Yes in the API-gateway. Or could be delegated to separate authentication/ users service, this service would expose an authentication validation end-point which could be used by the API-gateway to perform RESTful authentication.
Be sure to have any direct access to these services blocked.
Short answer No.
We have seen apps built with vanilla J’s to throwing code around using jQuery. Then came frameworks with MV* pattern like Angularjs. Lately…
It’s funny how most people don’t care about how our existing monetary system works, with all that fraction reserves, loans, credit card etc. Creating money from nothing. :P
Great article! The fiat currency part resonates so much with one of my answers on Quora regarding money
We use access_token and refresh_token technique.
access_token are very short-lived, where as refresh_token (which will be a copy of access_token except the expiry time) are relatively long lived.
Once access_token is expired refresh_token can be used to get a new set of tokens.