@loopback/docs/site/apidocs/authentication.md

Documentation files rendered at [https://loopback.io](https://loopback.io)

---
lang: en
title: 'API docs: authentication'
keywords: LoopBack 4.0, LoopBack 4, Node.js, TypeScript, OpenAPI
sidebar: lb4_sidebar
editurl: https://github.com/loopbackio/loopback-next/tree/master/packages/authentication
permalink: /doc/en/lb4/apidocs.authentication.html
---

<!-- Do not edit this file. It is automatically generated by API Documenter. -->

[Home](./index.md) &gt; [@loopback/authentication](./authentication.md)

## authentication package

A LoopBack 4 component for authentication support.

## Remarks

The core logic for the authentication layer in LoopBack 4.

It contains:

- A decorator to express an authentication requirement on controller methods - A provider to access method-level authentication metadata - An action in the REST sequence to enforce authentication - An extension point to discover all authentication strategies and handle the delegation

## Classes

<table><thead><tr><th>

Class


</th><th>

Description


</th></tr></thead>
<tbody><tr><td markdown="1">

[AuthenticateActionProvider](./authentication.authenticateactionprovider.md)


</td><td markdown="1">

Provides the authentication action for a sequence


</td></tr>
<tr><td markdown="1">

[AuthenticationComponent](./authentication.authenticationcomponent.md)


</td><td markdown="1">


</td></tr>
<tr><td markdown="1">

[AuthenticationMiddlewareProvider](./authentication.authenticationmiddlewareprovider.md)


</td><td markdown="1">


</td></tr>
<tr><td markdown="1">

[AuthenticationStrategyProvider](./authentication.authenticationstrategyprovider.md)


</td><td markdown="1">

An authentication strategy provider responsible for resolving an authentication strategy by name.

It declares an extension point to which all authentication strategy implementations must register themselves as extensions.


</td></tr>
<tr><td markdown="1">

[AuthMetadataProvider](./authentication.authmetadataprovider.md)


</td><td markdown="1">

Provides authentication metadata of a controller method


</td></tr>
</tbody></table>

## Functions

<table><thead><tr><th>

Function


</th><th>

Description


</th></tr></thead>
<tbody><tr><td markdown="1">

[authenticate(strategies)](./authentication.authenticate.md)


</td><td markdown="1">

Mark a controller method as requiring authenticated user.


</td></tr>
<tr><td markdown="1">

[getAuthenticateMetadata(targetClass, methodName)](./authentication.getauthenticatemetadata.md)


</td><td markdown="1">

Fetch authentication metadata stored by `@authenticate` decorator.


</td></tr>
<tr><td markdown="1">

[getAuthenticationMetadataForStrategy(metadata, strategyName)](./authentication.getauthenticationmetadataforstrategy.md)


</td><td markdown="1">

Get the authentication metadata object for the specified strategy.


</td></tr>
<tr><td markdown="1">

[registerAuthenticationStrategy(context, strategyClass)](./authentication.registerauthenticationstrategy.md)


</td><td markdown="1">

Registers an authentication strategy as an extension of the AuthenticationBindings.AUTHENTICATION\_STRATEGY\_EXTENSION\_POINT\_NAME extension point.


</td></tr>
</tbody></table>

## Interfaces

<table><thead><tr><th>

Interface


</th><th>

Description


</th></tr></thead>
<tbody><tr><td markdown="1">

[AuthenticateFn](./authentication.authenticatefn.md)


</td><td markdown="1">

interface definition of a function which accepts a request and returns an authenticated user


</td></tr>
<tr><td markdown="1">

[AuthenticationMetadata](./authentication.authenticationmetadata.md)


</td><td markdown="1">

Authentication metadata stored via Reflection API


</td></tr>
<tr><td markdown="1">

[AuthenticationOptions](./authentication.authenticationoptions.md)


</td><td markdown="1">

Options for authentication component


</td></tr>
<tr><td markdown="1">

[AuthenticationStrategy](./authentication.authenticationstrategy.md)


</td><td markdown="1">

An interface that describes the common authentication strategy.

An authentication strategy is a class with an 'authenticate' method that verifies a user's credentials and returns the corresponding user profile.


</td></tr>
<tr><td markdown="1">

[TokenService](./authentication.tokenservice.md)


</td><td markdown="1">

An interface for generating and verifying a token


</td></tr>
<tr><td markdown="1">

[UserIdentityService](./authentication.useridentityservice.md)


</td><td markdown="1">

The User Identity service links a user to profiles from an external source (eg: ldap, oauth2 provider, saml) which can identify the user. The profile typically has the following information: name, email-id, uuid, roles, authorizations, scope of accessible resources, expiration time for given access


</td></tr>
<tr><td markdown="1">

[UserProfileFactory](./authentication.userprofilefactory.md)


</td><td markdown="1">

interface definition of a factory function which accepts a user definition and returns the user profile


</td></tr>
<tr><td markdown="1">

[UserService](./authentication.userservice.md)


</td><td markdown="1">

A service for performing the login action in an authentication strategy.

Usually a client user uses basic credentials to login, or is redirected to a third-party application that grants limited access.

Note: The creation of user is handled in the user controller by calling user repository APIs. For Basic auth, the user has to register first using some endpoint like `/register`<!-- -->. For 3rd-party auth, the user will be created if login is successful and the user doesn't exist in database yet.

Type `C` stands for the type of your credential object.

- For local strategy:

A typical credential would be: { username: username, password: password }

- For oauth strategy:

A typical credential would be: { clientId: string; clientSecret: string; callbackURL: string; }

It could be read from a local configuration file in the app

- For saml strategy:

A typical credential would be:

{ path: string; issuer: string; entryPoint: string; }

It could be read from a local configuration file in the app.


</td></tr>
</tbody></table>

## Namespaces

<table><thead><tr><th>

Namespace


</th><th>

Description


</th></tr></thead>
<tbody><tr><td markdown="1">

[authenticate](./authentication.authenticate.md)


</td><td markdown="1">


</td></tr>
<tr><td markdown="1">

[AuthenticationBindings](./authentication.authenticationbindings.md)


</td><td markdown="1">

Binding keys used by this component.


</td></tr>
</tbody></table>

## Variables

<table><thead><tr><th>

Variable


</th><th>

Description


</th></tr></thead>
<tbody><tr><td markdown="1">

[asAuthStrategy](./authentication.asauthstrategy.md)


</td><td markdown="1">

A binding template for auth strategy contributor extensions


</td></tr>
<tr><td markdown="1">

[AUTHENTICATION\_METADATA\_CLASS\_KEY](./authentication.authentication_metadata_class_key.md)


</td><td markdown="1">

The key used to store class-level metadata for `@authenticate`


</td></tr>
<tr><td markdown="1">

[AUTHENTICATION\_METADATA\_KEY](./authentication.authentication_metadata_key.md)


</td><td markdown="1">

Alias for AUTHENTICATION\_METADATA\_METHOD\_KEY to keep it backward compatible


</td></tr>
<tr><td markdown="1">

[AUTHENTICATION\_METADATA\_METHOD\_KEY](./authentication.authentication_metadata_method_key.md)


</td><td markdown="1">

The key used to store method-level metadata for `@authenticate`


</td></tr>
<tr><td markdown="1">

[AUTHENTICATION\_STRATEGY\_NOT\_FOUND](./authentication.authentication_strategy_not_found.md)


</td><td markdown="1">


</td></tr>
<tr><td markdown="1">

[USER\_PROFILE\_NOT\_FOUND](./authentication.user_profile_not_found.md)


</td><td markdown="1">


</td></tr>
</tbody></table>