This is the url that needs to be called from your server. It basically checks which user is making the request.
Since it checks in all the request hitting your server. We recommend using it in a middleware function in server script. By using it in a middleware function it is easier for you as a developer to either proceed with the request on terminating the request.
Node js implementation
const authenticate = async (req, res, next) => {
const token = req.get("Authorization");
const auth = new Promise(async (resolve, reject)=> {
axios.post(`${auth_url}`, {
access_token: token,
},
{
headers: {
'app_secret': `${app_secret}`
}
}
)
.then((response)=> {
resolve(response.data);
})
.catch(()=> {
reject();
})
auth.then((usercred)=> {
// storing the user credentials for rest of the request lifecycle
res.locals.uid = usercred.data.uid
res.locals.email = usercred.data.email
// getting control flow to request route
next()
})
.catch(()=> {
res.status(403).json({
result: "You are not authorized to access this resource",
success: false
})
})
}
So here authenticate is a middleware that must be running at every request coming to your server.