So I am in the process of building a new app, and I am stuck on what would be considered the best approach to handle authentication.
The app in question needs to allow the following :-
Regular user registration (automatic email confirmation, and then log in once email has been verified)
Regular user login through
Vendor registration (this won't allow the user to login until they have been approved as a vendor, so the flow is different to regular users)
Vendor login through
Admin user login, this is basically the owner of the site, and they will be able to approve or deny vendor registrations.
In my head I am thinking I would use three different auth guards, and a table for each type of user, however I keep wondering if the better approach here would be to use a single users table, a single auth guard but the use something like a permissions / roles system to differentiate between the user types.
The only reason I am thinking a role base system wouldn't work so well is because vendors and users will have a totally different registration flow and need to login via different URLs.
Has anyone any thoughts on this type of multi user table approach, I can't work out if I like the approach or not, or if there is a more structured way.