The client will call this endpoint on login. If this authenticates, the client knows that the user will be authenticated for every subsequent API calls. There is no state on the API server that keeps a user logged in. Authentication is stateless on the server and so each subsequent API call will have to be re-validated.
The statelessness allows us to better synchronize the client and server on who is authenticated. It makes it so only one part of the stack needs to know who's currently logged in to a session. The API server doesn't need to do anything other than handle requests... so we won't make it store logged in sessions then.
User story: #12
The client will call this endpoint on login. If this authenticates, the client knows that the user will be authenticated for every subsequent API calls. There is no state on the API server that keeps a user logged in. Authentication is stateless on the server and so each subsequent API call will have to be re-validated.
The statelessness allows us to better synchronize the client and server on who is authenticated. It makes it so only one part of the stack needs to know who's currently logged in to a session. The API server doesn't need to do anything other than handle requests... so we won't make it store logged in sessions then.
Parameters:
Returns: