And for this, of course 64 00:02:53,810 --> 00:02:56,260 we need to connect this Ref to the input. 65 00:02:56,260 --> 00:02:58,510 So, let's grab that Ref 66 00:02:58,510 --> 00:03:02,563 and bind here to this Ref Prop on the input. 67 00:03:04,350 --> 00:03:08,420 Now, we can add validation here if you want to, 68 00:03:08,420 --> 00:03:12,240 but that's again not the focus of this course section, 69 00:03:12,240 --> 00:03:15,470 and therefore instead I now wanna use that password 70 00:03:15,470 --> 00:03:17,680 to send the request. 71 00:03:17,680 --> 00:03:21,050 We could now send that request here 72 00:03:21,050 --> 00:03:23,920 in this profile form component 73 00:03:23,920 --> 00:03:28,140 or we do it in the user profile component 74 00:03:28,140 --> 00:03:31,020 by basically emitting an event. 75 00:03:31,020 --> 00:03:33,200 So by taking a function as a prop 76 00:03:33,200 --> 00:03:36,513 and calling that function from inside profile form. 77 00:03:37,550 --> 00:03:39,900 But I'll send the request right away here 78 00:03:39,900 --> 00:03:43,210 from insight profile form, and for this, 79 00:03:43,210 --> 00:03:47,520 we need to send the request to this URL. 80 00:03:47,520 --> 00:03:48,753 So let's grab that URL. 81 00:03:50,180 --> 00:03:52,920 And then, again, we can use the fetch function 82 00:03:52,920 --> 00:03:54,693 to send that request. 83 00:03:55,570 --> 00:03:58,230 Again here we also need to API key. 84 00:03:58,230 --> 00:04:01,710 This has nothing to do with the user authentication. 85 00:04:01,710 --> 00:04:05,020 This just identifies the Firebase project, 86 00:04:05,020 --> 00:04:07,150 in which that user is stored. 87 00:04:07,150 --> 00:04:10,250 And of course that API key is that same API key 88 00:04:10,250 --> 00:04:13,450 we used before, here in the auth form, 89 00:04:13,450 --> 00:04:17,209 so we can copy that API key from there. 90 00:04:17,209 --> 00:04:20,000 Alternatively, you can of course store it 91 00:04:20,000 --> 00:04:24,410 in some global constant variable and reuse stat. 92 00:04:24,410 --> 00:04:26,653 But here I'll just copy and paste it again. 93 00:04:28,910 --> 00:04:32,130 Now we do want to send a post request 94 00:04:32,130 --> 00:04:36,000 with some Jason data here to this URL 95 00:04:36,000 --> 00:04:39,030 and therefore I'll set the second argument on fetch, 96 00:04:39,030 --> 00:04:40,837 set the method to 'POST'. 97 00:04:41,950 --> 00:04:46,950 Set the body, to some Jason body with Jason stringify. 98 00:04:48,260 --> 00:04:51,230 And before we add the actual body, 99 00:04:51,230 --> 00:04:53,800 I'll already set my headers to an object 100 00:04:53,800 --> 00:04:58,683 where a content type is set to application Jason. 101 00:04:59,890 --> 00:05:04,410 Now to Jason stringify we can pass it, this object here. 102 00:05:04,410 --> 00:05:08,330 And now that object, which makes up our request body, 103 00:05:08,330 --> 00:05:11,230 should have this ID token field 104 00:05:11,230 --> 00:05:14,160 the new password we want to set 105 00:05:14,160 --> 00:05:18,140 and this return secure token, uh field, 106 00:05:18,140 --> 00:05:20,950 which uh, in this case doesn't have to be true, 107 00:05:20,950 --> 00:05:25,760 but it could be true if we want to get a new token 108 00:05:25,760 --> 00:05:27,383 in response. 109 00:05:28,400 --> 00:05:29,980 So therefore I'll do that. 110 00:05:29,980 --> 00:05:34,320 I'll add this ID token field, that password field 111 00:05:34,320 --> 00:05:39,320 and then thereafter this return secure token field, 112 00:05:40,170 --> 00:05:42,023 which is wanted here. 113 00:05:43,390 --> 00:05:45,500 Now we need that ID token 114 00:05:45,500 --> 00:05:47,950 and that is stored in our context. 115 00:05:47,950 --> 00:05:50,400 So we need use context here 116 00:05:50,400 --> 00:05:52,880 in this profile form component 117 00:05:52,880 --> 00:05:55,660 to tap into our context. 118 00:05:55,660 --> 00:05:58,020 And then we can call use context 119 00:05:58,020 --> 00:06:02,620 as we did it before to then tap into the auth context 120 00:06:02,620 --> 00:06:05,733 which we therefore of course also needs to import. 121 00:06:07,900 --> 00:06:10,753 And then here we get the auth context 122 00:06:10,753 --> 00:06:12,853 from which we can get our token. 123 00:06:15,330 --> 00:06:20,243 Now here, ID token is off context the dot token. 124 00:06:22,100 --> 00:06:25,830 The new password is the entered new password here 125 00:06:27,670 --> 00:06:30,950 and then returned secure token, all set this 126 00:06:30,950 --> 00:06:33,883 to false here and see if that works as well. 127 00:06:35,340 --> 00:06:37,120 Now this sends a request and again, 128 00:06:37,120 --> 00:06:40,280 we can handle success and error cases, 129 00:06:40,280 --> 00:06:43,470 and we definitely would want to check again 130 00:06:43,470 --> 00:06:46,020 if Firebase throws an error 131 00:06:46,020 --> 00:06:48,780 because of the new password is too short. 132 00:06:48,780 --> 00:06:52,360 Then of course, we, again, will fail 133 00:06:52,360 --> 00:06:53,993 to set that password. 134 00:06:54,830 --> 00:06:57,850 Now to keep things a bit simpler here. 135 00:06:57,850 --> 00:07:01,180 Since we already went through that error handling 136 00:07:01,180 --> 00:07:04,480 in the auth form component here, I'll not do it here, 137 00:07:04,480 --> 00:07:08,340 though you can add that, also with a sync await, 138 00:07:08,340 --> 00:07:11,480 and instead here on this input for the password. 139 00:07:11,480 --> 00:07:14,800 I'll just add the built-in min length 140 00:07:15,890 --> 00:07:19,990 attribute and set this to seven here 141 00:07:19,990 --> 00:07:22,910 so that we enforce a minimum password length 142 00:07:22,910 --> 00:07:26,050 of seven characters here by the browser, 143 00:07:26,050 --> 00:07:28,540 which is not the only form of validation 144 00:07:28,540 --> 00:07:31,390 you should rely since this can be disabled 145 00:07:31,390 --> 00:07:32,810 with the Def tools 146 00:07:32,810 --> 00:07:35,710 but it's a basic validation we have here. 147 00:07:35,710 --> 00:07:37,560 Of course you would want to add 148 00:07:37,560 --> 00:07:39,830 proper error handling up here, 149 00:07:39,830 --> 00:07:42,450 but to keep things a bit simpler as mentioned, 150 00:07:42,450 --> 00:07:46,020 I'll just add to this then block where we get the response 151 00:07:46,020 --> 00:07:48,300 and I will simply assume here 152 00:07:48,300 --> 00:07:51,093 that this always succeeds. 153 00:07:52,170 --> 00:07:53,870 Which of course is not realistic 154 00:07:53,870 --> 00:07:55,860 but saves us some time here 155 00:07:55,860 --> 00:07:59,000 to focus on the essence of this module. 156 00:07:59,000 --> 00:08:02,900 And the essence is, that at this point, 157 00:08:02,900 --> 00:08:04,840 we know, since we assumed 158 00:08:04,840 --> 00:08:08,060 that the submitted password is correct. 159 00:08:08,060 --> 00:08:11,410 That changing that password, worked. 160 00:08:11,410 --> 00:08:14,590 So therefore, soon we can redirect the user then 161 00:08:14,590 --> 00:08:16,180 if we want to. 162 00:08:16,180 --> 00:08:19,420 At the moment, I'll not do anything here. 163 00:08:19,420 --> 00:08:21,530 And instead, I'll just save this 164 00:08:21,530 --> 00:08:23,343 and I'll give this a try now. 165 00:08:24,300 --> 00:08:26,290 For that I'll log in again. 166 00:08:26,290 --> 00:08:28,890 So I reloaded the page and I log in again 167 00:08:28,890 --> 00:08:32,183 to ensure that I have a fresh token, 168 00:08:33,429 --> 00:08:36,890 click login, go to the profile 169 00:08:36,890 --> 00:08:40,510 and then I'll enter a new valid password here 170 00:08:40,510 --> 00:08:42,222 and I'll click change password. 171 00:08:43,480 --> 00:08:45,610 Now we don't get any feedback here 172 00:08:45,610 --> 00:08:47,450 for the reasons mentioned, 173 00:08:47,450 --> 00:08:50,163 but if we have a look at the network tab here, 174 00:08:53,430 --> 00:08:57,220 then we see that a request was sent down there, 175 00:08:57,220 --> 00:08:58,763 a post request, 176 00:09:00,100 --> 00:09:05,100 where on the request we sent that token and so on. 177 00:09:05,710 --> 00:09:08,580 And then we got no response back, 178 00:09:08,580 --> 00:09:12,703 uh, probably because I said returns secure token to false. 179 00:09:13,540 --> 00:09:16,480 But we can of course validate wherever that worked 180 00:09:16,480 --> 00:09:19,680 by reloading again and going to the login page. 181 00:09:19,680 --> 00:09:23,190 And now I'll try logging in with that old password 182 00:09:24,160 --> 00:09:26,950 and that fails; I get authentication failed here 183 00:09:26,950 --> 00:09:29,350 and we get this error request 184 00:09:29,350 --> 00:09:32,190 where the respond says invalid password. 185 00:09:32,190 --> 00:09:36,030 And only if I switched to the new password, it works. 186 00:09:36,030 --> 00:09:38,620 So changing the password worked. 187 00:09:38,620 --> 00:09:41,250 And that's how we can use stat token 188 00:09:41,250 --> 00:09:46,250 for requests to authenticated API end points. 189 00:09:46,330 --> 00:09:49,440 Now it will depend on the end point 190 00:09:49,440 --> 00:09:51,740 how the token should be added. 191 00:09:51,740 --> 00:09:54,660 Here we added in the request body. 192 00:09:54,660 --> 00:09:57,590 For other endpoints, you might need to add it 193 00:09:57,590 --> 00:09:59,350 as a query parameter, 194 00:09:59,350 --> 00:10:02,690 like this here, that you add a token query parameter, 195 00:10:02,690 --> 00:10:04,900 which then holds the token. 196 00:10:04,900 --> 00:10:07,720 And for yet our API end points, 197 00:10:07,720 --> 00:10:10,020 you might need to add it in the headers, 198 00:10:10,020 --> 00:10:12,380 maybe with the authorization header 199 00:10:12,380 --> 00:10:14,030 which is something like Bearer, 200 00:10:14,030 --> 00:10:15,870 and then your token. 201 00:10:15,870 --> 00:10:18,270 That is also something you'll often see 202 00:10:18,270 --> 00:10:20,420 for a certain APIs. 203 00:10:20,420 --> 00:10:23,950 So that depends on the API you're using. 204 00:10:23,950 --> 00:10:25,880 If you are building your own API, 205 00:10:25,880 --> 00:10:27,490 you can of course decide 206 00:10:27,490 --> 00:10:29,950 where you expect that token. 207 00:10:29,950 --> 00:10:32,940 If you are working with some third party API 208 00:10:32,940 --> 00:10:34,250 as we're doing it here, 209 00:10:34,250 --> 00:10:36,250 you'll have to check the API docs 210 00:10:36,250 --> 00:10:39,580 to find out how the token should be added. 211 00:10:39,580 --> 00:10:42,230 I mentioned it before, but I'll mention it again. 212 00:10:42,230 --> 00:10:46,210 In my Main course, where we build a full stack application 213 00:10:46,210 --> 00:10:48,520 with react and node and express, 214 00:10:48,520 --> 00:10:50,840 there we also build an API. 215 00:10:50,840 --> 00:10:53,480 So there you also see that other side 216 00:10:53,480 --> 00:10:57,060 and you see how you could also provide the token 217 00:10:57,060 --> 00:10:59,340 with help of the headers. 218 00:10:59,340 --> 00:11:01,890 Here we added in the request body, 219 00:11:01,890 --> 00:11:04,140 and that's how we can now use the token 220 00:11:04,140 --> 00:11:06,313 for such a protected request. 16881