I've implemented simple sign-in/out view based on token.
Here, user detail view is allowed only to that exact user. Thus, GET without authorization returns an error.
We can get signed in at /auth/signin/ by http POST request with payload that consists of valid username and password. This returns an authorization token.
Now, we can authorize our requests by including the token in request header.
Of course, using some random string as a token does not work.
We can sign-out at /auth/signout/ by http POST request with Authorization token included in header.
This removes the token from the db, so that no more authorization is possible.
We can sign-up at /auth/signup/ by http POST request with valid username and password given as payload.
We can withdraw at /auth/withdraw/ by http POST request with valid username and password given as payload.
I've implemented simple sign-in/out view based on token. Here, user detail view is allowed only to that exact user. Thus,
GET
without authorization returns an error.We can get signed in at /auth/signin/ by http
POST
request with payload that consists of validusername
andpassword
. This returns an authorization token.Now, we can authorize our requests by including the token in request header.
Of course, using some random string as a token does not work.
We can sign-out at /auth/signout/ by http
POST
request with Authorization token included in header.This removes the token from the db, so that no more authorization is possible.
We can sign-up at /auth/signup/ by http
POST
request with valid username and password given as payload.We can withdraw at /auth/withdraw/ by http
POST
request with valid username and password given as payload.