@loopback/docs

--- lang: en title: 'API docs: security' keywords: LoopBack 4.0, LoopBack 4, Node.js, TypeScript, OpenAPI sidebar: lb4_sidebar editurl: https://github.com/loopbackio/loopback-next/tree/master/packages/security permalink: /doc/en/lb4/apidocs.security.html ---  [Home](./index.md) > [@loopback/security](./security.md) ## security package Common types/interfaces for LoopBack 4 security including authentication and authorization. ## Remarks - Subject - It's the "who" for security - contains a set of Principles, a set of Credentials, and a set of Permissions - Principle - Represent a user, an application, or a device - Credential - Security attributes used to authenticate the subject. Such credentials include passwords, Kerberos tickets, and public key certificates. - Permission - It's the what for security. ## Classes <table><thead><tr><th> Class </th><th> Description </th></tr></thead> <tbody><tr><td markdown="1"> [DefaultSubject](./security.defaultsubject.md) </td><td markdown="1"> Default implementation of `Subject` </td></tr> <tr><td markdown="1"> [Permission](./security.permission.md) </td><td markdown="1"> `Permission` defines an action/access against a protected resource. It's the `what` for security. There are three levels of permissions - Resource level (Order, User) - Instance level (Order-0001, User-1001) - Property level (User-0001.email) </td></tr> <tr><td markdown="1"> [TypedPrincipal](./security.typedprincipal.md) </td><td markdown="1"> </td></tr> </tbody></table> ## Interfaces <table><thead><tr><th> Interface </th><th> Description </th></tr></thead> <tbody><tr><td markdown="1"> [ClientApplication](./security.clientapplication.md) </td><td markdown="1"> </td></tr> <tr><td markdown="1"> [Credential](./security.credential.md) </td><td markdown="1"> Security attributes used to authenticate the subject. Such credentials include passwords, Kerberos tickets, and public key certificates. </td></tr> <tr><td markdown="1"> [Organization](./security.organization.md) </td><td markdown="1"> </td></tr> <tr><td markdown="1"> [Principal](./security.principal.md) </td><td markdown="1"> Represent a user, an application, or a device </td></tr> <tr><td markdown="1"> [Role](./security.role.md) </td><td markdown="1"> </td></tr> <tr><td markdown="1"> [Scope](./security.scope.md) </td><td markdown="1"> oAuth 2.0 scope </td></tr> <tr><td markdown="1"> [Subject](./security.subject.md) </td><td markdown="1"> `Subject` represents both security state and operations for a single request. It's the `who` for security. Such operations include: - authentication (login) - authorization (access control) - session access - logout </td></tr> <tr><td markdown="1"> [Team](./security.team.md) </td><td markdown="1"> </td></tr> <tr><td markdown="1"> [UserProfile](./security.userprofile.md) </td><td markdown="1"> The minimum set of attributes that describe a user. </td></tr> </tbody></table> ## Namespaces <table><thead><tr><th> Namespace </th><th> Description </th></tr></thead> <tbody><tr><td markdown="1"> [SecurityBindings](./security.securitybindings.md) </td><td markdown="1"> Binding keys for security related metadata </td></tr> </tbody></table> ## Variables <table><thead><tr><th> Variable </th><th> Description </th></tr></thead> <tbody><tr><td markdown="1"> [securityId](./security.securityid.md) </td><td markdown="1"> A symbol for stringified id of security related objects </td></tr> </tbody></table>