Retrieving a user and generating an access token
After successful registration, the next step is being able to log in: the user will send their credentials and receive an authentication token to access the API. In this section, we'll implement the endpoint that allows this. Basically, we'll get the credentials from the request payload, retrieve the user with the given email, and verify their password. If the user exists and their password is valid, we'll generate an access token and return it in the response.
Implementing a database access token
First, let's think about the nature of this access token. It should be a data string that uniquely identifies a user that is impossible to forge by a malicious third party. In this example, we will take a simple but reliable approach: we'll generate a random string and store it in a dedicated table in our database, with a foreign key referring to the user.
This way, when an authenticated request arrives, we...