User Authentication is JSON Web Token (JWT) based. To implement this we use a flask extension, flask-jwt-extended. You can see an example of basic usage with this extension here.
In short, when a user logs in (POST /login), the user will receive an authentication token (e.g.: access_token) which contains part of the user's identity and other token related fields, as the expiration date. Expriry date comes as a UNIX timestamp in the access_expiry attribute in the response.
You can get an access token once you are registered into the backend. Here's a quick tutorial on how to login using Swagger UI provided by the deployed server.
The user can then use this access_token when using a protected/restricted API, such as, GET /user API. To access this the client has to send the access_token in the header of the HTTP request, following this format: "Autorization: Bearer access_token".
Here's an inside look at an access_token using jwt.io Debugger.
