Custom authentication and authorization
Let's now understand the two main concepts behind application security that you have to implement in all your projects.
Implementing authentication
Authentication is the process where we validate the identity of a given user and check whether the user has valid credentials to access our application or backend API. With authentication, we restrict the access to users who are not members of our application.
We will create a basic authentication API as the goal of this book is to show you how you can secure your Aurelia application. We won't go into further details about the backend implementation. We will create a hard-coded authentication flow, but you can integrate it with a database using Mongoose, as described in Chapter 6, Storing Our Data in MongoDB.
So, let's get our hands dirty. Open the backend project, create a new file in the routes folder called security-api.js, and write the following code:
const express = require('express') const api = express...
