CodeCoupler API Auth
CodeCoupler API Auth is as authentication and authorization component for Loopback.
Integrating this component you can add to every controller method an
decorator to restrict the access to users which are listed in a separated authentication database.
Additionally you can add an
decorator to restrict the access only to users with specific roles or permissions.
Your API will include the endpoints
/auth/me to login, logout
and get the current user informations.
Furhermore there are a lot endpoints like
/auth/roles to manage the authentication
database. These endpoints are only accessible for users with the permission
The authentication database structure allows you to add users, roles and permisssions. User can have multiple roles and roles can have multiple permissions. Furthermore you can allow and disallow permissions directly for specific users.
After succeful login you will get an response with a token, which will additionally try to be saved in a cookie1. The following requests can use this cookie or (if not possible or not wanted) can use the token in a Bearer Header.
If using the cookie for the authentication handling, the cookie will be refreshed on every request
and thus the expiration will automatically be extended. You can also disable the cookie refresh if
you send an header
Why Store JWT in Cookies: [https://stormpath.com/blog/where-to-store-your-jwts-cookies-vs-html5-web-storage] ↩