So a request to a protected resource needs to be authenticated if not then redirect to a URL (login form).
If login is successful then a token is provided which can be used for authentication.
If a request is authenticated successfully then it can proxy to the resource.
So a request to a protected resource needs to be authenticated if not then redirect to a URL (login form).
If login is successful then a token is provided which can be used for authentication.
If a request is authenticated successfully then it can proxy to the resource.