Common types/interfaces for LoopBack 4 security including authentication and authorization.
Subject - It’s the “who” for security - contains a set of Principles, a set of Credentials, and a set of Permissions - Principle - Represent a user, an application, or a device - Credential - Security attributes used to authenticate the subject. Such credentials include passwords, Kerberos tickets, and public key certificates. - Permission - It’s the what for security.
Permission defines an action/access against a protected resource. It’s the what for security.There are three levels of permissions- Resource level (Order, User) - Instance level (Order-0001, User-1001) - Property level (User-0001.email)
Subject represents both security state and operations for a single request. It’s the who for security.Such operations include: - authentication (login) - authorization (access control) - session access - logout