re: A crash course on securing Serverless APIs with JSON web tokens VIEW POST

VIEW PARENT COMMENT VIEW FULL DISCUSSION
 

The examples only show the API. You need to set up the authorizer function to respond with unauthorized and a proper status code like 401 if the user is not authorized to access a resource. This is what you catch on the front end, and handle redirects to a login page.

code of conduct - report abuse