JWT Expiry

[sergiomercado19]

A JWT consists of 3 sections: header, payload and signature. These can be observed in the JWT itself where they are separated by dots: <header>.<payload>.<signature>

The JWT payload has an expiry field that holds an epoch timestamp. Our current JWT is set to expire on the 2020-11-25 at 3:38pm (AEST). Since this is a development JWT it is fine to reset it manually, but once we deploy the JWT expiry should be set dynamically.

Resetting process

1. Find the JWT in backend/server/constants.go. It is the string after Bearer in the AUTH_TOKEN constant.
2. Copy it into https://jwt.io/
3. Place the JWT_SECRET in the signature section of the this tool.
4. Put the epoch time of the new expiry timestamp you wish to set in the exp field of the JWT payload.
5. After the Encoded token updates, copy it over to constants.go and replace the old JWT.

[glebme]

@sergiomercado19 this needs to be updated with new information regarding the .env file for both local and github actions.