Once you have signed in, the Request headers are populated with an Authorization: Bearer header that authorizes the request.