- Use bearer token authentication to protect an API resource
In this exercise, you're going to build a small but complete bearer token authentication system. Here's a reminder for the flow:
- The client sends a request containing login credentials to the server.
- The server checks the credentials are correct and sends back a token.
- The client sends a request to a secure resource, putting the token in the
authorization
header of the request. - The server verifies that the token is valid and sends back the requested resource, or an error message if the token wasn't valid.
Here's the diagram again to help you visualise this flow:
- Fork this repository and clone the fork.
- Run
npm ci
to install dependencies. - Run
npm start
to run the application. - Complete each requirement in the
requirements
directory in numerical order.