Demo Link

First, you will use the same API that you used in JS5 Todo exercise section to check if user is logged in, signup a user, and get information about the user with this API:

https://js5.c0d3.com/auth/api/session

Please review the Todo exercise if you need to understand how it works and what API requests you must send.

When the user goes to the site, send the request to your server with the Authorization header in the request. Your server sends the request to the auth api to get information about your user.

Sample header Authorization: "Bearer a-jwt-token"

Provide the following APIs. Respond with a 403 status code if user is not not logged in.

• GET /api/session
  • sends back the user information. The front end uses this to determine whether to render the login page or enter room page.
• POST /api/:room/messages
  • Creates a new message in the room.
• GET /api/:room/messages
  • Gets the messages in the room.

Note: You should be using a middleware to set the user into the request object.

In this example, you are using a 3rd party user signup / login service to store your user's login credentials. In the industry, some companies choose not to implement their own signup / login services and use a third party service.