Page Contents

Authentication Strategy

AuthenticationStrategy is a standard interface that the @loopback/authentication package understands. Hence, any authentication strategy that adopts this interface can be used with @loopback/authentication. Think of it like the standard interface for Passport.js uses to interface with many different authentication strategies.

With a common authentication strategy interface and an extensionPoint/extensions pattern used to register and discover authentication strategies, users can bind multiple strategies to an application.

The component has a default authentication strategy provider which discovers the registered strategies by name. It automatically searches with the name given in an endpoint’s @authenticate() decorator, then returns the corresponding strategy for the authentication action to proceed.

It’s usually extension developer’s responsibility to provide an authentication strategy as provider. To simplify the tutorial, we leverage an existing strategy from file basic authentication strategy to show users how to register (bind) an strategy to the application.

Before registering the basic strategy, please make sure the following files are copied to your application:

Registering BasicAuthenticationStrategy in an application application.ts is as simple as:

import {registerAuthenticationStrategy} from '@loopback/authentication';

export class MyApplication extends BootMixin(
  ServiceMixin(RepositoryMixin(RestApplication)),
) {
  constructor(options?: ApplicationConfig) {
    super(options);

    //...
    // ------ ADD SNIPPET ---------
    registerAuthenticationStrategy(this, BasicAuthenticationStrategy);
    // ----- END OF SNIPPET -------
    //...
  }
}

Next topic: Managing Custom Authentication Strategy Options

Previous topic: Authentication Action