Authentication Plan

Client Session System

Client Session will be kept track of using JWTs, this allows for async session storage thus minimizing amount of data stored in DB, and backend complexity. JWT will contain identifying information regarding the user, which the backend authentication system can use to return proper resources.

Backend Resource Fetching

Data Fetching post-authentication will utilize REST APIs, with user sending data/resource requests to API routes with their JWT token as identifying information. Once JWT is verified, corresponding data will be fetched from DB, and returned back to user. This is an alternative to Thymeleaf serverside templates, as this method allows for more flexability with frontend logic.