In the previous chapter, we allowed users to create an account on our systems and now we should give them the ability to log in and use our product.
This chapter will be really simple in terms of the API; remember we said that our API is stateless, which means that we need not keep track of sessions. Because of that, the changes we have to do are easy, and we just need to validate the credentials of the user.
This is completely different at the frontend, where we need to put more efforts and code all the session-handling systems, integrate with the existing code and functionalities, and create a form for logging in.
By the end of this chapter, you will know how to deal with authentication and authorization using AuthenticationService
and the Acl
components. You will see how to configure the permissions of each group of users and also allow them to log out.