Extract the jwt authentication to an extension module #4903
Description
This is a follow-up story for #4753
After extracting it into the local example package, we will move the component into a standalone extension module.
Copy the acceptance criteria from 4753
Suggestion
After creating the demo for JWT authentication in loopback4-shopping-example, and applied a similar auth system in loopback-example-access-control, we think it's time to extract the jwt authentication system into a separate extension package, so that:
- jwt related services, bindings can be packed as a component
- people can easily mount the component when they need a simple working authentication system, they can customize and enhance the system later
- separating the component from example apps will give people a much more clear idea of what's the core of authentication
Use Cases
This extension will provide a basic jwt authentication system as a component. It's used when people want to see a demo of how to leverage an existing authentication strategy, or need a prototype of authentication to plugin and add code on it(like authorization).
Examples
In your application file, mount the authentication component like
// find a better name
import {JWT_AUTH_COMPONENT} from '@loopback/jwt-authentication-extension'
export class MyApplication extends BootMixin(
ServiceMixin(RepositoryMixin(RestApplication)),
) {
this.component(JWT_AUTH_COMPONENT)
}Then you can secure controller endpoints with @authenticate('jwt').
Details to figure out by the story owner: how to provide the custom User model. Include it in the component? Or define it in the app and integrate it with the component?
Acceptance criteria
- Extract jwt.auth.strategy.ts, jwt.service.ts, security.spec.ts, user.service.ts, keys.ts and bindings in application.ts from feat: add access control migration app #4571 into a component
- Add unit tests for services, and acceptance tests
- Refactor the migration app in feat: add access control migration app #4571 to leverage the component and update corresponding doc
- After finishing step 3, we should have a better understanding of how to refactor the shopping example, if we have bandwidth, refactor it in a separate story, and also update the existing auth tutorials if needed (issue Refactor Shopping Example: simulate ACLs with LB4 authorization #4522)
- update README file and have a link to reference it