From da8c6e47b4e2a3c2f82350d9500f62df9711574e Mon Sep 17 00:00:00 2001 From: John Datserakis Date: Fri, 18 Aug 2017 01:13:17 -0400 Subject: [PATCH] readme update --- readme.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/readme.md b/readme.md index abcbc1b..edb7e83 100644 --- a/readme.md +++ b/readme.md @@ -55,6 +55,15 @@ You'll need to create a `.env` file and place it in the root of your directory. This project only responds and listens in json. Keep that in mind when send requests through PostMan or your frontend. +As mentioned in the frontend code, the user authentication process is this: + +- User create an account +- User logs in +- The server sends and `accessToken` and a `refreshToken` back +- We take the `accessToken` and decoded it using `jwt-decode`. This gets us the logged in user's information. We stick this in the Vuex variable `user`. Then we store the `refreshToken`. +- Each protected endpoint will be expecting you to attach the `accessToken` you have to the call (using Authentication: Bearer). After a short amount of time, the server will respond with `401 TOKEN EXPIRED`. When you see this - that means you need to send your `refreshToken` and `user.email` to the endpoint that deals with `accessToken` refreshing. Once you do that, you'll received a brand new `accessToken` and `refreshToken`. +- Repeat the process as needed. + ### PM2 This project features an `ecosystem.json` file that is the target of the PM2 implementation in production. Very simple - we just give it a name and some other basic info and PM2 handles the rest. Great library with awesome documentation.