When I built my social media automation platform, I used AI tools to generate a lot of the code.
Everything seemed to work — login, dashboard, APIs. But when I looked deeper, I realized something important:
I didn’t fully understand what was happening inside my own project.
So I decided to slow down and learn the core concepts properly: JWT authentication, AES encryption, database design, and debugging.
Here’s what I learned.
Understanding JWT (Authentication)
At first, I thought JWT was just a login token. But it’s more than that.
A typical flow looks like this:
User logs in → password verified → JWT created
→ frontend stores token → sends it in each request
→ backend verifies token → access granted
JWT is essentially structured data that is signed using a secret key.
Example:
from jose import jwt
from datetime import datetime, timedelta
def create_token(email):
return jwt.encode({
"sub": email,
"exp": datetime.utcnow() + timedelta(minutes=60)
}, SECRET_KEY, algorithm="HS256")
Once I understood this, authentication became much clearer.
Debugging JWT Using jwt.io
One of the most useful tools I used was jwt.io.
I pasted my token into the debugger and could immediately see:
- The user email
- Expiry time
- Algorithm used
When I added my secret key, the tool verified the signature.
This helped me understand that JWT is not encrypted — it is encoded and signed.
AES Encryption for Security
My project allows users to connect platforms like LinkedIn and Telegram. That means handling sensitive data such as API keys and tokens.
Storing these values directly is risky.
To solve this, I used AES encryption (via Fernet):
from cryptography.fernet import Fernet
key = Fernet.generate_key()
f = Fernet(key)
encrypted = f.encrypt(b"api_key")
decrypted = f.decrypt(encrypted)
This ensures that even if the database is exposed, the data remains protected.
Database Design
I chose:
- SQLite for simplicity and lightweight storage
- SQLAlchemy as the ORM for clean, Python-based database interaction
This allowed me to focus on building features instead of managing database complexity.
Understanding the Project Structure
Initially, the folder structure didn’t make much sense.
Now I see it clearly:
Frontend → Router → Service → Database
Each layer has a specific role:
- Frontend handles user interaction
- Router handles API endpoints
- Service contains business logic
- Database stores data
A Critical Bug I Fixed
At one point, I discovered a major issue.
No matter who logged in, my Telegram account was being used.
This meant all users were sharing the same session — a serious security problem.
I fixed it by:
- Assigning each user their own credentials
- Storing those credentials securely (encrypted)
- Removing any global/shared session usage
What I Learned
- JWT is signed data used for authentication
- AES encryption protects sensitive information
- ORM tools simplify database operations
- Debugging is essential to truly understand your system
Final Thought
AI can help you build faster, but understanding what you build is what actually makes you a developer.
What’s Next
- Implementing refresh tokens
- Improving security practices
- Deploying the application
If you're building projects with AI, take the time to break things down and understand them. That’s where real learning happens.
Top comments (0)