Authentication in Backbone applications can be tricky if you don't have a clear vision of how authentication works in REST servers. As Backbone is authentication agnostic, it does not force you to use an authentication mechanism. As a developer, it's your responsibility to create one or adhere to an existing one.

In Backbone Apps, backed by stateless servers, you should move the session handling code to the browser. In the examples shown in this chapter, we used sessionStorage to store the access tokens; however, you can use another storage solution such as localStorage and indexeddb, or even cookies.

Then, we saw how to combine the theory with the practical implementation of the Basic Auth and OAuth2 protocols in Contacts App. The implementation was transparent for the rest of the application, therefore, you can switch between the implementations easily.