Registering and logging in exist in a majority of web applications. Session based vs Token based, we're going with token based. In the Conduit application, a user has a username, image, bio, email and a password. We shouldn't ever return a password from the server, but the other fields (plus their JWT token) should be returned.

Lets create a desired object to represent the user's data. This data is what will be returned from successful logins, registrations, and requests for the currently logged in user's information (which we'll cover right after this):

User object
{
 "user": {
 "email": "jake@jake.jake",
 "token": "jwt.token.here",
 "username": "jake",
 "bio": "I work at statefarm",
 "image": null
 }
}

As you can see above, if the user doesn't have an image set it will be returned as null. Otherwise, it will be returned as a link (ex: "image": "https://hello.com/cool.jpg")

Notice how we keyed all of the data underneath user - we've found this to be best practice for demystifying responses.

Registration

To register, we require an email, password, and desired username:

POST /api/users

{
 "user":{
 "username": "Jacob"
 "email": "jake@jake.jake",
 "password": "jakejake"
 }
}
Login

To login, we just require an email and password:

POST /api/users/login

{
 "user":{
 "email": "jake@jake.jake",
 "password": "jakejake"
 }
}
Making authorized requests

Any time you're interacting with endpoints that require knowledge of the current user you're acting on behalf of, you'll need to pass along an authentication header:

Authorization: Token jwt.token.here

Now lets design This functionality is needed on the login/register pages, the edit profile page, as well as retrieving the user's information when the user hits the page on a hard load.