@loopback/docs
Version:
Documentation files rendered at [https://loopback.io](https://loopback.io)
35 lines (23 loc) • 1.8 kB
Markdown
---
lang: en
title: 'API docs: security.subject'
keywords: LoopBack 4.0, LoopBack 4, Node.js, TypeScript, OpenAPI
sidebar: lb4_sidebar
editurl: https://github.com/loopbackio/loopback-next/tree/master/packages/security
permalink: /doc/en/lb4/apidocs.security.subject.html
---
<!-- Do not edit this file. It is automatically generated by API Documenter. -->
[Home](./index.md) > [@loopback/security](./security.md) > [Subject](./security.subject.md)
## Subject interface
`Subject` represents both security state and operations for a single request. It's the `who` for security.
Such operations include: - authentication (login) - authorization (access control) - session access - logout
<b>Signature:</b>
```typescript
export interface Subject
```
## Properties
| Property | Type | Description |
| --- | --- | --- |
| [authorities](./security.subject.authorities.md) | Set<[Permission](./security.permission.md)<!-- -->> | An array of authorities granted by the user to the client application. One example is {@<!-- -->link https://tools.ietf.org/html/rfc6749\#section-3.3 \| oAuth2 scopes). |
| [credentials](./security.subject.credentials.md) | Set<[Credential](./security.credential.md)<!-- -->> | An array of credentials, such as password, access token, or private/public keys. |
| [principals](./security.subject.principals.md) | Set<[TypedPrincipal](./security.typedprincipal.md)<!-- -->> | An array of principals. It can include information about the current user, the client application, and granted authorities.<code>Subject</code> represents both security state and operations for a single application user.<!-- -->Such operations include: - authentication (login) - authorization (access control) - session access - logout |