When I searched it in LAC documentation, I always got the Authentication providers docs. Which I understand is for the security of our APIs created via LAC. That's okay. But my use case is mentioned below -
Suppose I have an e-commerce website, If a user is visiting without doing Sign In That is fine. But when user going to the sign in page -
1. We will receive the User details (Username & Password). Now our task is to authenticate that user to verify this user is registered with us or not. How I will achieve this with LAC is as mentioned below -
- I will take the username & password and I will be having an Endpoint from the LAC which is for a table in my database call "User". With LAC I will be able to find that the user with that username & password does exist or not. But what about the session of that user, what I really want is
1. Once the user is identified as registered with us, we should return a session token to the client application along with that I should add that token in the user table and should specify its timeout period. So that in the subsequent requests we will get the token from the user in the subsequent request.
In brief what I want (Session management) or what procedure I want to follow in my e-commerce website -
- User login in my application with username and password
- LAC got the username + password and find it in the user table of the database If we got that - User is registered.
- We should generate a token, save in the user table with the timeout period of the token.
- In the next subsequent request, user will send that token we will check its timeout period if it still alive we will serve the client.
I am not sure how I will achieve the step 3 and 4 in the LAC. can you please help?
Thanks in advance. I need it urgently ASAP so that I can implement this thing in my application. Thanks for your cooperation.