In session-auth, is it mandatory for backend to return a User object/ JSON when you test for successfull exchange of session-key or authenticationToken for username and password. I mean exchnage of authenticationToken is happening while reaching /login endpoint while username and password are passed. Now witht the valid authenticationToken I can test any protected endpoint which this user is authorized to reach.
Best answer by Zane
View original