In most of our applications, we want to restrict access and we want to provide a user-specific experience. Usually, we have a Single Page Application (SPA) and a REST API. We use OpenID Connect to authenticate users and JSON Web Tokens (JWTs) to access the API.
