In the previous chapter, we used session-based authentication. For this chapter, we are going to explore a different solution—using access tokens to authenticate our users.
Access tokens are widely used for RESTful APIs. Because we are building our application with the premise that it could be used not only by our Angular app but also by many other client applications, we need to rely on something that can be used to identify users with something that they have.
An access token is a string that identifies a user, or even an app, and it can be used to make API calls to our system. Tokens can be issued via a number of methods. For example, tokens can be issued easily using OAuth 2.0.
For this chapter, we are going to build a custom module that is responsible for creating tokens. This will give us the ability to easily switch to any other available solution.
We are going to implement two strategies to authenticate our users. One of them will be an HTTP Basic authentication...