Client-side authentication uses a JSON web token generated on the server and then passed in each API call from the client.
The client auth methods are located within the AuthProvider defined in /client/src/app/auth.js
The AuthProvider handles signing in, signing out and checking the user's permissions and active subscription.
The authentication process is:
User signs in
Server authenticates the user and generates a token
Token is returned to the client and AuthProvider stores the token
When making an API call, authToken is automatically passed to the server
Token is verified on the server
Permissions passed from the server can also be used to create private routes on the client-side using the <PrivateRoute> component.