the authenticated user, along with an optional cookie to include
an authenticated token
The API says we must return a token, even if deserialization fails, so we introduce the concept of an "empty" token
and filter it away in readToken(RequestHeader)
.
The API says we must return a token, even if deserialization fails, so we introduce the concept of an "empty" token
and filter it away in readToken(RequestHeader)
.
token data
a token
request
the browser's possibly stored token