In terms of struggles with adding logins and authorizations to my front end, it took a while to figure out how to set tokens on the client end. One of the design decisions that I made that I didn't like was storing the user ID on the client side. The user ID is needed to verify if the client is the correct creator of a book/author. There may be better solutions (cookies?) but I was already in deep with tokens and I was running out of time to implement
In terms of struggles with adding logins and authorization to my back end, I didn't think it was too bad. Generating tokens and sending them in the response was straightforward. Once I went past the struggle of finding out how to store the client on the front end, sending the token back was pretty easy.
For security audit, I unfortunately didn't do much to implement security measures. I had run out of time for this assignment