In order to understand how authorization works, let's implement a basic Admin API that will be accessed only by the administrator of our site. Our application has two principal types of users:
- Normal: This user is able to see the featured matches and the score
- Admin: This user is responsible to create new matches and update the score
We will use two open source NPM modules to manage the restriction workflow in our backend. The following diagram explains this flow in more detail:
Everything starts with a user request that tries to access a restricted endpoint. The backend first validates whether a valid token is present ...