Outline
In the Conduit application, a user has a username, image, bio, email and a password. We shouldn't ever return a password from the server, but the other fields (plus their JWT token) should be returned.
Let's create a desired object to represent the user's data. This data is what will be returned from successful logins, registrations, and requests for the currently logged in user's information (which we'll cover right after this):
User object
{
"user": {
"email": "jake@jake.jake",
"token": "jwt.token.here",
"username": "jake",
"bio": "I work at statefarm",
"image": null
}
}
As you can see above, if the user doesn't have an image set it will be returned as null. Otherwise, it will be returned as a link (ex: "image": "https://hello.com/cool.jpg")
Notice how we keyed all of the data underneath user - we've found this to be best practice for demystifying responses.
Registration
To register, we require an email, password, and desired username:
POST /api/users
{
"user":{
"username": "Jacob"
"email": "jake@jake.jake",
"password": "jakejake"
}
}
Login
To login, we only require an email and password:
POST /api/users/login
{
"user":{
"email": "jake@jake.jake",
"password": "jakejake"
}
}
Making authorized requests
Any time you're interacting with endpoints that require knowledge of the current user, you'll need to pass along an authentication header:
Authorization: Token jwt.token.here
This functionality is needed on the login/register pages, the edit profile page, as well as retrieving the user's information when the user hits the page on a hard load.