Merge pull request #2 from emilkovacev/setup-auth-docs

Fetching and using the bearer token

docs/localAuth.md

@@ -14,8 +14,50 @@ If you wish to better understand how this works, here's a bit more information.
 
 When developer auth is enabled, users can provide the email & externalId of the user they wish to login as (or create) and recieve a valid refresh/ access token.
 
+
+### Fetching the bearer token
+
+Request: `POST /login/developer`
+
+Sample Request body:
+```
+{
+    "email": "[email protected]",
+    "externalId": "101"
+}
+```
+
+Sample Response:
+
+```
+{
+    "message": "Login successful"
+}
+```
+
+Sample Response Headers:
+```
+{
+    "Set-Cookie": "refreshToken=<token>;<cookie settings>"
+}
+```
+
+### Using the Bearer token
+
+Request: `GET /users`
+
+Request headers (notice the space between `Bearer` and `<token>`!):
+
+```
+{
+  "Authorization": "Bearer <token>"
+}
+```
+
 With this flag on, it enabled the `/login/developer` route (see `./router/login.router.ts` for more details).
 
+
+
 ## Testing SAML Authentication Locally
 
 To test SAML authentication, you will need to configure an Identity Provider (IDP) for the API to authenticate against. As we don't expect anyone to just have a configured IDP laying around ready to go, this will walk through using [SamlTest.id](https://samltest.id/).