Page Contents

Home > @loopback/authentication

authentication package

A LoopBack 4 component for authentication support.


The core logic for the authentication layer in LoopBack 4.

It contains:

  • A decorator to express an authentication requirement on controller methods - A provider to access method-level authentication metadata - An action in the REST sequence to enforce authentication - An extension point to discover all authentication strategies and handle the delegation


Class Description
AuthenticateActionProvider Provides the authentication action for a sequence
AuthenticationStrategyProvider An authentication strategy provider responsible for resolving an authentication strategy by name.It declares an extension point to which all authentication strategy implementations must register themselves as extensions.
AuthMetadataProvider Provides authentication metadata of a controller method


Function Description
authenticate(strategies) Mark a controller method as requiring authenticated user.
getAuthenticateMetadata(targetClass, methodName) Fetch authentication metadata stored by @authenticate decorator.
getAuthenticationMetadataForStrategy(metadata, strategyName) Get the authentication metadata object for the specified strategy.
registerAuthenticationStrategy(context, strategyClass) Registers an authentication strategy as an extension of the AuthenticationBindings.AUTHENTICATION_STRATEGY_EXTENSION_POINT_NAME extension point.


Interface Description
AuthenticateFn interface definition of a function which accepts a request and returns an authenticated user
AuthenticationMetadata Authentication metadata stored via Reflection API
AuthenticationOptions Options for authentication component
AuthenticationStrategy An interface that describes the common authentication strategy.An authentication strategy is a class with an ‘authenticate’ method that verifies a user’s credentials and returns the corresponding user profile.
TokenService An interface for generating and verifying a token
UserIdentityService The User Identity service links a user to profiles from an external source (eg: ldap, oauth2 provider, saml) which can identify the user. The profile typically has the following information: name, email-id, uuid, roles, authorizations, scope of accessible resources, expiration time for given access
UserProfileFactory interface definition of a factory function which accepts a user definition and returns the user profile
UserService A service for performing the login action in an authentication strategy.Usually a client user uses basic credentials to login, or is redirected to a third-party application that grants limited access.Note: The creation of user is handled in the user controller by calling user repository APIs. For Basic auth, the user has to register first using some endpoint like /register. For 3rd-party auth, the user will be created if login is successful and the user doesn’t exist in database yet.Type C stands for the type of your credential object.- For local strategy:A typical credential would be: { username: username, password: password }- For oauth strategy:A typical credential would be: { clientId: string; clientSecret: string; callbackURL: string; }It could be read from a local configuration file in the app- For saml strategy:A typical credential would be:{ path: string; issuer: string; entryPoint: string; }It could be read from a local configuration file in the app.


Namespace Description
AuthenticationBindings Binding keys used by this component.


Variable Description
asAuthStrategy A binding template for auth strategy contributor extensions
AUTHENTICATION_METADATA_CLASS_KEY The key used to store class-level metadata for @authenticate
AUTHENTICATION_METADATA_METHOD_KEY The key used to store method-level metadata for @authenticate