In the previous chapter, we used session-based authentication. For this chapter, we are going to explore a different solution—using access tokens to authenticate our users.

Access tokens are widely used for RESTful APIs. Because we are building our application with the premise that it could be used not only by our Angular app but also by many other client applications, we need to rely on something that can be used to identify users with something that they have.

An access token is a string that identifies a user, or even an app, and it can be used to make API calls to our system. Tokens can be issued via a number of methods. For example, tokens can be issued easily using OAuth 2.0.

For this chapter, we are going to build a custom ...