Chapter 6. Users, authentications, and permissions
This chapter covers
- Enabling user registration via username/password
- Connecting to an SMTP server to send emails
- Customizing email messages for accounts-related messages
- Adding OAuth authentication via Facebook
- Managing permissions using allow/deny
Once an application is connected to one or more data sources, it’s capable of displaying dynamic content. To customize the content different users see, the application needs to know who is requesting data. Most likely some users will be able to add content, but there will be some restrictions on both what data can be accessed and what can be done with it.
For these reasons this chapter introduces the concept of users and accounts. Up until now we’ve kept things fairly simple and assumed a single type of user: the anonymous guest. Unless the application can identify a guest as a particular user, we can’t show user-specific content.
The process of identifying a user is called authentication. In this chapter we’ll discuss how users can sign up to an application and how they can identify themselves using a combination of username and password or log in using an existing service like Facebook, Twitter, or GitHub to verify who they are.