Login

At the end of this guide, you will have a secure login system with dual rate limiting and timing attack protection.

The login component provides a complete authentication flow that verifies user credentials and issues credentials to your consumer. Login only accepts credentials using the email column. The unverified_email column is not considered until verified.

The component includes:

• Email and password authentication
• Dual rate limiting (IP-based and email-based)
• Timing attack protection
• Logout that revokes the issued credential
• A choice of authentication strategy: opaque access tokens (default) or session cookies