I've implemented simple sign-in/out view based on token.
Here, user detail view is allowed only to that exact user. Thus, GET without authorization returns an error.
We can get signed in at /auth/signin/ by http POST request with payload that consists of valid username and password. This returns an authorization token.
Now, we can authorize our requests by including the token in request header.
Of course, using some random string as a token does not work.
We can sign-out at /auth/signout/ by http POST request with Authorization token included in header.
This removes the token from the db, so that no more authorization is possible.
We can sign-up at /auth/signup/ by http POST request with valid username and password given as payload.
We can withdraw at /auth/withdraw/ by http POST request with valid username and password given as payload.
I've implemented simple sign-in/out view based on token. Here, user detail view is allowed only to that exact user. Thus,
GETwithout authorization returns an error.We can get signed in at /auth/signin/ by http
POSTrequest with payload that consists of validusernameandpassword. This returns an authorization token.Now, we can authorize our requests by including the token in request header.
Of course, using some random string as a token does not work.
We can sign-out at /auth/signout/ by http
POSTrequest with Authorization token included in header.This removes the token from the db, so that no more authorization is possible.
We can sign-up at /auth/signup/ by http
POSTrequest with valid username and password given as payload.We can withdraw at /auth/withdraw/ by http
POSTrequest with valid username and password given as payload.