- /login by email & password
- /register by email & password
- /passwords/forgot
- /passwords/reset
- /oauth/fb
2FA, if user logs in with a new device with a new device ids OR new IP we need to send them a otp via email to validate.
Consider using Kong for authentication layer. We don't write our own crypto, so why should we write our own auth?
Authentication TODO: Endpoint to take in username & password -> output JWT for inclusion in subsequent requests as a 'x-access-token' header. https://scotch.io/tutorials/authenticate-a-node-js-api-with-json-web-tokens#authenticating-and-creating-a-token
Use https://github.com/auth0/node-jsonwebtoken