Page Contents

@loopback/authorization

A LoopBack 4 component for authorization support (Role based, Permission based, Vote based)

To read on key building blocks read through loopback authorization docs

Authorization

The authorization component can be configured with options:

const options: AuthorizationOptions = {
  precedence: AuthorizationDecisions.DENY;
  defaultDecision: AuthorizationDecisions.DENY;
}

const binding = app.component(AuthorizationComponent);
app.configure(binding.key).to(options);

Installation

npm install --save @loopback/authorization

Basic use

Start by decorating your controller methods with @authorize to require the request to be authorized.

In this example, we make the user profile available via dependency injection using a key available from @loopback/authorization package.

import {inject} from '@loopback/context';
import {authorize} from '@loopback/authorization';
import {get} from '@loopback/rest';

export class MyController {
  @authorize({allow: ['ADMIN']})
  @get('/number-of-views')
  numOfViews(): number {
    return 100;
  }
}

Extract common layer

@loopback/authentication and @loopback/authorization share the client information from the request. Therefore we have created another module, @loopback/security with types/interfaces that describe the client, like principles, userProfile, etc.

Contributions

Tests

run npm test from the root folder.

Contributors

See all contributors.

License

MIT