Lets get our basic setup running

Lets import our database schema

And bake everything!

          bin/cake bake all --everything
        

Lets image...

Lets image...

Bar owner

Lets image...

Bar owner

Discount of 10% for members

Lets image...

Bar owner

Discount of 10% for members

Conversation

What can I get you?

Conversation

What can I get you?

I'll take a beer, please. Paying right away.

Conversation

What can I get you?

I'll take a beer, please. Paying right away.

Here you go. That'll be 3€

Conversation

What can I get you?

I'll take a beer, please. Paying right away.

Here you go. That'll be 3€

But... I'm a member

How would you react?

Phase 1: Authentication

What is an Authenticator?

What is an Authenticator?

From which source do we get information about the user?

What is an Authenticator?

From which source do we get information about the user?

What is an Identifier?

What is an Identifier?

How does the data from the Authenticator connect to a user entry in the database?

What is an Identifier?

How does the data from the Authenticator connect to a user entry in the database?

Stateless and Persistent Authenticators

Stateless and Persistent Authenticators

Stateless and Persistent Authenticators

How does the data flow while logging in?

How does the data flow while logging in?

• AuthenticationMiddleware

How does the data flow while logging in?

• AuthenticationMiddleware
• AuthenticationService::authenticate()

How does the data flow while logging in?

• AuthenticationMiddleware
• AuthenticationService::authenticate()
• Loop through all configured authenticators

How does the data flow while logging in?

• AuthenticationMiddleware
• AuthenticationService::authenticate()
• Loop through all configured authenticators
• First one with a matching identity returns the result

How does the data flow while logging in?

• AuthenticationMiddleware
• AuthenticationService::authenticate()
• Loop through all configured authenticators
• First one with a matching identity returns the result
• Presist the identity if matching authenticator is not stateless

How does the data flow while logging in?

• AuthenticationMiddleware
• AuthenticationService::authenticate()
• Loop through all configured authenticators
• First one with a matching identity returns the result
• Presist the identity if matching authenticator is not stateless
• UsersController => fetch Result from AuthenticationService

What happens if...

What happens if...

• we delete the session cookie?

What happens if...

• we delete the session cookie?
• comment out the session authenticator in our Application.php?

Lets quickly add remember me functionality

Lets look back again...

Bar owner

Discount of 10% for members

What we have learned:

• How to authenticate and identify anonymous users

What we have learned:

• How to authenticate and identify anonymous users
• Difference between Authenticators and Identifiers

What we have learned:

• How to authenticate and identify anonymous users
• Difference between Authenticators and Identifiers
• Concept of Persistent and Stateless Authenticators

What we have learned:

• How to authenticate and identify anonymous users
• Difference between Authenticators and Identifiers
• Concept of Persistent and Stateless Authenticators
• How login data is being processed by the plugin

Before we continue...

Open questions?

Lets look back again...

Bar owner

Discount of 10% for members

But what if...

But what if...

Bar owner

Discount of 10% for members

Discount of 20% for VIPs

Its not enough...

Its not enough...

to know if a user is a member

Its not enough...

to know if a user is a member

we need groups inside our members list!

Phase 2: Authorization

Just like the Authentication Plugin

Just like the Authentication Plugin

• A connected policy

Just like the Authentication Plugin

• A connected policy
• ->skipAuthorization()