Currently, we only authenticate users in the frontend.
Of course, we need to also perform these checks in the backend.

This guide might be helpful: https://auth0.com/docs/microsites/protect-api/protect-api