Page Contents

Home > @loopback/authorization > AuthorizationOptions

AuthorizationOptions interface

Signature:

export interface AuthorizationOptions 

Properties

Property Modifiers Type Description

defaultDecision?

AuthorizationDecision.DENY | AuthorizationDecision.ALLOW

(Optional) Default decision if all authorizers vote for ABSTAIN If not set, default to AuthorizationDecision.DENY

defaultMetadata?

AuthorizationMetadata

(Optional) Default authorization metadata if a method is not decorated with @authorize. If not set, no authorization will be enforced for those methods that are not associated with authorization metadata.

defaultStatusCodeForDeny?

number

(Optional) Default HTTP status code when the final decision is AuthorizationDecision.DENY. If not set, default to 403

precedence?

AuthorizationDecision.DENY | AuthorizationDecision.ALLOW

(Optional) Controls if Allow/Deny vote takes precedence and override other votes. If not set, default to AuthorizationDecision.DENY.

Once a vote matches the precedence, it becomes the final decision. The rest of votes will be skipped.