Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Doc] Update the authorization documentation #3694

Closed
4 tasks done
jannyHou opened this issue Sep 10, 2019 · 6 comments
Closed
4 tasks done

[Doc] Update the authorization documentation #3694

jannyHou opened this issue Sep 10, 2019 · 6 comments
Assignees
@emonddr @deepakrkris
Labels
Authorization Docs
Milestone
Dec 2019

Comments

@jannyHou
Copy link
Contributor

jannyHou commented Sep 10, 2019
edited by deepakrkris
Loading

Description

Since we have released the @loopback/authorization module, the authorization component page should be updated accordingly.

Acceptance Criteria

  • Explain the terms/concepts in LoopBack authorization system, like authorizer, voter, etc...

  • Update the authorization component page according to the new released @loopback/authorization

  • Document how to use the authorization module

  • Clean up the README.md file in @loopback/authorization if any content(design/usage/etc....) should be moved to the doc.
@dhmlau dhmlau added the 2019Q4 label Sep 10, 2019
@dhmlau dhmlau added the p1 label Sep 23, 2019
@agnes512 agnes512 mentioned this issue Sep 30, 2019
Closed
25 tasks
@dhmlau dhmlau mentioned this issue Oct 9, 2019
Closed
@emonddr emonddr changed the title [Doc] Update the authorization tutorial [Doc] Update the authorization ~~tutorial~~ documentation Oct 10, 2019
@emonddr emonddr changed the title [Doc] Update the authorization ~~tutorial~~ documentation [Doc] Update the authorization documentation Oct 10, 2019
@emonddr emonddr self-assigned this Oct 10, 2019
@emonddr emonddr mentioned this issue Nov 1, 2019
Closed
24 tasks
@dhmlau dhmlau added this to the Nov 2019 milestone milestone Nov 1, 2019
@totolef
Copy link

totolef commented Nov 5, 2019

Would be super nice ! Thanks

@jannyHou
Copy link
Contributor Author

cc @emonddr an outline of what we can include in the authorization documentation page:

Authorization decides if a subject can perform specific action on an object.

@loopback/authorization is built upon @loopback/authentication to verify whether a principal(user, device, or application) has access a request’s corresponding resource.

@loopback/authentication resolves the identity of principal(currently we only consider user as the principal) from the request, then passes it to @loopback/authorization. @loopback/authorization reads the endpoint’s accessibility metadata, like scope and resource name, then execute specified authorizers to decide if the identity has access to that particular protected resource, returns or rejects accordingly.

Concepts to explain:

Authorizer/Voter: Decide whether a principal can perform specific action on an object.

Authorize Interceptor: Reads metadata of the controller method, then invoke authorizer/voters with the metadata to make decision.

Principal: The identity of user/device/application.

AuthorizationMetadata: The metadata describes the resource and its accessibility.

Authorize Decorator: Annotate controller methods with authorization metadata.

@deepakrkris deepakrkris self-assigned this Nov 20, 2019
@frbuceta
Copy link
Contributor

Can someone help me to implement in the sequence? I am not able with the current documentation

@jannyHou
Copy link
Contributor Author

@frbuceta Team is still working on the documentation. It's promising to be ready in next week. I will update the link here then :)

@frbuceta
Copy link
Contributor

@frbuceta Team is still working on the documentation. It's promising to be ready in next week. I will update the link here then :)

Ok I subscribe to the issue

@deepakrkris deepakrkris mentioned this issue Nov 21, 2019
Merged
@dhmlau dhmlau mentioned this issue Nov 23, 2019
Closed
@dhmlau dhmlau modified the milestones: Nov 2019 milestone, Dec 2019 Dec 2, 2019
@dhmlau dhmlau added the Slipped label Dec 2, 2019
@deepakrkris
Copy link
Contributor

PR merged, closing issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@emonddr emonddr

@deepakrkris deepakrkris

Labels
Authorization Docs
Projects
None yet
Milestone
Dec 2019
Development

No branches or pull requests
6 participants
@totolef @emonddr @deepakrkris @jannyHou @frbuceta @dhmlau