docs(README): update authorization details

dylanfoster · Jul 13, 2016 · bd4e1cf · bd4e1cf
1 parent 44c7c33
commit bd4e1cf
Showing 1 changed file with 20 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -223,7 +223,7 @@ class UserController extends parch.Controller {
 
 ## Authentication and Authorization [WIP]
 
-Authentication and authorization is handled using [jwt](https://jwt.io/), with more
+Authorization is handled using [jwt](https://jwt.io/), with more
 options coming in the future. To disable auth for specific routes, use the
 `authentication.unauthenticated` array. Empty by default, you can give a string
 or regex expression to skip your unauthenticated routes
@@ -236,6 +236,25 @@ const parch = new parch.Application({
 });
 ```
 
+In order to authenticate a user, create and sign a JWT token to send back to the
+client. The authorization middleware will then look for this token in the
+`Authorization` header. [see jsonwebtoken](https://www.npmjs.com/package/jsonwebtoken)
+
+```javascript
+const jwt = require("jsonwebtoken");
+const app = require("express")();
+
+app.post("/login", function (req, res, next) {
+  const token = jwt.sign({ userId: 1 }, "secret");
+
+  res.send({ token });
+});
+```
+
+```bash
+curl http://my-server.com/protectedRoute -H 'Authorization: Bearer <token>'
+```
+
 ## Static content
 
 > TODO