Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Extract the jwt authentication to an extension module #4903

Closed
1 of 5 tasks
jannyHou opened this issue Mar 17, 2020 · 3 comments
Closed
1 of 5 tasks

Extract the jwt authentication to an extension module #4903

jannyHou opened this issue Mar 17, 2020 · 3 comments

Comments

@jannyHou
Copy link
Contributor

jannyHou commented Mar 17, 2020

This is a follow-up story for #4753
After extracting it into the local example package, we will move the component into a standalone extension module.

Copy the acceptance criteria from 4753

Suggestion

After creating the demo for JWT authentication in loopback4-shopping-example, and applied a similar auth system in loopback-example-access-control, we think it's time to extract the jwt authentication system into a separate extension package, so that:

  • jwt related services, bindings can be packed as a component
  • people can easily mount the component when they need a simple working authentication system, they can customize and enhance the system later
  • separating the component from example apps will give people a much more clear idea of what's the core of authentication

Use Cases

This extension will provide a basic jwt authentication system as a component. It's used when people want to see a demo of how to leverage an existing authentication strategy, or need a prototype of authentication to plugin and add code on it(like authorization).

Examples

In your application file, mount the authentication component like

// find a better name
import {JWT_AUTH_COMPONENT} from '@loopback/jwt-authentication-extension'
export class MyApplication extends BootMixin(
  ServiceMixin(RepositoryMixin(RestApplication)),
) {
this.component(JWT_AUTH_COMPONENT)
}

Then you can secure controller endpoints with @authenticate('jwt').

Details to figure out by the story owner: how to provide the custom User model. Include it in the component? Or define it in the app and integrate it with the component?

Acceptance criteria

@dhmlau
Copy link
Member

dhmlau commented Mar 17, 2020

@jannyHou , assigning to you, because I think it's already in progress.

@jannyHou
Copy link
Contributor Author

Closed 🎉

@jannyHou
Copy link
Contributor Author

A follow-up story for token refresh created in #5187, thank you for @mschnee's suggestion.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants