When a custom authentication system uses the legacy On REST Authentication mechanism, a class extending DataStoreImplementation is created with an exposed authentication function, for example:

Class extends DataStoreImplementation exposed Function authentify($identifier : Text; $pwd : Text) : Boolean   If ($identifier#"")     var $user : cs.UserEntity:=ds.User.query("identifier = :1"; $identifier).first()     If ($user#Null)       If (Verify password hash($pwd; $user.pwd))         return Session.setPrivileges("Administrator")       End if     End if   End if

However, the guest role cannot read the User table, so authentication cannot work by default.
To enable it, a new role such as userAccess must be added in roles.json with:

• Read access to the User table


• The authentify function added to the promote list