Implement client-side authentication
Opened this issue · 0 comments
brouberol commented
Now that the authentication mechanism is implemented backend-side (see #100), we need to make sure the 5esheet generated API client supports it. Namely, we need to:
- have the user fill a username/password form
- send them via a
POST
request to/api/login/token
, which (if the username/password are correct) will returnset-cookie
headers containing the JWT access token, as well as a CSRF token - send the JWT access token any subsequent request cookies, as well as the content of the CSRF cookie in the
X-CSRF-TOKEN
header