1👍
Mostly OK but I would say you may need to incorporate a redirect query parameter because frequently, you are faced with a situation that the client tries to access a resource on the server and because she is unauthenticated, she is redirected to the login url with the original resource URI as a query parameter. Post-successful login, the web server will redirect the client to the original resource she had been trying to access.
Source:stackexchange.com