@loopback/authorization
Advanced tools
A LoopBack 4 component for authorization support (Role based, Permission based, Vote based)
To read on key building blocks read through loopback authorization docs
The authorization component can be configured with options:
const options: AuthorizationOptions = {
precedence: AuthorizationDecisions.DENY;
defaultDecision: AuthorizationDecisions.DENY;
}
const binding = app.component(AuthorizationComponent);
app.configure(binding.key).to(options);
npm install --save @loopback/authorization
Start by decorating your controller methods with @authorize to require the
request to be authorized.
In this example, we make the user profile available via dependency injection
using a key available from @loopback/authorization package.
import {inject} from '@loopback/context';
import {authorize} from '@loopback/authorization';
import {get} from '@loopback/rest';
export class MyController {
@authorize({allow: ['ADMIN']})
@get('/number-of-views')
numOfViews(): number {
return 100;
}
}
@loopback/authentication and @loopback/authorization share the client
information from the request. Therefore we have created another module,
@loopback/security with types/interfaces that describe the client, like
principles, userProfile, etc.
run npm test from the root folder.
See all contributors.
MIT
FAQs
A LoopBack component for authorization support.
The npm package @loopback/authorization receives a total of 4,513 weekly downloads. As such, @loopback/authorization popularity was classified as popular.
We found that @loopback/authorization demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A Stanford study reveals 9.5% of engineers contribute almost nothing, costing tech $90B annually, with remote work fueling the rise of "ghost engineers."
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.