madeindjs/api_on_rails

Chapter 4 Logged user

notapatch opened this issue · 3 comments

Logged user
So we implemented the following logic: API returns the authentication token to the client if credentials are correct.
We will now implement the following logic: we’ll find the corresponding user of an authentication token given into the HTTP header. We’ll need to do so each time this client requests a protected page.

My question is: Do you mean "protected page"? Protected pages make sense in a standard Rails application but I'm confused about how an API app has pages. I was wondering if it might be better described as:

We’ll need to do so each time a client request requires permission.

Otherwise authorization?

Thank you for report. You totally right. Maybe the perfect

- We’ll need to do so each time this client requests a protected page.
+ We’ll need to do so each time this client requests an entry point who requires permission.

What do you think about?

+ We’ll need to do so each time this client requests an entry point who requires permission.

Swap who to which and we're good 👍

We’ll need to do so each time this client requests an entry point which requires permission.

who vs which

Thank you for report this. I corrected on 74efcea