--- a/static/sweet-authenticate.js
+++ b/static/sweet-authenticate.js
@@ -1,10 +1,25 @@
 var sweet = {
-	authenticate: function(url,user, hash){
-		$.post(url,{"user":user, "hash":hash}, function(data){
-
-			return true;
-		});
+  // takes in sweet store URL and username and password and a success callback
+  // and an error callback,
+  // and authenticates the user with the given sweet store.
+  // If the user is authenticated, the callback is executed, passing in the
+  // response from sweet store. Else, the error cb is executed.
+	authenticate: function(url, user, hash, cb, errorCb) {
+    // assuming jquery is available
+    // TODO: fix this
+    $.ajax({
+      url: url,
+      type: 'POST',
+      data: {'user': user, 'hash': hash},
+      success: function(data, textStatus) {
+        cb(data);
+      },
+      error: function(jqxhr, textStatus, error) {
+        alert('Authentication failed! Please check your username and password');
+        console.log(error, textStatus);
+        errorCb(textStatus, error);
+      }
+    });
 	}
-
 };
--- a/swtr.py
+++ b/swtr.py
@@ -207,9 +207,10 @@
                 response.headers['Access-Control-Allow-Origin'] = '*'
                 return response
             else:
-                response.status_code = 403
-                response.headers['Access-Control-Allow-Origin'] = '*'
-                return response
+                pass
+        response.status_code = 403
+        response.headers['Access-Control-Allow-Origin'] = '*'
+        return response
     elif request.method == "GET":
         return app.send_static_file("sweet-authenticate.js")