9 Add authentication and authorization

This chapter covers

Understanding the difference between authentication and authorization
Adding authentication to your web service
Adapting existing API endpoints to handle authentication
Using various forms of authentication for your web service
Using cookies with Warp
Adding authorization middleware for your routes

Parts 1 and 2 covered the basics of a web service: everything you need to know to add routes, a database, and external APIs, and to observe a running application via logs. Part 3 will help you do everything necessary to ship a Rust web service to production. The three chapters in this last part cover authentication and authorization, deployment, and testing.

You’ll need everything you learned so far for this chapter. Adding authentication basically means adding a registration and user route to the API, adding a user table to the database, and adding user IDs to the questions and answers. This means extending the API and migrating the database—tasks you learned in the previous chapters.

9.1 Adding authentication to our web service

9.1.1 Creating the user concept

9.1.2 Migrating the database

9.1.3 Adding the registration endpoint

9.1.4 Hashing the password

9.1.5 Handling duplicate account errors

9.1.6 Stateful vs. stateless authentication

9.1.7 Adding the login endpoint

9.1.8 Adding an expiry date to tokens

9.2 Adding authorization middleware

9.2.1 Migrating the database tables

9.2.2 Creating token validation middleware

9.2.3 Extending existing routes to handle account IDs

9.3 What we didn’t cover

Summary