The workflow for authentication usually looks as follows -

1. The user comes to your website (courses.com)
2. The user sends a request to /signin with their username and password
3. The user gets back a token
4. In every subsequent request, the user sends the token to identify it self to the backend.

<aside> 💡

Think of the token like a secret that the server has given you. You send that secret back to the server in every request so that the server knows who you are.

</aside>