# AuthenticationPolicy

This class implements policy handlers for transparently processing requests for logging in and out by means of authenticating as a user relying on a configured passport (opens new window) strategy (opens new window).

These are the provided handlers:

# initialize()

This policy handler is basically integrating passport with a request's handling. It is unconditionally injected into every incoming request by default.

The handler is adopting passport's instructions for setting it up as a middleware (opens new window) to work in context of Hitchy framework.

# login()

Handles request for authentication via integrated passport's strategy as configured.

This handler is essential for default route supported to authenticate a user.


There is an example for how to use this policy in section on configuring custom strategies.

# logout()

This handler is dropping any user currently authenticated in context of this request.

It is essential for default route supported to drop user authentication.

# mustBeAuthenticated()

This handler responds with HTTP status 403 in case there is no authenticated user in context of current request. Use this policy if you want to reject all requests to a URL prefix unless some user has authenticated.

    "policies": {
        "/api/protected": [ "authentication.mustBeAuthenticated" ]