Who's there?

Remember the capability URL from Chapter 4? The link was the key — anyone who had it could see the results. No login, no accounts. That pattern works when access is all-or-nothing. But what if you need to know who created a form? What if each person should only see their own stuff?

That's when a link isn't enough. You need the server to know who's visiting. You need login.

When you hit Next, you'll sign up for a Gista.js account — experiencing login as a user before building it as a builder. That's the idea behind this chapter.

Auth starter screens

A new starter

Your form builder is done — that's your second shipped project. Two apps, two starters, each one more capable than the last.

This next app needs user accounts, so you'll start from a new starter that has auth already built in — signup, login, email verification, and password reset. All pre-wired.

You'll build a notes app on top, where each user sees only their own data. Log in as a different user — different notes, same app.

?Authentication vs authorization

Here's the plan

  1. Walk through the auth flow — Exercise signup, login, and sessions to understand what the starter provides
  2. Build a user-linked feature — Add notes that belong to the signed-in user
  3. Add account settings — A page where users can update their profile
  4. Wrap up — Save your progress for Chapter 6

By the end, two different people will sign up for your app, create their own notes, and never see each other's data. Let's start by understanding the auth flow.