You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
After creating the demo for JWT authentication in loopback4-shopping-example, and applied a similar auth system in loopback-example-access-control, we think it's time to extract the jwt authentication system into a separate extension package, so that:
jwt related services, bindings can be packed as a component
people can easily mount the component when they need a simple working authentication system, they can customize and enhance the system later
separating the component from example apps will give people a much more clear idea of what's the core of authentication
Use Cases
This extension will provide a basic jwt authentication system as a component. It's used when people want to see a demo of how to leverage an existing authentication strategy, or need a prototype of authentication to plugin and add code on it(like authorization).
Examples
In your application file, mount the authentication component like
// find a better nameimport{JWT_AUTH_COMPONENT}from'@loopback/jwt-authentication-extension'exportclassMyApplicationextendsBootMixin(ServiceMixin(RepositoryMixin(RestApplication)),){this.component(JWT_AUTH_COMPONENT)}
Then you can secure controller endpoints with @authenticate('jwt').
Details to figure out by the story owner: how to provide the custom User model. Include it in the component? Or define it in the app and integrate it with the component?
Acceptance criteria
Extract jwt.auth.strategy.ts, jwt.service.ts, security.spec.ts, user.service.ts, keys.ts and bindings in application.ts from feat: add access control migration app #4571 into a component
After finishing step 3, we should have a better understanding of how to refactor the shopping example, if we have bandwidth, refactor it in a separate story, and also update the existing auth tutorials if needed (issue Refactor Shopping Example: simulate ACLs with LB4 authorization #4522)
The text was updated successfully, but these errors were encountered:
UPDATE: to simplify the story, let's first make it a local refactor for the auth migration example app: extract jwt authentication into a local component for it.
jannyHou
changed the title
Create an extension for jwt authentication
Extract the jwt authentication to a local component for the auth migration example app
Feb 27, 2020
Suggestion
After creating the demo for JWT authentication in loopback4-shopping-example, and applied a similar auth system in loopback-example-access-control, we think it's time to extract the jwt authentication system into a separate extension package, so that:
Use Cases
This extension will provide a basic jwt authentication system as a component. It's used when people want to see a demo of how to leverage an existing authentication strategy, or need a prototype of authentication to plugin and add code on it(like authorization).
Examples
In your application file, mount the authentication component like
Then you can secure controller endpoints with
@authenticate('jwt')
.Details to figure out by the story owner: how to provide the custom User model. Include it in the component? Or define it in the app and integrate it with the component?
Acceptance criteria
The text was updated successfully, but these errors were encountered: