Client-side authentication uses a JSON web token generated on the server and then passed in each API call from the client.
The client auth methods are located within the AuthProvider defined in /client/src/app/auth.js
The AuthProvider handles signing in, signing out and checking the user's permissions and active subscription.
The authentication process is:
  1. 1.
    User signs in
  2. 2.
    Server authenticates the user and generates a token
  3. 3.
    Token is returned to the client and AuthProvider stores the token
  4. 4.
    When making an API call, authToken is automatically passed to the server
  5. 5.
    Token is verified on the server
Permissions passed from the server can also be used to create private routes on the client-side using the <PrivateRoute> component.