We’ve refactored the authentication component to be more extensible and easier to use.
The new design greatly simplifies the effort of application developers and extension developers since they now only need to focus on binding strategies to the application without having to understand/modify the strategy resolver or the action provider.
Here is a high level overview of the authentication component.
- A decorator to express an authentication requirement on controller methods
- A provider to access method-level authentication metadata
- An action in the REST sequence to enforce authentication
- An extension point to discover all authentication strategies and handle the delegation
Detailed documentation about the design and usage of
@email@example.com can be found here.
As an application developer, you only need 3 steps to secure your endpoints:
- Decorate the endpoints of a controller with the
- Insert the authentication action in a custom sequence
- Register the authentication strategy
As an extension developer, you can contribute a
LoopBack native authentication strategy by following the steps in Creating a Custom Authentication Strategy, or a
passport-based authentication strategy by following the steps in Wrapping a Passport-based Strategy with the Passport Strategy Adapter.
A tutorial and reference implementation on how to add JWT authentication to a LoopBack 4 application using
@firstname.lastname@example.org can be found here. It involves an updated version of the example shopping cart application.
Looking for User References
As you might be aware, our loopback.io web site has a brand new look. We’re rebuilding the
"Who's using LoopBack" section to showcase our users and the use cases. If you would like to be a part of it, see the details in this GitHub issue.
Call to Action
LoopBack’s future success depends on you. We appreciate your continuous support and engagement to make LoopBack even better and meaningful for your API creation experience. Please join us and help the project by: