Implement security

[Fayeredd]

Utilizing Spring security and a separate database for storing users, implement a secure access feature

[tjkemper]

Look into JWT

[tjkemper]

API doesn't need a login feature

[Fayeredd]

Thanks Taylor :p

[tjkemper]

I think a good direction is to require every request to have a JWT.

More specifically it'll be a JWS that is signed by a secret that our API knows (but not the client who sends the request).

Once we have that, we can talk about standardizing the payload of the JWT. What claims do we want, how does that change which endpoints are allowed, etc.