Is this login logic via RESTful call sound?

Question

(I am not talking about authenticating calls to RESTful API. I am talking about creating login logic for user via RESTful API.)

When user access any page of my site,

Answer 1

If your JavaScript decides whether to allow the user to get pages from your site, what is stopping the user from setting a breakpoint in the JavaScript code and changing the outcome of the authentication process?

Authorization decisions need to happen on the server as you can never trust the client (browser).

Your site needs to verify at the server side that the user is authenticated. This is typically done by sending some kind of implicit authentication info along with the request that the server can verify and the client cannot forge.

I don't see that happening in your design. But why are you trying to design your own authentication mechanism? Why not use a standard protocol like WS-Federation, SAML-P, or OpenID Connect for this?