Client-side authentication uses a JSON web token generated on the server that is then passed in each API call from the client to the server.

The token is set to automatically be appended to the header of each API call in /client/src/app/app.js

The client auth methods are located within the AuthProvider defined in /client/src/app/auth.js

The AuthProvider handles sign-in, sign-out and checking the user's permissions and active subscription.

The authentication process is:

  1. User signs in

  2. The server authenticates the user and generates a JWT token

  3. The token is returned to the client and AuthProvider stores the token

  4. When making an API call, the auth token is passed to the server

  5. The token is verified on the server

Permissions passed from the server can also be used to create private routes on the client-side using the <PrivateRoute> component.

Last updated