Page Contents

Home > @loopback/authentication

authentication package

A LoopBack 4 component for authentication support.


The core logic for the authentication layer in LoopBack 4.

It contains:

  • A decorator to express an authentication requirement on controller methods - A provider to access method-level authentication metadata - An action in the REST sequence to enforce authentication - An extension point to discover all authentication strategies and handle the delegation


Class Description
AuthenticateActionProvider Provides the authentication action for a sequence
AuthenticationStrategyProvider <p>An authentication strategy provider responsible for resolving an authentication strategy by name.</p><p>It declares an extension point to which all authentication strategy implementations must register themselves as extensions.</p>
AuthMetadataProvider Provides authentication metadata of a controller method


Function Description
authenticate(strategies) Mark a controller method as requiring authenticated user.
getAuthenticateMetadata(targetClass, methodName) Fetch authentication metadata stored by @authenticate decorator.
getAuthenticationMetadataForStrategy(metadata, strategyName) Get the authentication metadata object for the specified strategy.
registerAuthenticationStrategy(context, strategyClass) Registers an authentication strategy as an extension of the AuthenticationBindings.AUTHENTICATION_STRATEGY_EXTENSION_POINT_NAME extension point.


Interface Description
AuthenticateFn interface definition of a function which accepts a request and returns an authenticated user
AuthenticationMetadata Authentication metadata stored via Reflection API
AuthenticationOptions Options for authentication component
AuthenticationStrategy <p>An interface that describes the common authentication strategy.</p><p>An authentication strategy is a class with an ‘authenticate’ method that verifies a user’s credentials and returns the corresponding user profile.</p>
TokenService An interface for generating and verifying a token
UserIdentityService The User Identity service links a user to profiles from an external source (eg: ldap, oauth2 provider, saml) which can identify the user. The profile typically has the following information: name, email-id, uuid, roles, authorizations, scope of accessible resources, expiration time for given access
UserProfileFactory interface definition of a factory function which accepts a user definition and returns the user profile
UserService <p>A service for performing the login action in an authentication strategy.</p><p>Usually a client user uses basic credentials to login, or is redirected to a third-party application that grants limited access.</p><p>Note: The creation of user is handled in the user controller by calling user repository APIs. For Basic auth, the user has to register first using some endpoint like /register. For 3rd-party auth, the user will be created if login is successful and the user doesn’t exist in database yet.</p><p>Type C stands for the type of your credential object.</p><p>- For local strategy:</p><p>A typical credential would be: { username: username, password: password }</p><p>- For oauth strategy:</p><p>A typical credential would be: { clientId: string; clientSecret: string; callbackURL: string; }</p><p>It could be read from a local configuration file in the app</p><p>- For saml strategy:</p><p>A typical credential would be:</p><p>{ path: string; issuer: string; entryPoint: string; }</p><p>It could be read from a local configuration file in the app.</p>


Namespace Description
AuthenticationBindings Binding keys used by this component.


Variable Description
asAuthStrategy A binding template for auth strategy contributor extensions
AUTHENTICATION_METADATA_CLASS_KEY The key used to store class-level metadata for @authenticate
AUTHENTICATION_METADATA_METHOD_KEY The key used to store method-level metadata for @authenticate