0031a9d
If the user is authenticated, let them use the assign API And fix it in multiple places so that we are consistent on how we check if the user is authenticated and the token is valid