Chapter 9. Authentication and sessions

 

This chapter covers

  • Introducing authentication
  • Challenging and determining the authenticity of a user’s claim to an identity
  • Using sessions to save authentication state between requests
  • Creating a way to route between application pages based on authenticated state

We’re now well into the implementation of an identity, authorization, personalization, and access control system designed to make the world a safe place for cat videos. A user can now set up and manage their identity. The Brushfire frontend is also personalized based on a user’s simulated authenticated status. In this chapter, you’ll create the authentication component and replace the simulated state with a user’s actual authenticated state. The goal of this authentication, along with the work done in chapters 68, is to require a Brushfire user to be authenticated to add video content. That way, if a user violates the content policy and posts a forbidden dog video, our investor can disable the account with extreme prejudice. In chapter 10, we’ll wrap up the client’s requirements by locking down our backend API based on the user’s authenticated state.

9.1. What is authentication?

9.2. The login process

9.3. Personalizing page content for logged-in users

9.4. Implementing the backend application flow

9.5. Summary