Topic: Restful authentication and authorization design
Hi! I'm newbie and i'm trying to think of an app completely rest. Once I've identified the resources, i'm starting to think about how to authenticate users to authorize them to use differents app methods (actions).
For example, if i have users and posts and i want to:
-Control that a user is actually a registered user and logged into the system.
-When a user invokes a Restfull service method (url), control that current users has the correct permissions to execute that method.
How do i design this basics things truly restfull?, i have to include information about the current user in the URL every time i invoke a rest method or its implicit in some way?