Common types/interfaces for LoopBack 4 security including authentication and authorization.
Subject - It’s the “who” for security - contains a set of Principles, a set of Credentials, and a set of Permissions - Principle - Represent a user, an application, or a device - Credential - Security attributes used to authenticate the subject. Such credentials include passwords, Kerberos tickets, and public key certificates. - Permission - It’s the what for security.
<p>Permission defines an action/access against a protected resource. It’s the what for security.</p><p>There are three levels of permissions</p><p>- Resource level (Order, User) - Instance level (Order-0001, User-1001) - Property level (User-0001.email)</p>
<p>Subject represents both security state and operations for a single request. It’s the who for security.</p><p>Such operations include: - authentication (login) - authorization (access control) - session access - logout</p>