how can we have auth middleware to authorized each an every request

[shendkardevesh]

in current example of authentication verify function username and password is pass as an arguments but for every request it wou't be the case and how can we access header data in auth-strategy.provider.

[osmanmesutozcan]

Hey @shendkardevesh.
There is RestBindings.Http.REQUEST binding in @loopback/rest package to inject request object. You can inject request object into your provider and access headers from there.

Also some of the strategies let you specify header fields to get credentials from on each request. For example:

import { Strategy as JWTStrategy, ExtractJwt } from 'passport-jwt';

export class HttpAuthStrategyProvider implements Provider<Strategy | undefined> {
  constructor(
    @inject(RestBindings.Http.REQUEST) private request: Request,
    // ... DEDUCTED
  ) {

    this.verifyBasic = this.verifyBasic.bind(this);
  }

  value(): ValueOrPromise<Strategy | undefined> {

    if (!this.metadata) {
      return undefined;
    }

    const name = this.metadata.strategy;
    if (name === 'JWTStrategy') {
      return new JWTStrategy({
        secretOrKey: this.configuration.secrets.jwtSecret,
        jwtFromRequest: ExtractJwt.fromHeader('SOME_HEADER_NAME') // Here extract from headers
      }, this.verifyCallback);
    } else {
      return Promise.reject(`Strategy ${name} is not defined`);
    }
  }

  // .... DEDUCTED
}

[rohit-khanna]

Thanks @osmanmesutozcan , i was trying to achieve the above JWTStrategy stuff few days back and was stuck.
I was going through LB4 documentation and learning this framework, but I am sure, i would not have found the use of 'RestBindings.Http.REQUEST' just through the documentation :( [ or may be i missed something]. Thanks again!

[dhmlau]

Discussion with @raymondfeng @jannyHou @emonddr:

A few pointers:

• create an authorization component: https://loopback.io/doc/en/lb4/Loopback-component-authorization.html
• In progress PR: feat: add authorization component #1205
• an upcoming blog from @gobackhuoxing https://strongloop.com/authors/Wenbo_Sun/. Part 4 is about authentication and is coming up.

[stale]

This issue has been marked stale because it has not seen activity within six months. If you believe this to be in error, please contact one of the code owners, listed in the CODEOWNERS file at the top-level of this repository. This issue will be closed within 30 days of being stale.

[stale]

This issue has been marked stale because it has not seen activity within six months. If you believe this to be in error, please contact one of the code owners, listed in the CODEOWNERS file at the top-level of this repository. This issue will be closed within 30 days of being stale.