UNPKG

@loopback/docs

Version:

Documentation files rendered at [https://loopback.io](https://loopback.io)

github.com/loopbackio/loopback-next/tree/master/docs

loopbackio/loopback-next

69 lines (53 loc) 2.48 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
--- lang: en title: 'Authorization Component' keywords: LoopBack 4.0, LoopBack 4, Node.js, TypeScript, OpenAPI, Authorization sidebar: lb4_sidebar permalink: /doc/en/lb4/Loopback-component-authorization.html --- ## Registering the Authorization Component The `@loopback/authorization` package exports an [Authorization Component](https://github.com/loopbackio/loopback-next/blob/master/packages/authorization/src/authorization-component.ts) class. - Developers will have to register this component to use access control features in their application. ```ts const options: AuthorizationOptions = { precedence: AuthorizationDecision.DENY, defaultDecision: AuthorizationDecision.DENY, }; app.configure(AuthorizationBindings.COMPONENT).to(options); app.component(AuthorizationComponent); ``` - The authorization `options` are provided specifically for enforcing the [decision matrix](Authorization-component-decision-matrix.md), which is used to combine voters from all `authorize` functions. The options are described per the interface AuthorizationOptions. ```ts export interface AuthorizationOptions { /** * Default decision if all authorizers vote for ABSTAIN */ defaultDecision?: AuthorizationDecision.DENY | AuthorizationDecision.ALLOW; /** * Controls if Allow/Deny vote takes precedence and override other votes */ precedence?: AuthorizationDecision.DENY | AuthorizationDecision.ALLOW; } ``` The component also declares various [types](https://github.com/loopbackio/loopback-next/blob/master/packages/authorization/src/types.ts) to use in defining necessary classes and inputs by developers. - `Authorizer`: A class implementing access policies. Accepts `AuthorizationContext` and `AuthorizationMetadata` as input and returns an `AuthorizationDecision`. - `AuthorizationDecision`: expected type to be returned by an `Authorizer` - `AuthorizationMetadata`: expected type of the authorization spec passed to the decorator used to annotate a controller method. Also provided as input parameter to the `Authorizer`. - `AuthorizationContext`: contains current principal invoking an endpoint, request context and expected roles and scopes. - `Enforcer`: type of extension classes that provide authorization services for an `Authorizer`. - `AuthorizationRequest`: type of the input provided to an `Enforcer`. - `AuthorizationError`: expected type of the error thrown by an `Authorizer`.