1
00:00:02,540 --> 00:00:04,560
So I added authentication,

2
00:00:04,580 --> 00:00:10,950
now if I go back to my stitch rules here, I have these rules for my products right

3
00:00:11,220 --> 00:00:15,850
and right now I got these default rules where everyone is able to read and write.

4
00:00:15,920 --> 00:00:19,200
Everyone still only means logged in users

5
00:00:19,200 --> 00:00:24,790
and since I disabled anonymous authentication, this can only be email and password users.

6
00:00:24,900 --> 00:00:30,270
So even though it says default, it's not that every visitor can read and write everything, you have

7
00:00:30,270 --> 00:00:34,840
to be logged in. To prove this to you,

8
00:00:34,850 --> 00:00:39,260
let me go back to app.js and temporarily set isAuth to true

9
00:00:39,260 --> 00:00:41,180
so that we start in authenticated mode

10
00:00:42,270 --> 00:00:47,700
and this will reload and it will load the products but it only does so because a stitch behind the scenes

11
00:00:47,870 --> 00:00:52,690
did log us in automatically because it stored our status and local storage.

12
00:00:52,720 --> 00:00:58,920
So let's go to the application local storage and actually clear local storage by right clicking on that

13
00:00:58,920 --> 00:00:59,990
and clearing

14
00:01:00,450 --> 00:01:05,870
and now if you reload that page, you get an error, must authenticate before.

15
00:01:05,870 --> 00:01:10,760
Now of course you could handle this in a more graceful way but this proves to you that only authenticated

16
00:01:10,760 --> 00:01:13,090
users are granted access.

17
00:01:13,100 --> 00:01:17,360
So now I set isAuth to false by default again

18
00:01:18,410 --> 00:01:23,800
and if I now log in with my valid credentials again here, whoops I mistyped

19
00:01:23,850 --> 00:01:25,170
but that's good to see too

20
00:01:25,470 --> 00:01:27,150
but now I enter the valid credentials

21
00:01:27,150 --> 00:01:33,330
and now, that is all loaded and that error you see here only stems from the missing image.

22
00:01:33,340 --> 00:01:36,260
So now this is all working as you can tell

23
00:01:36,340 --> 00:01:42,040
and now we are using mongodb stitch and we don't need to write our own backend which of course can

24
00:01:42,040 --> 00:01:46,480
save us a lot of work and time and still, we have a secure solution.