For user authentication, Auth0 is being used. Auth0 has been configured for a single page application and a custom rule called 'Update user profile in database' has been added to Auth0's authentication pipeline . This rule connects to the MongoDB Atlas server and adds a user to the database. Thus when a user sign-ups for the first time a user object will be added to the database as follows, where _id and email is the same as that for the user object stored in Auth0

	_id : xxxxx,
        email: xxxxxx,

The backend API, http://localhost:3001/api/, has been defined in Auth0 as an API that can be used by the frontend. Thus the frontend application will request an access token for the API from auth0. This token will be consumed by the API and token will contain information about the user.

See for more details: https://auth0.com/docs/quickstart/spa/react/02-calling-an-api

The backend validates this access token using express-jwt middleware and checks for appropriate scopes with the express-jwt-authz middleware.

See for more details: https://auth0.com/docs/quickstart/backend/nodejs/01-authorization#validate-access-tokens