Authorization API has been implemented in #12, but it's still not utilised by client. This could be rather big task, let's discuss it and split for something smaller.
What need to done:
- Create a simple signup page (form with username and password).
- Create simple login page.
- Update all existing API endpoints with
middleware.access.validateToken.
- Update client side to use token while accessing any API methods.
- Update
README with all knowledge we gather through implementation.
Scenarios:
- If used has not logged on, it's not possible to open any application routes ('/tasks', '/contacts'), it should redirect to login.
- Once user logged on, put access token to to
localstore.
- Use the code from
README to to augment all requests with Authorize header (it reads token from localstore)
- Once token is invalidated (recieve 401 from any API method), user have to re-login.
Anything missing?
Authorization API has been implemented in #12, but it's still not utilised by client. This could be rather big task, let's discuss it and split for something smaller.
What need to done:
middleware.access.validateToken.READMEwith all knowledge we gather through implementation.Scenarios:
localstore.READMEto to augment all requests withAuthorizeheader (it reads token fromlocalstore)Anything missing?