LoopBack version 3 provides several options for adding authentication and authorization to secure the applications:
A set of built-in models like
ACLmakes it easy to store your user credentials locally and define custom access control checks. The migration path is described in Migrating built-in authentication and authorization.
loopback-component-passport provides integration between LoopBack 3 and Passport to support third-party login and account linking for LoopBack applications. The migration path is described in Migrating Passport-based authentication.
loopback-component-oauth2 provides full integration between OAuth 2.0 and LoopBack. It enables LoopBack applications to function as an oAuth 2.0 provider to authenticate and authorize client applications and/or resource owners (i.e. users) to access protected API endpoints. The migration path is described in Migrating OAuth2 provider.