9 Add authentication and authorization

 

This chapter covers

  • The difference between authentication and authorization.
  • How to add authentication to your web service.
  • The impact on your API endpoints when thinking about authorization.
  • Different forms of authentication you can use for your web service.
  • Using cookies with warp.
  • Adding a authorization middleware for your routes.

Part 1 and 2 of the book (chapters 1-8) covered the basics of a web service. Everything you need to know to add routes, a database, external APIs and observe a running application via logs. Part 3 has the intention to do everything necessary to ship a Rust web service to production. The three chapters in this last part will cover authentication and authorization, deployment, and testing.

We need everything we learned so far for chapter 9. Adding authentication basically means adding a registration and user route to the API, add a user table to the database and add user ids to the questions and answers. This means extending the API and migrating the database - things we learned in the previous chapters.

9.1 Adding authentication to our web service

 
 

9.1.1 Creating the user concept

 
 
 

9.1.2 Migrating the database

 
 

9.1.3 Adding the registration endpoint

 
 

9.1.4 Hashing the password

 

9.1.5 Handling duplicate account errors

 
 
 

9.1.6 Stateful vs. stateless authentication

 
 

9.1.7 Adding the login endpoint

 
 
 

9.1.8 Add an expiry date to tokens

 
 

9.2 Adding an authorization middleware

 
 
 

9.2.1 Migrating the database tables

 
 
 
 

9.2.2 Creating a token validation middleware

 
 

9.2.3 Extend existing routes to handle account ids

 
 
 

9.3 What we didn’t cover

 

9.4 Summary

 
 
sitemap

Unable to load book!

The book could not be loaded.

(try again in a couple of minutes)

manning.com homepage
test yourself with a liveTest