Who's there?

Remember the capability URL from Chapter 5? The link was the key — anyone who had it could see the results. No login, no accounts. That pattern works when access is all-or-nothing. But what if you need to know who created a form? What if each person should only see their own stuff?

That's when a link isn't enough. You need the server to know who's visiting. You need login.

When you hit Next, you'll sign up for a Gista.js account — experiencing login as a user before building it as a builder. That's the idea behind this chapter.

Auth starter screens

A new starter

Your form builder is done — that's your second shipped project. Two apps, two starters, each one more capable than the last.

This next app needs user accounts, so you'll start from a new starter that has auth already built in — signup, login, email verification, and password reset. All pre-wired.

No third-party auth service — just your database, your code, and a signed cookie. Simpler than it sounds.

You'll build a notes app on top, where each user sees only their own data. Log in as a different user — different notes, same app.

?Authentication vs authorization ?Why build your own auth?

Here's the plan

  1. Walk through the auth flow — Exercise signup, login, and sessions to understand what the starter provides
  2. Build a user-linked feature — Add notes that belong to the signed-in user
  3. Add account settings — A page where users can update their profile
  4. Wrap up — Save your progress for Chapter 7

By the end, two different people will sign up for your app, create their own notes, and never see each other's data. Hit Next and let's see how login works in real life.