Sorry for the delay! What you are describing is typically what we recommend, if a backend can handle authentication, it should.
As for how your UI knows when your user is authenticated or not, that’s and application-specific concern (although a very common one). You could create a REST endpoint that returns info about the currently logged-in user. If your application stores data about the user in a DB, you could perform a query and return the info.
If you just need information about the user you can inject it with the
As for what values go to the UI to inform the frontend the user is authenticated, that’s also up to you. Do you need the UI to handle anonymous user requests? If so maybe you create some
/user endpoint that returns an empty object (or maybe a
403 status code).
You could also look at what JHipster (an application generator) does:
Using React (It uses Spring Security by default)