@loopback/docs

--- lang: en title: 'API docs: security.subject' keywords: LoopBack 4.0, LoopBack 4, Node.js, TypeScript, OpenAPI sidebar: lb4_sidebar editurl: https://github.com/loopbackio/loopback-next/tree/master/packages/security permalink: /doc/en/lb4/apidocs.security.subject.html ---  [Home](./index.md) > [@loopback/security](./security.md) > [Subject](./security.subject.md) ## Subject interface `Subject` represents both security state and operations for a single request. It's the `who` for security. Such operations include: - authentication (login) - authorization (access control) - session access - logout **Signature:** ```typescript export interface Subject ``` ## Properties <table><thead><tr><th> Property </th><th> Modifiers </th><th> Type </th><th> Description </th></tr></thead> <tbody><tr><td markdown="1"> [authorities](./security.subject.authorities.md) </td><td markdown="1"> </td><td markdown="1"> Set<[Permission](./security.permission.md)> </td><td markdown="1"> An array of authorities granted by the user to the client application. One example is {@link https://tools.ietf.org/html/rfc6749\#section-3.3 \| oAuth2 scopes). </td></tr> <tr><td markdown="1"> [credentials](./security.subject.credentials.md) </td><td markdown="1"> </td><td markdown="1"> Set<[Credential](./security.credential.md)> </td><td markdown="1"> An array of credentials, such as password, access token, or private/public keys. </td></tr> <tr><td markdown="1"> [principals](./security.subject.principals.md) </td><td markdown="1"> </td><td markdown="1"> Set<[TypedPrincipal](./security.typedprincipal.md)> </td><td markdown="1"> An array of principals. It can include information about the current user, the client application, and granted authorities. `Subject` represents both security state and operations for a single application user. Such operations include: - authentication (login) - authorization (access control) - session access - logout </td></tr> </tbody></table>