// client code
actionThatRequiresAuthorization() {
// a function
token = getTokenFromOpenID(); // uses openId (via redirect) to get the token
makeRequestToAPI(token, otherData);
}
// server code
// the function for your API
doSomethingImportant(token, otherData) {
try {
userIdOrRole = getUserOrRoleFromOpenId(token);
if (isAllowed(userIdOrRole)) {
// do important stuff with otherData and return a value if necessary
} else {
// throw 403
}
} catch (error) {
// throw 401
}
}