# AuthenticationPolicy

This class implements policy handlers for transparently processing requests for logging in and out by means of authenticating as a user relying on a configured passport (opens new window) strategy (opens new window).

These are the provided handlers:

# initialize()

This policy handler is basically integrating passport with a request's handling. It is unconditionally injected into every incoming request by default.

The handler is adopting passport's instructions for setting it up as a middleware (opens new window) to work in context of Hitchy framework.

Handles request for authentication via integrated passport's strategy as configured.

This handler is essential for default route supported to authenticate a user.

Example

There is an example for how to use this policy in section on configuring custom strategies.

# logout()

This handler is dropping any user currently authenticated in context of this request.

It is essential for default route supported to drop user authentication.

# mustBeAuthenticated()

This handler responds with HTTP status 403 in case there is no authenticated user in context of current request. Use this policy if you want to reject all requests to a URL prefix unless some user has authenticated.

{
    "policies": {
        "/api/protected": [ "authentication.mustBeAuthenticated" ]
    }
}

← Policies AuthorizationPolicy →

# AuthenticationPolicy

# initialize()

# login()

# logout()

# mustBeAuthenticated()