1 00:00:00,000 --> 00:00:05,021 [MUSIC] 2 00:00:05,021 --> 00:00:09,395 Now that we have understood the need for basic authentication in our 3 00:00:09,395 --> 00:00:14,383 Express application, let's proceed to the exercise where we will add basic 4 00:00:14,383 --> 00:00:19,372 authentication to the ConFusion server that we have been developing so far, 5 00:00:19,372 --> 00:00:21,311 the Express REST API server. 6 00:00:22,470 --> 00:00:24,050 We will, along the way, 7 00:00:24,050 --> 00:00:29,170 learn how we can use basic authentication within our server. 8 00:00:29,170 --> 00:00:34,811 And then in subsequent exercises, we will expand upon this idea further 9 00:00:34,811 --> 00:00:41,107 to add a full-fledged authentication service for our Express REST API server. 10 00:00:42,965 --> 00:00:46,576 In this exercise, we will go to the ConFusion server, 11 00:00:46,576 --> 00:00:49,290 what we have been working on so far. 12 00:00:49,290 --> 00:00:54,333 So you must have completed the implementation of the second assignment by 13 00:00:54,333 --> 00:00:59,553 now, where you would have developed the promotions and the leaders model. 14 00:00:59,553 --> 00:01:04,289 And also updated the routes for the leader router and 15 00:01:04,289 --> 00:01:09,470 the promo router in your ConFusion server application. 16 00:01:09,470 --> 00:01:12,960 So within this code, let's go to app.js and 17 00:01:12,960 --> 00:01:17,392 then add in the basic authentication into app.js. 18 00:01:17,392 --> 00:01:22,290 So in app.js as we have understood about the way 19 00:01:22,290 --> 00:01:26,970 the middle way it works in Express application. 20 00:01:26,970 --> 00:01:31,010 So we start out here in the app.js 21 00:01:31,010 --> 00:01:36,640 by importing all the various node modules here. 22 00:01:36,640 --> 00:01:42,650 And then after that, we start out here by first saying app.use logger dev. 23 00:01:42,650 --> 00:01:46,410 So all these are going to be applied to our application. 24 00:01:46,410 --> 00:01:51,978 And then, this call here app.use(express.static) 25 00:01:51,978 --> 00:01:58,128 is what enables us to serve static data from the public folder. 26 00:01:58,128 --> 00:02:03,068 Now, they want to do authentication right before we 27 00:02:03,068 --> 00:02:08,870 allow the client to be able to fetch data from our server. 28 00:02:08,870 --> 00:02:14,570 So right there, we will go in and add an authentication badge. 29 00:02:14,570 --> 00:02:18,090 So you notice that everything that comes after this, 30 00:02:18,090 --> 00:02:22,970 all the the middleware that is mounted and comes after this particular point. 31 00:02:22,970 --> 00:02:27,070 We'll have to go through the authorization phase before 32 00:02:27,070 --> 00:02:29,550 that middleware can be access. 33 00:02:29,550 --> 00:02:34,709 So right there, I'm going to add in app.use and 34 00:02:34,709 --> 00:02:41,600 then adding a function called auth, which I am going to implement right now. 35 00:02:41,600 --> 00:02:46,180 So by doing this, what we are specifying is the default, 36 00:02:46,180 --> 00:02:50,200 the client can access any of these, 37 00:02:50,200 --> 00:02:56,070 either their static resources in the public folder, or any of the resources, 38 00:02:56,070 --> 00:03:00,140 dishes, promotions, or leaders, or even users as we will see later on. 39 00:03:02,150 --> 00:03:05,700 The client has to be first authorized. 40 00:03:05,700 --> 00:03:08,220 So right there, we will add in the auth. 41 00:03:08,220 --> 00:03:15,960 So let me add in the function here called auth right there. 42 00:03:15,960 --> 00:03:19,849 And then immediately use it within our Express 43 00:03:19,849 --> 00:03:23,147 application as the middleware there. 44 00:03:23,147 --> 00:03:27,826 So this function, auth will take in three parameters, 45 00:03:27,826 --> 00:03:33,914 the request object, the resource object, and the next object, yeah. 46 00:03:37,015 --> 00:03:41,830 So within this function let me first, 47 00:03:41,830 --> 00:03:48,605 just to know what is contained in the request header. 48 00:03:50,265 --> 00:03:56,175 Let me just log the request headers right there just to demonstrate to you, 49 00:03:56,175 --> 00:03:59,970 because once you add the authorization header, 50 00:03:59,970 --> 00:04:03,390 then we want to be able to see it right there. 51 00:04:03,390 --> 00:04:07,390 So we will first do a console log, 52 00:04:07,390 --> 00:04:10,142 just to see what is coming in from the client side. 53 00:04:10,142 --> 00:04:14,379 Then, let me get their 54 00:04:14,379 --> 00:04:20,401 authorization header by saying 55 00:04:20,401 --> 00:04:26,900 req.headers .authorization. 56 00:04:26,900 --> 00:04:31,120 So this is where we'll get hold of the authorization header that is added in 57 00:04:31,120 --> 00:04:33,320 by our client side. 58 00:04:33,320 --> 00:04:37,830 If it is not there, obviously, then we need to act accordingly. 59 00:04:37,830 --> 00:04:44,493 So if, The authHeader is null, 60 00:04:44,493 --> 00:04:48,992 which means that there is no authentication header in our incoming 61 00:04:48,992 --> 00:04:53,653 request then obviously, our client did not include the username and 62 00:04:53,653 --> 00:04:56,650 password into the authentication header. 63 00:04:56,650 --> 00:05:01,230 So we need to challenge our client to supply this information. 64 00:05:01,230 --> 00:05:06,338 So if the authorization header is null, then we'll see, 65 00:05:06,338 --> 00:05:12,130 var err new error, 66 00:05:12,130 --> 00:05:19,140 so we will not allow our client request to go further beyond this point. 67 00:05:19,140 --> 00:05:23,803 So we'll say, you are not authenticated, 68 00:05:23,803 --> 00:05:28,222 and then we will challenge client there. 69 00:05:28,222 --> 00:05:33,196 So we'll say res.setHeader, so 70 00:05:33,196 --> 00:05:38,684 we are going to be setting the header in 71 00:05:38,684 --> 00:05:46,061 the response message saying WWW-Authenticate, 72 00:05:46,061 --> 00:05:50,520 and from the lecture earlier, 73 00:05:50,520 --> 00:05:55,493 you'll see why we are putting this 74 00:05:55,493 --> 00:06:00,120 into the response header. 75 00:06:00,120 --> 00:06:04,480 And then we will say err status.401. 76 00:06:04,480 --> 00:06:07,710 401 is unauthorized access. 77 00:06:07,710 --> 00:06:12,740 And then we will simply generate our call next with the header. 78 00:06:12,740 --> 00:06:17,960 So that means that it's going to skip over all this and go to the error handler, 79 00:06:17,960 --> 00:06:20,710 where the error handler will construct the reply message and 80 00:06:20,710 --> 00:06:25,880 send back to my client there. 81 00:06:25,880 --> 00:06:31,290 So that be, if the client has not included the authentication header or 82 00:06:31,290 --> 00:06:34,690 the authorization header, then I'm going to challenge the client to 83 00:06:34,690 --> 00:06:38,980 ask it to supply me the authorization header there. 84 00:06:38,980 --> 00:06:45,570 So if not, then I know that the authorization header exists. 85 00:06:45,570 --> 00:06:51,553 So beyond this point, we will say var auth, 86 00:06:51,553 --> 00:06:55,760 and I'm going to extract the authorization header. 87 00:06:57,460 --> 00:07:02,880 And then since the authHeader is a string, 88 00:07:02,880 --> 00:07:07,650 I'm going to split that value and 89 00:07:07,650 --> 00:07:12,690 this authorization header, I'm going to split the value. 90 00:07:12,690 --> 00:07:17,350 So as you can see, the buffer enables you to split the value and 91 00:07:17,350 --> 00:07:23,805 then we also give the encoding of the buffer which is Base64 encoding here. 92 00:07:23,805 --> 00:07:28,790 So we will convert that to a buffer by splitting that into two parts, 93 00:07:30,250 --> 00:07:32,390 using the space as the splitting part. 94 00:07:32,390 --> 00:07:37,614 So when you looked at the authorization header, you saw why the space 95 00:07:37,614 --> 00:07:42,656 separates the value saying basic, and then it gives you the rest of 96 00:07:42,656 --> 00:07:48,172 the Base64 encoded string which contains the username and password. 97 00:07:48,172 --> 00:07:53,510 And from that, we want to extract the username and password. 98 00:07:53,510 --> 00:07:59,970 So we're going to split that value, and then we're only going to consider So 99 00:07:59,970 --> 00:08:07,510 when you split the string by using this, it will split that into an array. 100 00:08:07,510 --> 00:08:11,780 And the first element of the array contains Basic. 101 00:08:11,780 --> 00:08:17,370 The second element of the array is where this base64 encoded string exist. 102 00:08:17,370 --> 00:08:21,280 So that's why we are only looking at the second element of this array. 103 00:08:21,280 --> 00:08:27,800 So this splitting will cause the string to split into an array of two items. 104 00:08:27,800 --> 00:08:32,944 So we could, we are picking up the base64 encoded string from that. 105 00:08:32,944 --> 00:08:39,820 And then we into this Buffer, and then we're going to convert that to string. 106 00:08:39,820 --> 00:08:45,830 And then again, split the string one more time because the string 107 00:08:45,830 --> 00:08:51,200 itself will contain the username and password separated by a colon. 108 00:08:51,200 --> 00:08:56,040 So, I'm going to split it using the colon as 109 00:08:56,040 --> 00:09:01,350 the splitting point for this string here. 110 00:09:01,350 --> 00:09:05,727 So notice that I am loading two splits here, one on the space and 111 00:09:05,727 --> 00:09:11,110 the second one, using the colon which separates the username and password. 112 00:09:11,110 --> 00:09:18,570 So at the end of this variable auth should be an array containing two items, 113 00:09:18,570 --> 00:09:24,460 the username and the password which is extracted from the base64 string. 114 00:09:24,460 --> 00:09:31,744 So at this point, what I am going to do is, 115 00:09:31,744 --> 00:09:35,908 just for your clarity, 116 00:09:35,908 --> 00:09:40,695 I'm going to simply say var 117 00:09:40,695 --> 00:09:46,733 username = auth[0] and then, 118 00:09:46,733 --> 00:09:51,970 var password = auth[1]. 119 00:09:51,970 --> 00:09:57,760 So now I've extracted the username and password from my authorization header. 120 00:09:57,760 --> 00:10:02,210 Now I'm going to use a default value for the username and 121 00:10:02,210 --> 00:10:06,030 password in this implementation. 122 00:10:06,030 --> 00:10:10,950 Later on, we will see that we can allow the users to create their own username and 123 00:10:10,950 --> 00:10:11,530 password. 124 00:10:11,530 --> 00:10:14,304 But for the moment, I'm just going to use, 125 00:10:17,358 --> 00:10:20,925 The encoded username and password as admin. 126 00:10:23,615 --> 00:10:30,705 And The password will be just password. 127 00:10:30,705 --> 00:10:32,778 For this basic exercise, 128 00:10:32,778 --> 00:10:37,970 we're going to be using this as the default username and password. 129 00:10:39,468 --> 00:10:47,520 If the username that I obtain is admin and the password is the string password. 130 00:10:47,520 --> 00:10:52,490 Then I am all fine to allow the client 131 00:10:52,490 --> 00:10:56,950 request will be passed through to the next middleware so, I will say next. 132 00:10:56,950 --> 00:11:01,130 So when I say next, this means that from the auth 133 00:11:01,130 --> 00:11:05,840 their request will passed on the next set of middleware here and 134 00:11:05,840 --> 00:11:10,660 then Express will try to match the specific request to were 135 00:11:11,830 --> 00:11:15,420 specific middleware which will service that request. 136 00:11:15,420 --> 00:11:19,440 So this is where we will allow it to pass through. 137 00:11:19,440 --> 00:11:24,000 If not, that means that the username and 138 00:11:24,000 --> 00:11:29,260 password did not match the request, 139 00:11:29,260 --> 00:11:33,010 the default username and password that I am setting up. 140 00:11:33,010 --> 00:11:34,930 So that means that there is an error. 141 00:11:34,930 --> 00:11:39,310 So in this case, I'm going to again cause an error here, 142 00:11:39,310 --> 00:11:43,280 so we'll say else, Error. 143 00:11:43,280 --> 00:11:49,540 So we'll again generate an error and then challenge the client to send 144 00:11:49,540 --> 00:11:55,430 in the correct authorization information, the username and password here. 145 00:11:55,430 --> 00:11:56,730 So that's it. 146 00:11:56,730 --> 00:12:01,100 This little bit of middleware that we have just implemented here, 147 00:12:01,100 --> 00:12:04,010 authorization middleware that we have just implemented here. 148 00:12:04,010 --> 00:12:08,840 Is sufficient enough to implement basic authentication within out application. 149 00:12:08,840 --> 00:12:10,300 So having made these changes, 150 00:12:10,300 --> 00:12:15,210 let's save the changes and then we'll see how this actually works in practice. 151 00:12:15,210 --> 00:12:16,770 Let's save the changes. 152 00:12:16,770 --> 00:12:20,600 And then we'll go and start our server. 153 00:12:20,600 --> 00:12:22,980 Now, going to the terminal, of course, 154 00:12:22,980 --> 00:12:26,916 make sure that you're MongoDB server is up and running. 155 00:12:26,916 --> 00:12:34,390 Otherwise, your Express server will not start up. 156 00:12:34,390 --> 00:12:38,350 So I have the prompt type npm start, and 157 00:12:38,350 --> 00:12:41,810 then your Express server will be up and running. 158 00:12:41,810 --> 00:12:46,760 Now, open in incognito window in your browser. 159 00:12:46,760 --> 00:12:51,280 The reason why I am asking you to use an incognito window is that when you type in 160 00:12:51,280 --> 00:12:55,820 the username and password then, it will be cached by your browser. 161 00:12:55,820 --> 00:12:59,490 So if you use an incognito window, if you restart the browser... 162 00:12:59,490 --> 00:13:01,710 Then the cache will be cleared automatically, 163 00:13:01,710 --> 00:13:04,300 so this information will not be remembered. 164 00:13:04,300 --> 00:13:07,500 Now what happens if you type in the username and password, it will be cached, 165 00:13:07,500 --> 00:13:11,570 so subsequently when you try to access the server, the cached information will 166 00:13:11,570 --> 00:13:15,840 be automatically sent in the request that you generate. 167 00:13:15,840 --> 00:13:18,710 So that is why it is important to 168 00:13:18,710 --> 00:13:23,400 use an incognito window just to show you that the basic authentication works. 169 00:13:23,400 --> 00:13:31,140 So in your browser address bar let's type localhost:3000, and see what happens. 170 00:13:31,140 --> 00:13:36,920 So when you type localhost:3000 you immediately see that your browser pops up 171 00:13:36,920 --> 00:13:43,290 this dialogue on top asking you to type in the username and password. 172 00:13:43,290 --> 00:13:50,240 If you don't type it, let me type in some random username and then see what happens. 173 00:13:50,240 --> 00:13:54,000 So if I type in a random username and password, 174 00:13:54,000 --> 00:13:57,260 then you see that the request is rejected. 175 00:13:57,260 --> 00:14:00,890 I'm not allowed to access the server, and 176 00:14:00,890 --> 00:14:06,100 then if the server will again say that the client is not authorized. 177 00:14:06,100 --> 00:14:10,330 And so it will come back and challenge us again for the correct authentication. 178 00:14:10,330 --> 00:14:12,820 So let me type in the current authentication. 179 00:14:12,820 --> 00:14:17,670 So let me type in admin and the password as password. 180 00:14:17,670 --> 00:14:23,650 And then log in, and you will see that now the Express 181 00:14:23,650 --> 00:14:28,530 application will allow you to go in and access the default value, 182 00:14:28,530 --> 00:14:34,700 which in this case is the Index.html file from that static public folder. 183 00:14:34,700 --> 00:14:39,590 Now, the same thing if you're trying to access localhost:dishes 184 00:14:39,590 --> 00:14:43,260 without the authorization, then it wont work. 185 00:14:43,260 --> 00:14:49,320 And I'll demonstrate that to you using postman in a minute. 186 00:14:50,630 --> 00:14:56,011 Now having seen how the authentication works, let's go and 187 00:14:56,011 --> 00:15:00,985 look at what happened on the console on our server site. 188 00:15:06,181 --> 00:15:11,141 Going to the console on our server site you see that a whole bunch of information 189 00:15:11,141 --> 00:15:13,769 has been printed out here, so as you saw, 190 00:15:13,769 --> 00:15:17,030 we were logging out the request headers here. 191 00:15:17,030 --> 00:15:21,040 So this is the first request that came in with the request header. 192 00:15:21,040 --> 00:15:26,860 And here you see that there is no authorization header in the request. 193 00:15:26,860 --> 00:15:34,620 And so your server rejected that with a 401 asking our client to authorize itself. 194 00:15:34,620 --> 00:15:40,240 The second time also since we didn't type in the correct authorization that 195 00:15:40,240 --> 00:15:41,916 server rejected. 196 00:15:41,916 --> 00:15:48,390 Of course, you now notice that in the header, right there, the authorization's 197 00:15:48,390 --> 00:15:52,820 actually included there, and you see the way the authorization is included. 198 00:15:52,820 --> 00:15:56,650 It says Basic separated by a space, and 199 00:15:56,650 --> 00:16:02,980 separated by the 64-bit Encoded string which contains the username and password. 200 00:16:02,980 --> 00:16:06,080 And then, we see that the server 201 00:16:06,080 --> 00:16:09,540 rejected this because the authorization was wrong at that point. 202 00:16:09,540 --> 00:16:14,452 Now later on, we typed in the correct username and password. 203 00:16:14,452 --> 00:16:18,938 So right there in the third request that came in, we typed the correct username and 204 00:16:18,938 --> 00:16:19,597 password. 205 00:16:19,597 --> 00:16:27,323 And so, that is why you see that the request header contains the authorization, 206 00:16:27,323 --> 00:16:34,180 and this string use the correct encoding of the username and password. 207 00:16:34,180 --> 00:16:35,720 How do I know that? 208 00:16:35,720 --> 00:16:38,384 Well, I've cross checked and know that, 209 00:16:38,384 --> 00:16:42,337 that is the basic foreign encoded version of the string there. 210 00:16:42,337 --> 00:16:47,470 We will also see that from our postman image or what. 211 00:16:48,740 --> 00:16:53,740 Now then, you see that the request was accepted and 212 00:16:53,740 --> 00:16:55,740 it returned the value correctly. 213 00:16:57,210 --> 00:17:05,150 And then of course, subsequently, the client requested for a favicon, the icon. 214 00:17:05,150 --> 00:17:11,590 And since we don't have the favicon in our server side, it replies with the 404 and 215 00:17:11,590 --> 00:17:15,560 of course your favorite icon is not displayed in the address bar. 216 00:17:15,560 --> 00:17:18,640 So that's fine, but note in particular. 217 00:17:18,640 --> 00:17:21,430 Those particular requested came in, 218 00:17:21,430 --> 00:17:25,030 where the correct authorization header was included. 219 00:17:25,030 --> 00:17:28,490 And so, it was successful at the time. 220 00:17:28,490 --> 00:17:33,680 Let's try and see how we could do the same thing with postmap. 221 00:17:33,680 --> 00:17:38,480 So here I have my postmap window open. 222 00:17:38,480 --> 00:17:42,250 And so in my Postman window I'm going to type in 223 00:17:44,160 --> 00:17:50,670 a get to localhost: to my server, and then send the request and 224 00:17:50,670 --> 00:17:57,260 you will immediately notice that it challenges saying 401 unauthorized. 225 00:17:57,260 --> 00:18:01,890 So this is the reply message from the server side, 226 00:18:01,890 --> 00:18:06,580 so notice what it saves, 401 Unauthorized. 227 00:18:06,580 --> 00:18:12,550 And it says the response must include a WWW-Authenticate header field. 228 00:18:12,550 --> 00:18:18,153 And this will be challenging the client to send in the authorization information, 229 00:18:18,153 --> 00:18:20,083 the username and password. 230 00:18:20,083 --> 00:18:25,833 So previewing this, we see that the sentence you are not authenticated and 231 00:18:25,833 --> 00:18:27,940 then the code 401 here. 232 00:18:27,940 --> 00:18:31,341 Now looking at the headers of the reply message. 233 00:18:31,341 --> 00:18:36,781 When you look at the header of the reply message, you can see in particular 234 00:18:36,781 --> 00:18:41,718 this header included there, which is www.authenticatebasic. 235 00:18:41,718 --> 00:18:46,522 Now, how do we do authentication or authorization in post? 236 00:18:46,522 --> 00:18:51,090 So this is where they would go to this right below this box here, 237 00:18:51,090 --> 00:18:53,952 you will see this authorization here. 238 00:18:53,952 --> 00:18:58,050 And when you click on the authorization, right now it says NO AUTH.. 239 00:18:58,050 --> 00:19:01,240 Let's use the basic authentication. 240 00:19:01,240 --> 00:19:04,820 So when I say basic authentication, it will 241 00:19:04,820 --> 00:19:08,530 give me these two fields here where I can type in the username and password. 242 00:19:08,530 --> 00:19:11,160 Let me type in the correct username and password. 243 00:19:11,160 --> 00:19:19,170 So I will say username admin, password is password P-A-S-S-W-O-R-D. 244 00:19:19,170 --> 00:19:22,650 So you can see that, that's exactly the password that we have here. 245 00:19:22,650 --> 00:19:26,800 So once you type in the username and password, they'll say Update Request. 246 00:19:26,800 --> 00:19:30,980 So when I click on Update Request, you would see that immediately in the header, 247 00:19:32,130 --> 00:19:35,340 you will see that 248 00:19:35,340 --> 00:19:40,770 there is this field here that has been added here saying authorization. 249 00:19:40,770 --> 00:19:45,080 And then, you will see what this second part, the value you can take. 250 00:19:45,080 --> 00:19:49,480 It says basic and a space, and then this particular string. 251 00:19:49,480 --> 00:19:55,040 So if you check this particular string here, this will be the exact 252 00:19:55,040 --> 00:20:01,219 string that you'll see in the header of the successful request message. 253 00:20:01,219 --> 00:20:03,544 Notice what this string says. 254 00:20:03,544 --> 00:20:09,309 It say YWR something, and then ends with a Q equal to. 255 00:20:09,309 --> 00:20:14,285 Going to our terminal, you see that the successful request 256 00:20:14,285 --> 00:20:18,276 actually contained exactly that string here. 257 00:20:18,276 --> 00:20:24,250 It says YWR and then ending with Q equal to there. 258 00:20:24,250 --> 00:20:28,400 So by typing in the information into the authorization and then clicking on 259 00:20:28,400 --> 00:20:34,240 the update request, this information is added into the authorization headers. 260 00:20:34,240 --> 00:20:36,410 So now this is a get request, 261 00:20:37,410 --> 00:20:42,020 I don't need the content type there because it doesn't contain any body. 262 00:20:42,020 --> 00:20:46,106 So now that the authorization has been included, 263 00:20:46,106 --> 00:20:51,263 let's send the request now correctly and then you will see that 264 00:20:51,263 --> 00:20:57,990 the reply coming in from the server site will contain the index file as you expect. 265 00:20:57,990 --> 00:21:02,524 Now, let me delete the authorization. 266 00:21:02,524 --> 00:21:07,351 Now this is the reason why Postmap helps me to check for these things a lot more 267 00:21:07,351 --> 00:21:11,662 easily, I can delete the authorization and then send the request. 268 00:21:11,662 --> 00:21:14,947 And it will still contain this authorization, 269 00:21:14,947 --> 00:21:18,570 because I typed this into the authorization field. 270 00:21:18,570 --> 00:21:23,380 So let me clear the authorization from there, and then send the request here. 271 00:21:23,380 --> 00:21:26,000 And then it says you are not authenticated. 272 00:21:26,000 --> 00:21:30,230 Similarly, if I send the request to the dishes. 273 00:21:30,230 --> 00:21:32,000 Previously, this worked fine but 274 00:21:32,000 --> 00:21:37,750 now you see that we are prevented from accessing the /dishes endpoint also. 275 00:21:37,750 --> 00:21:41,400 And the same thing with all the other rest APR endpoints also. 276 00:21:41,400 --> 00:21:47,360 You will not be allowed to access, because the authorization middleware comes before 277 00:21:47,360 --> 00:21:50,600 you get access to any of these endpoints 278 00:21:50,600 --> 00:21:56,070 in the list of middleware for your express server. 279 00:21:56,070 --> 00:21:59,945 So now if I now include the authorization, 280 00:22:04,774 --> 00:22:10,277 And then update my request and then send the request to the server, 281 00:22:10,277 --> 00:22:12,845 then the server will respond. 282 00:22:12,845 --> 00:22:17,412 Now obviously at this moment my the database is empty, so 283 00:22:17,412 --> 00:22:20,752 it is replying with an empty array there. 284 00:22:20,752 --> 00:22:24,109 But now the request went through successfully, and 285 00:22:24,109 --> 00:22:28,004 I'm able to retrieve the information from the server sock. 286 00:22:28,004 --> 00:22:32,186 So this is a quick demonstration of basic 287 00:22:32,186 --> 00:22:37,724 authorization in our express rest APR application. 288 00:22:37,724 --> 00:22:40,730 With this, we complete this exercise. 289 00:22:40,730 --> 00:22:42,236 This is a good time for 290 00:22:42,236 --> 00:22:46,846 you to do a get comment with the message of basic authentication. 291 00:22:46,846 --> 00:22:50,116 [MUSIC]