Page Contents
Home > @loopback/authentication
authentication package
A LoopBack 4 component for authentication support.
Remarks
The core logic for the authentication layer in LoopBack 4.
It contains:
- A decorator to express an authentication requirement on controller methods - A provider to access method-level authentication metadata - An action in the REST sequence to enforce authentication - An extension point to discover all authentication strategies and handle the delegation
Classes
| Class | Description |
|---|---|
| [AuthenticateActionProvider](/doc/en/lb4/apidocs.authentication.authenticateactionprovider.html) | Provides the authentication action for a sequence |
| [AuthenticationComponent](/doc/en/lb4/apidocs.authentication.authenticationcomponent.html) | |
| [AuthenticationMiddlewareProvider](/doc/en/lb4/apidocs.authentication.authenticationmiddlewareprovider.html) | |
| [AuthenticationStrategyProvider](/doc/en/lb4/apidocs.authentication.authenticationstrategyprovider.html) | An authentication strategy provider responsible for resolving an authentication strategy by name. It declares an extension point to which all authentication strategy implementations must register themselves as extensions. |
| [AuthMetadataProvider](/doc/en/lb4/apidocs.authentication.authmetadataprovider.html) | Provides authentication metadata of a controller method |
Functions
| Function | Description |
|---|---|
| [authenticate(strategies)](/doc/en/lb4/apidocs.authentication.authenticate.html) | Mark a controller method as requiring authenticated user. |
| [getAuthenticateMetadata(targetClass, methodName)](/doc/en/lb4/apidocs.authentication.getauthenticatemetadata.html) | Fetch authentication metadata stored by `@authenticate` decorator. |
| [getAuthenticationMetadataForStrategy(metadata, strategyName)](/doc/en/lb4/apidocs.authentication.getauthenticationmetadataforstrategy.html) | Get the authentication metadata object for the specified strategy. |
| [registerAuthenticationStrategy(context, strategyClass)](/doc/en/lb4/apidocs.authentication.registerauthenticationstrategy.html) | Registers an authentication strategy as an extension of the AuthenticationBindings.AUTHENTICATION\_STRATEGY\_EXTENSION\_POINT\_NAME extension point. |
Interfaces
| Interface | Description |
|---|---|
| [AuthenticateFn](/doc/en/lb4/apidocs.authentication.authenticatefn.html) | interface definition of a function which accepts a request and returns an authenticated user |
| [AuthenticationMetadata](/doc/en/lb4/apidocs.authentication.authenticationmetadata.html) | Authentication metadata stored via Reflection API |
| [AuthenticationOptions](/doc/en/lb4/apidocs.authentication.authenticationoptions.html) | Options for authentication component |
| [AuthenticationStrategy](/doc/en/lb4/apidocs.authentication.authenticationstrategy.html) | An interface that describes the common authentication strategy. An authentication strategy is a class with an 'authenticate' method that verifies a user's credentials and returns the corresponding user profile. |
| [TokenService](/doc/en/lb4/apidocs.authentication.tokenservice.html) | An interface for generating and verifying a token |
| [UserIdentityService](/doc/en/lb4/apidocs.authentication.useridentityservice.html) | The User Identity service links a user to profiles from an external source (eg: ldap, oauth2 provider, saml) which can identify the user. The profile typically has the following information: name, email-id, uuid, roles, authorizations, scope of accessible resources, expiration time for given access |
| [UserProfileFactory](/doc/en/lb4/apidocs.authentication.userprofilefactory.html) | interface definition of a factory function which accepts a user definition and returns the user profile |
| [UserService](/doc/en/lb4/apidocs.authentication.userservice.html) | A service for performing the login action in an authentication strategy. Usually a client user uses basic credentials to login, or is redirected to a third-party application that grants limited access. Note: The creation of user is handled in the user controller by calling user repository APIs. For Basic auth, the user has to register first using some endpoint like `/register`. For 3rd-party auth, the user will be created if login is successful and the user doesn't exist in database yet. Type `C` stands for the type of your credential object. - For local strategy: A typical credential would be: { username: username, password: password } - For oauth strategy: A typical credential would be: { clientId: string; clientSecret: string; callbackURL: string; } It could be read from a local configuration file in the app - For saml strategy: A typical credential would be: { path: string; issuer: string; entryPoint: string; } It could be read from a local configuration file in the app. |
Namespaces
| Namespace | Description |
|---|---|
| [authenticate](/doc/en/lb4/apidocs.authentication.authenticate.html) | |
| [AuthenticationBindings](/doc/en/lb4/apidocs.authentication.authenticationbindings.html) | Binding keys used by this component. |
Variables
| Variable | Description |
|---|---|
| [asAuthStrategy](/doc/en/lb4/apidocs.authentication.asauthstrategy.html) | A binding template for auth strategy contributor extensions |
| [AUTHENTICATION\_METADATA\_CLASS\_KEY](/doc/en/lb4/apidocs.authentication.authentication_metadata_class_key.html) | The key used to store class-level metadata for `@authenticate` |
| [AUTHENTICATION\_METADATA\_KEY](/doc/en/lb4/apidocs.authentication.authentication_metadata_key.html) | Alias for AUTHENTICATION\_METADATA\_METHOD\_KEY to keep it backward compatible |
| [AUTHENTICATION\_METADATA\_METHOD\_KEY](/doc/en/lb4/apidocs.authentication.authentication_metadata_method_key.html) | The key used to store method-level metadata for `@authenticate` |
| [AUTHENTICATION\_STRATEGY\_NOT\_FOUND](/doc/en/lb4/apidocs.authentication.authentication_strategy_not_found.html) | |
| [USER\_PROFILE\_NOT\_FOUND](/doc/en/lb4/apidocs.authentication.user_profile_not_found.html) |