1
00:00:00,150 --> 00:00:06,570
Great with our front and ready let's cover some general concepts regarding strappy and authentication.

2
00:00:06,570 --> 00:00:11,370
We need to understand that product was the content type that we created ourselves.

3
00:00:11,430 --> 00:00:12,210
Correct.

4
00:00:12,210 --> 00:00:19,350
How old are users comes straight out of the box and the way it works is we can set up our roles permissions

5
00:00:19,710 --> 00:00:21,970
for authenticated users.

6
00:00:21,990 --> 00:00:24,880
Remember when we had rules and permissions we had two of them.

7
00:00:24,990 --> 00:00:28,440
We had a public one so anyone can access.

8
00:00:28,440 --> 00:00:30,650
But even that was initially restricted.

9
00:00:30,660 --> 00:00:38,010
Remember we had to specifically say that the public can do fine as well as find one but you can also

10
00:00:38,010 --> 00:00:44,140
set it up where if let's say you have authenticated users you could set up a different permissions.

11
00:00:44,190 --> 00:00:50,130
In our case eventually we're going to have the waters and only the authenticated users can create a

12
00:00:50,130 --> 00:00:54,090
order so public cannot just willy nilly start ordering stuff.

13
00:00:54,480 --> 00:00:58,740
So you need to register first and only then you can make your order.

14
00:00:58,740 --> 00:01:03,780
But please keep in mind you can also do the same thing with other content types where let's say you

15
00:01:03,780 --> 00:01:07,390
would say you not only authenticated users can see my blog.

16
00:01:07,410 --> 00:01:10,710
So in that case the API is restricted by default.

17
00:01:10,710 --> 00:01:17,250
Remember public wouldn't be able to see it at all and only let's say a registry user can see that particular

18
00:01:17,250 --> 00:01:18,130
content.

19
00:01:18,150 --> 00:01:23,360
Now we could technically have users ourselves because we are admin so an honest.

20
00:01:23,370 --> 00:01:24,930
We have had new user.

21
00:01:24,930 --> 00:01:30,420
So we can just keep on adding the content and the fields that they're looking for his user name email

22
00:01:30,480 --> 00:01:32,430
as well as deep password.

23
00:01:32,430 --> 00:01:36,450
Now eventually we're going to set this up of course from the front end because what's going to happen

24
00:01:36,450 --> 00:01:38,850
is that we're gonna have our form.

25
00:01:39,030 --> 00:01:44,380
The user is going to fill out the form and then we're going to perform a CTP POST request.

26
00:01:44,400 --> 00:01:50,190
That way we're going to create a user from our front end and of course since we're admin We can delete

27
00:01:50,190 --> 00:01:52,400
that user or we can do whatever we want.

28
00:01:52,560 --> 00:01:57,300
Just please keep in mind you could technically set up here everything from the admin.

29
00:01:57,300 --> 00:02:02,310
You could set up the user and then that particular user could in fact log in.

30
00:02:02,310 --> 00:02:07,500
Now if you're interested in more of what we're going to be doing if we're going to head over to documentation

31
00:02:07,740 --> 00:02:10,920
then we'll look for users and permissions.

32
00:02:10,980 --> 00:02:16,650
The way it works the way they restrict the access is if you're let's say setting up some kind of request.

33
00:02:16,950 --> 00:02:21,600
So let's imagine that if I would have some kind of blog post and back and strappy I would say you know

34
00:02:21,600 --> 00:02:27,900
what rules and permissions and authenticated let's say I'm going to use the blog post example but of

35
00:02:27,900 --> 00:02:33,630
course since I have product I'm going to say that only authenticated users can find those particular

36
00:02:33,630 --> 00:02:34,530
blog posts.

37
00:02:34,530 --> 00:02:37,860
Now in our case of course we said the public can find it as well.

38
00:02:37,860 --> 00:02:43,370
But let's imagine that scenario we have different content type and only the user can see that content.

39
00:02:43,680 --> 00:02:49,530
How we would be able to access well when we set up our front end instead of just setting up a simple

40
00:02:49,530 --> 00:02:53,820
get request like we did we would need to pass in the token.

41
00:02:53,820 --> 00:02:56,580
And you're wondering OK so what on earth is it talking.

42
00:02:57,120 --> 00:03:00,960
Well it's the one we're going to register or when we're going to sign in.

43
00:03:01,010 --> 00:03:06,180
What's going to happen is first of all we're going to perform a post request and this is gonna be again

44
00:03:06,180 --> 00:03:07,000
the URL.

45
00:03:07,050 --> 00:03:10,500
Please keep in mind once again we deploy our application.

46
00:03:10,650 --> 00:03:12,750
That's when the domain is gonna change.

47
00:03:12,750 --> 00:03:17,790
That's why we use that you are all variable because again I don't like hopping or on my application

48
00:03:18,270 --> 00:03:25,110
and then the URL pull passed is off local and register so that would be for register if the register

49
00:03:25,170 --> 00:03:28,940
is successful we are going to get back our token.

50
00:03:29,070 --> 00:03:35,610
So once we get back our token then if we need to set up some kind of request with our not get request

51
00:03:35,940 --> 00:03:41,400
or in our case or orders by the way we're going to have a postal request then we're just going to attach

52
00:03:41,400 --> 00:03:43,540
that token so that we're strapping gnomes.

53
00:03:43,560 --> 00:03:43,910
Okay.

54
00:03:43,920 --> 00:03:47,780
If you have the token awesome you can either view the content you can.

55
00:03:47,910 --> 00:03:51,660
I don't know update the content delete the content whatever create the content.

56
00:03:51,660 --> 00:03:54,900
If you don't have that token sorry there's nothing we can do.

57
00:03:54,900 --> 00:03:57,800
You're not authorized to perform that particular action.

58
00:03:57,930 --> 00:04:03,600
And what's interesting is that we get that token when we register as well as we log in.

59
00:04:03,600 --> 00:04:05,610
So what's gonna happen in our application.

60
00:04:05,610 --> 00:04:11,160
The moment we register we write away again and get the token then on our front end we're going to use

61
00:04:11,160 --> 00:04:14,820
the fact that if we have the token then we're going to display a different link.

62
00:04:14,820 --> 00:04:20,310
Then we're also gonna show the check out page and all that but the general idea is very simple we're

63
00:04:20,730 --> 00:04:26,140
straight out of the box we'll get the users with strappy and weakens and restrict the permissions.

64
00:04:26,160 --> 00:04:28,410
We can say you know what this content type.

65
00:04:28,410 --> 00:04:31,140
I only want users to even see it.

66
00:04:31,440 --> 00:04:35,170
They can't do anything else but they can see it public by default.

67
00:04:35,170 --> 00:04:39,660
They're not going to be able to access your content and in order to make this work we're going to need

68
00:04:39,660 --> 00:04:42,550
to register and we're going to need to get our token.

69
00:04:42,550 --> 00:04:50,070
So if our request was successful for registering or logging in then we're gonna get back our token.

70
00:04:50,070 --> 00:04:55,260
We're going to save it in a local storage and that way if we need to set up some kind of request where

71
00:04:55,260 --> 00:04:57,590
the user needs to be authorized again.

72
00:04:57,660 --> 00:05:02,860
In our example that's going to be later on making worse but you can set up however you'd want.

73
00:05:02,890 --> 00:05:07,060
You can again restrict the access for any content type you'd want.

74
00:05:07,180 --> 00:05:08,900
Then we're gonna have to pass it in.

75
00:05:09,070 --> 00:05:15,040
Then we're gonna have to say All right so we're making a get or post or any kind of request and we're

76
00:05:15,040 --> 00:05:17,530
gonna also have to attach the headers.

77
00:05:17,530 --> 00:05:20,900
And then within the headers we're going to have to attach our token.

78
00:05:21,010 --> 00:05:24,550
And only then we're gonna be able to get our data.