User's requests authorization
For user's authorization we use token string generated in authentication.
Token is passed to api with Bearer header: Authorization: Bearer ${token}
.
To handle bearer header and retrieve auth user with passportJs
we have TokenServiceAuthStrategy
.
It retrieves auth user from token-service by token.
If auth user not found or token expired - 401 status will be send in response.
If user found - it will be saved to auth-context.
During authentication services generates string tokens and save them with auth users using token-service. Token later used for user's authorization