Chapter 9. Authentication and sessions
This chapter covers
- Introducing authentication
- Challenging and determining the authenticity of a user’s claim to an identity
- Using sessions to save authentication state between requests
- Creating a way to route between application pages based on authenticated state
We’re now well into the implementation of an identity, authorization, personalization, and access control system designed to make the world a safe place for cat videos. A user can now set up and manage their identity. The Brushfire frontend is also personalized based on a user’s simulated authenticated status. In this chapter, you’ll create the authentication component and replace the simulated state with a user’s actual authenticated state. The goal of this authentication, along with the work done in chapters 6–8, is to require a Brushfire user to be authenticated to add video content. That way, if a user violates the content policy and posts a forbidden dog video, our investor can disable the account with extreme prejudice. In chapter 10, we’ll wrap up the client’s requirements by locking down our backend API based on the user’s authenticated state.