{"componentChunkName":"component---src-templates-tag-js","path":"/tags/loop-back/","result":{"data":{"site":{"siteMetadata":{"title":"LoginRadius Blog"}},"allMarkdownRemark":{"totalCount":1,"edges":[{"node":{"fields":{"slug":"/engineering/guest-post/loopback-rest-api-authentication/"},"html":"<p>Authentication and authorization are critical in every software application to secure user data and allow access to trusted users. In some cases, implementing authentication and authorization is not an easy process.</p>\n<p>However, LoopBack 4 offers an authentication package <strong>@loopback/authentication</strong> that helps secure your application's API endpoints. It provides custom authentication strategies and a <strong>@authenticate</strong> decorator that requires minimal boilerplate code.</p>\n<h2 id=\"what-is-loopback\" style=\"position:relative;\"><a href=\"#what-is-loopback\" aria-label=\"what is loopback permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>What is LoopBack?</h2>\n<p>According to the <a href=\"https://loopback.io/doc/en/lb4/index.html\">LoopBack 4 documentation</a>:</p>\n<blockquote>\n<p>LoopBack is a flexible, open source Node.js and TypeScript framework built on Express. It helps you quickly develop APIs and microservices built on backend systems such as databases and SOAP or REST services.</p>\n</blockquote>\n<p>Loopback provides several features that allow you to build your application with less boilerplate code.</p>\n<h2 id=\"what-is-json-web-token-jwt\" style=\"position:relative;\"><a href=\"#what-is-json-web-token-jwt\" aria-label=\"what is json web token jwt permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>What is JSON Web Token (JWT)?</h2>\n<p>JSON Web Token (JWT) is an open standard <a href=\"https://datatracker.ietf.org/doc/html/rfc7519.html\">defined by Internet Engineering Task Force (IETF) in RFC 7519</a>.</p>\n<p>It is a standard used for securely transferring claims between two parties over the internet. It uses JSON Web Signature (JWS) for the secure transfer of claims and eliminates the possibility of tampering. Accordingly, JWTs can be signed with either a secret (HMAC technique) or a public/private key pair (RSA or ECDSA).</p>\n<p>In simple words, it is used for authentication and secure information sharing. A JWT token is made up of three components that are separated by three dots:</p>\n<ul>\n<li><strong>Header:</strong> The header is made up of two parts — the kind of token, which is JWT; the signature technique used, either HMAC SHA256 or RSA.</li>\n<li><strong>Payload:</strong> The payload is the token, which includes the claims. Claims are assertions about an entity that provides extra information.</li>\n<li><strong>Signature:</strong> The encoded header, encoded payload, a secret, and the algorithm provided in the header comprise the signature.</li>\n</ul>\n<blockquote>\n<p>You can learn more about <a href=\"https://www.loginradius.com/blog/engineering/guest-post/jwt-authentication-best-practices-and-when-to-use/\">JWT and its best practices here</a>.</p>\n</blockquote>\n<h2 id=\"prerequisites\" style=\"position:relative;\"><a href=\"#prerequisites\" aria-label=\"prerequisites permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Prerequisites</h2>\n<p>This tutorial is a hands-on demonstration. To follow along, be sure you have the following in place:</p>\n<ul>\n<li>A Linux machine — This tutorial will use Ubuntu 20.04.3 LTS (Focal Fossa). The tutorial also works well on other Linux distributions and operating systems.</li>\n<li><a href=\"https://nodejs.org/\"><strong>NodeJS</strong></a> — JavaScript runtime built on Chrome's V8 JavaScript engine.</li>\n<li><a href=\"https://www.mongodb.com/\"><strong>MongoDB</strong></a> — Document-oriented database program.</li>\n</ul>\n<h2 id=\"install-loopback-cli\" style=\"position:relative;\"><a href=\"#install-loopback-cli\" aria-label=\"install loopback cli permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Install LoopBack CLI</h2>\n<p>To start building your LoopBack REST API, first install LoopBack CLI, which provides the quickest method to create a LoopBack 4 project that follows best practices.</p>\n<p>Use the command below to install the Loopback CLI globally:</p>\n<pre class=\"grvsc-container dark-default-dark\" data-language=\"bash\" data-index=\"0\"><code class=\"grvsc-code\"><span class=\"grvsc-line\"><span class=\"mtk1\">npm i -g @loopback/cli</span></span></code></pre>\n<p>You can grab a cup of coffee while you wait for the installation to complete. Then open your command line, create an <code>AuthWithLooback</code> folder, and change the directory to the <code>AuthWithLooback</code> folder with commands below:</p>\n<pre class=\"grvsc-container dark-default-dark\" data-language=\"bash\" data-index=\"1\"><code class=\"grvsc-code\"><span class=\"grvsc-line\"><span class=\"mtk1\">mkdir AuthWithLooback</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk11\">cd</span><span class=\"mtk1\"> AuthWithLooback</span></span></code></pre>\n<h2 id=\"scaffold-your-loopback-project\" style=\"position:relative;\"><a href=\"#scaffold-your-loopback-project\" aria-label=\"scaffold your loopback project permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Scaffold Your LoopBack Project</h2>\n<p>So, you've installed Loopback CLI and created a project directory. Let's run the following command to create a LoopBack project:</p>\n<pre class=\"grvsc-container dark-default-dark\" data-language=\"bash\" data-index=\"2\"><code class=\"grvsc-code\"><span class=\"grvsc-line\"><span class=\"mtk1\">lb4 app</span></span></code></pre>\n<p>Select the options as in the following screenshot to complete the prompts.</p>\n<p><img src=\"/982c31e4e0a8b99735b9e920e72e898f/l5wg0nTQ.webp\" alt=\"Creating a loopback project\"></p>\n<p>After completing the prompts, LoopBack will configure the TypeScript compiler and install all the required dependencies. Change directory to the <code>auth-with-loopback</code> folder.</p>\n<pre class=\"grvsc-container dark-default-dark\" data-language=\"bash\" data-index=\"3\"><code class=\"grvsc-code\"><span class=\"grvsc-line\"><span class=\"mtk11\">cd</span><span class=\"mtk1\"> auth-with-loopback</span></span></code></pre>\n<h2 id=\"create-a-model\" style=\"position:relative;\"><a href=\"#create-a-model\" aria-label=\"create a model permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Create a Model</h2>\n<p>You've successfully created your Loopback application. Now, let’s create a Model to store the news details with the command below:</p>\n<pre class=\"grvsc-container dark-default-dark\" data-language=\"bash\" data-index=\"4\"><code class=\"grvsc-code\"><span class=\"grvsc-line\"><span class=\"mtk1\">lb4 model</span></span></code></pre>\n<p>Select the options as in the following screenshot to complete the prompts.</p>\n<p><img src=\"/3f73bef6f5422b16cc466d5f279701a9/lSCGXHs.webp\" alt=\"Creating a News Model\"></p>\n<p>After the <code>date_created</code> property definition, press the enter key to exit the prompt.</p>\n<p>Loopback will create a <code>NewsModel</code> file in the <code>src/models</code> — the folder where <code>NewsModel</code> will be defined.</p>\n<p>Next, you need to create a data source to connect to your preferred database. For demonstration, this tutorial connects to a MongoDB database.</p>\n<p>Run the following command in your terminal to create a data source:</p>\n<pre class=\"grvsc-container dark-default-dark\" data-language=\"bash\" data-index=\"5\"><code class=\"grvsc-code\"><span class=\"grvsc-line\"><span class=\"mtk1\">  lb4 datasource</span></span></code></pre>\n<p>Select the options as in the following screenshot to complete the prompts.</p>\n<p><img src=\"/aa8582e5de5c7011c46a43242342a5d2/pHvPgEQA.webp\" alt=\"Creating News datasource\"></p>\n<p>After completing the prompts, LoopBack will create the <code>News</code> file in the <code>src/datasource</code> folder.</p>\n<p>Then, create a <a href=\"https://loopback.io/doc/en/lb4/Repository.html\">Repository</a> for CRUD operations of your NewModel with the command below:</p>\n<pre class=\"grvsc-container dark-default-dark\" data-language=\"bash\" data-index=\"6\"><code class=\"grvsc-code\"><span class=\"grvsc-line\"><span class=\"mtk1\">lb4 repository</span></span></code></pre>\n<p>After completing the prompts, LoopBack will create the <code>NewsModelRepository</code> file in the <code>src/repository</code> folder.</p>\n<p>Select <code>NewsDatasource</code> as the data source, <code>NewsModel</code> as the model for generating the repository, and <code>DefaultCrudRepository</code> as the base repository class.</p>\n<p>Your selection for the prompts shall look like the screenshot below.</p>\n<p><img src=\"/7789349e93d10cfc0800e4f822e581ca/WWH5tYJQ.webp\" alt=\"Creating News Repository\"></p>\n<p>After completing the prompts, LoopBack will create the <code>NewsModelRepository</code> file in the <code>src/repository</code> folder.</p>\n<p>Lastly, create a controller for the <code>NewsModel</code> you created with the command below:</p>\n<pre class=\"grvsc-container dark-default-dark\" data-language=\"bash\" data-index=\"7\"><code class=\"grvsc-code\"><span class=\"grvsc-line\"><span class=\"mtk1\">  lb4 controller</span></span></code></pre>\n<p>Your selection for the prompts should look like the screenshot below.</p>\n<p><img src=\"/a22f45625db4bd560279a422e127665f/iHD6lPCg.webp\" alt=\"Creating News Controller\"></p>\n<p>After completing the prompts, LoopBack will create the <code>NewsController</code> file in the <code>src/controller</code> folder. So far, your project structure, omitting the <code>node_modules</code> folder, should look as follows.</p>\n<p>📦auth-with-loopback<br>\n┣ 📂public<br>\n┃ ┗ 📜index.html<br>\n┣ 📂src<br>\n┃ ┣ 📂<strong>tests</strong><br>\n┃ ┃ ┣ 📂acceptance<br>\n┃ ┃ ┃ ┣ 📜home-page.acceptance.ts<br>\n┃ ┃ ┃ ┣ 📜ping.controller.acceptance.ts<br>\n┃ ┃ ┃ ┗ 📜test-helper.ts<br>\n┃ ┃ ┗ 📜README.md<br>\n┃ ┣ 📂controllers<br>\n┃ ┃ ┣ 📜README.md<br>\n┃ ┃ ┣ 📜index.ts<br>\n┃ ┃ ┣ 📜news-controller.controller.ts<br>\n┃ ┃ ┗ 📜ping.controller.ts<br>\n┃ ┣ 📂datasources<br>\n┃ ┃ ┣ 📜README.md<br>\n┃ ┃ ┣ 📜index.ts<br>\n┃ ┃ ┗ 📜news.datasource.ts<br>\n┃ ┣ 📂models<br>\n┃ ┃ ┣ 📜README.md<br>\n┃ ┃ ┣ 📜index.ts<br>\n┃ ┃ ┗ 📜news-model.model.ts<br>\n┃ ┣ 📂repositories<br>\n┃ ┃ ┣ 📜README.md<br>\n┃ ┃ ┣ 📜index.ts<br>\n┃ ┃ ┗ 📜news-model.repository.ts<br>\n┃ ┣ 📜application.ts<br>\n┃ ┣ 📜index.ts<br>\n┃ ┣ 📜migrate.ts<br>\n┃ ┣ 📜openapi-spec.ts<br>\n┃ ┗ 📜sequence.ts<br>\n┣ 📜.dockerignore<br>\n┣ 📜.eslintignore<br>\n┣ 📜.eslintrc.js<br>\n┣ 📜.gitignore<br>\n┣ 📜.mocharc.json<br>\n┣ 📜.prettierignore<br>\n┣ 📜.prettierrc<br>\n┣ 📜.yo-rc.json<br>\n┣ 📜DEVELOPING.md<br>\n┣ 📜Dockerfile<br>\n┣ 📜README.md<br>\n┣ 📜package-lock.json<br>\n┣ 📜package.json<br>\n┗ 📜tsconfig.json</p>\n<h2 id=\"add-custom-data\" style=\"position:relative;\"><a href=\"#add-custom-data\" aria-label=\"add custom data permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Add Custom Data</h2>\n<p>Now that you have the Model setup, run the server, and add some custom data to the News collection in MongoDB.</p>\n<pre class=\"grvsc-container dark-default-dark\" data-language=\"bash\" data-index=\"8\"><code class=\"grvsc-code\"><span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk3\">#start the server</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    npm run start</span></span></code></pre>\n<p>The above command will start the TypeScript compiler, which will build the project and check for possible errors. If everything goes well with the code, you should see the output on the terminal, as follows:</p>\n<p><img src=\"/cf1c4681ababa5101284b580193e8bf3/lSCGXHnw.webp\" alt=\"Starting LoopBack Server\"></p>\n<p>Next, open your favorite browser and navigate to <code>http://localhost:3000</code>. You should see an output as follows:</p>\n<p><img src=\"/321018f4c7be6074ce493ab2f711a5c2/hL9y8IIg.webp\" alt=\"LoopBack API Dashboard\"></p>\n<p>Now, click on the explorer link, where you can make requests to your LoopBack application. On the explorer page, locate the post endpoint and add some custom data to the news collection by clicking the <code>try it out</code> button with the data below on the request body.</p>\n<pre class=\"grvsc-container dark-default-dark\" data-language=\"json\" data-index=\"9\"><code class=\"grvsc-code\"><span class=\"grvsc-line\"><span class=\"mtk1\">{</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">  </span><span class=\"mtk12\">&quot;title&quot;</span><span class=\"mtk1\">: </span><span class=\"mtk8\">&quot;Upgrade to Loopback V4&quot;</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">  </span><span class=\"mtk12\">&quot;body&quot;</span><span class=\"mtk1\">: </span><span class=\"mtk8\">&quot;The developers of Loopback urges the V3 users to upgrade to V4 as soon as possible&quot;</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">  </span><span class=\"mtk12\">&quot;date_created&quot;</span><span class=\"mtk1\">: </span><span class=\"mtk8\">&quot;2021-12-14T00:57:43.197Z&quot;</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">}</span></span></code></pre>\n<p>Then, click the <code>execute</code> button to run the query.</p>\n<p><img src=\"/905e332f7af326f984c298c9a6239c41/jiC_1P0A.webp\" alt=\"Executing Queries\"></p>\n<p>You can add as many records as you like to experiment with the endpoints. The important thing to note here is that the endpoints are not protected. Anyone may create, read, update, and delete records.</p>\n<p>In a moment, this tutorial explains how to secure the endpoints so that only logged-in users can access them.</p>\n<p>To begin, install LoopBack <code>authentication</code> and <code>authentication-jwt</code>, as follows:</p>\n<pre class=\"grvsc-container dark-default-dark\" data-language=\"bash\" data-index=\"10\"><code class=\"grvsc-code\"><span class=\"grvsc-line\"><span class=\"mtk1\">  npm i --save @loopback/authentication @loopback/authentication-jwt</span></span></code></pre>\n<h2 id=\"setup-authentication-components\" style=\"position:relative;\"><a href=\"#setup-authentication-components\" aria-label=\"setup authentication components permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Setup Authentication Components</h2>\n<p>To protect the application, you'll implement user authentication and authorization, which implies that only logged-in users will be able to access your APIs. You'll create two endpoints in the User controller:</p>\n<ul>\n<li><code>/Signup</code> endpoint: To handle user’s sign up.</li>\n<li><code>/Login</code> endpoint: To handle user’s login.</li>\n</ul>\n<h3 id=\"create-your-signup-endpoint\" style=\"position:relative;\"><a href=\"#create-your-signup-endpoint\" aria-label=\"create your signup endpoint permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Create Your Signup Endpoint</h3>\n<p>You’ll start with the signup controller to enable users to create an account. Create an empty controller with the command below:</p>\n<pre class=\"grvsc-container dark-default-dark\" data-language=\"bash\" data-index=\"11\"><code class=\"grvsc-code\"><span class=\"grvsc-line\"><span class=\"mtk1\">    lb4 controller</span></span></code></pre>\n<p>Your selection for the prompts should be as follows:</p>\n<p><img src=\"/c0653ec5c8a0f68a48e55ff2159137d4/6LCgT-Gw.webp\" alt=\"Creating User Controller\"></p>\n<p>Then, open the <code>src/controllers/user.controller.ts</code> file, and import the required modules with the following code snippet:</p>\n<pre class=\"grvsc-container dark-default-dark\" data-language=\"javascript\" data-index=\"12\"><code class=\"grvsc-code\"><span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk15\">import</span><span class=\"mtk1\"> { </span><span class=\"mtk12\">authenticate</span><span class=\"mtk1\">, </span><span class=\"mtk12\">TokenService</span><span class=\"mtk1\"> } </span><span class=\"mtk15\">from</span><span class=\"mtk1\"> </span><span class=\"mtk8\">&#39;@loopback/authentication&#39;</span><span class=\"mtk1\">;</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk15\">import</span><span class=\"mtk1\"> {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">      </span><span class=\"mtk12\">Credentials</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">      </span><span class=\"mtk12\">MyUserService</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">      </span><span class=\"mtk12\">TokenServiceBindings</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">      </span><span class=\"mtk12\">User</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">      </span><span class=\"mtk12\">UserRepository</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">      </span><span class=\"mtk12\">UserServiceBindings</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    } </span><span class=\"mtk15\">from</span><span class=\"mtk1\"> </span><span class=\"mtk8\">&#39;@loopback/authentication-jwt&#39;</span><span class=\"mtk1\">;</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk15\">import</span><span class=\"mtk1\"> { </span><span class=\"mtk12\">inject</span><span class=\"mtk1\"> } </span><span class=\"mtk15\">from</span><span class=\"mtk1\"> </span><span class=\"mtk8\">&#39;@loopback/core&#39;</span><span class=\"mtk1\">;</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk15\">import</span><span class=\"mtk1\"> { </span><span class=\"mtk12\">model</span><span class=\"mtk1\">, </span><span class=\"mtk12\">property</span><span class=\"mtk1\">, </span><span class=\"mtk12\">repository</span><span class=\"mtk1\"> } </span><span class=\"mtk15\">from</span><span class=\"mtk1\"> </span><span class=\"mtk8\">&#39;@loopback/repository&#39;</span><span class=\"mtk1\">;</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk15\">import</span><span class=\"mtk1\"> {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">      </span><span class=\"mtk12\">get</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">      </span><span class=\"mtk12\">getModelSchemaRef</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">      </span><span class=\"mtk12\">post</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">      </span><span class=\"mtk12\">requestBody</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">      </span><span class=\"mtk12\">SchemaObject</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    } </span><span class=\"mtk15\">from</span><span class=\"mtk1\"> </span><span class=\"mtk8\">&#39;@loopback/rest&#39;</span><span class=\"mtk1\">;</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk15\">import</span><span class=\"mtk1\"> { </span><span class=\"mtk12\">SecurityBindings</span><span class=\"mtk1\">, </span><span class=\"mtk12\">securityId</span><span class=\"mtk1\">, </span><span class=\"mtk12\">UserProfile</span><span class=\"mtk1\"> } </span><span class=\"mtk15\">from</span><span class=\"mtk1\"> </span><span class=\"mtk8\">&#39;@loopback/security&#39;</span><span class=\"mtk1\">;</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk15\">import</span><span class=\"mtk1\"> { </span><span class=\"mtk12\">genSalt</span><span class=\"mtk1\">, </span><span class=\"mtk12\">hash</span><span class=\"mtk1\"> } </span><span class=\"mtk15\">from</span><span class=\"mtk1\"> </span><span class=\"mtk8\">&#39;bcryptjs&#39;</span><span class=\"mtk1\">;</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk15\">import</span><span class=\"mtk1\"> </span><span class=\"mtk12\">_</span><span class=\"mtk1\"> </span><span class=\"mtk15\">from</span><span class=\"mtk1\"> </span><span class=\"mtk8\">&#39;lodash&#39;</span><span class=\"mtk1\">;</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    ........</span></span></code></pre>\n<p>Next, set up your user credential objects, and verify the user credentials using the <code>UserService</code>, injecting <code>MyUserService</code> into the <code>authentication-jwt</code> extension.</p>\n<pre class=\"grvsc-container dark-default-dark\" data-language=\"javascript\" data-index=\"13\"><code class=\"grvsc-code\"><span class=\"grvsc-line\"><span class=\"mtk1\">    @</span><span class=\"mtk11\">model</span><span class=\"mtk1\">()</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk15\">export</span><span class=\"mtk1\"> </span><span class=\"mtk4\">class</span><span class=\"mtk1\"> </span><span class=\"mtk10\">CreateUser</span><span class=\"mtk1\"> </span><span class=\"mtk4\">extends</span><span class=\"mtk1\"> </span><span class=\"mtk10\">User</span><span class=\"mtk1\"> {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">      @</span><span class=\"mtk11\">property</span><span class=\"mtk1\">({</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        </span><span class=\"mtk12\">type:</span><span class=\"mtk1\"> </span><span class=\"mtk8\">&#39;string&#39;</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        </span><span class=\"mtk12\">required:</span><span class=\"mtk1\"> </span><span class=\"mtk4\">true</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">      })</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">      </span><span class=\"mtk12\">password</span><span class=\"mtk1\">: </span><span class=\"mtk10\">string</span><span class=\"mtk1\">;</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    }</span></span>\n<span class=\"grvsc-line\"></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk4\">const</span><span class=\"mtk1\"> </span><span class=\"mtk12\">UserSchema</span><span class=\"mtk1\">: </span><span class=\"mtk10\">SchemaObject</span><span class=\"mtk1\"> = {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">      </span><span class=\"mtk12\">type:</span><span class=\"mtk1\"> </span><span class=\"mtk8\">&#39;object&#39;</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">      </span><span class=\"mtk12\">required:</span><span class=\"mtk1\"> [</span><span class=\"mtk8\">&#39;email&#39;</span><span class=\"mtk1\">, </span><span class=\"mtk8\">&#39;password&#39;</span><span class=\"mtk1\">],</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">      </span><span class=\"mtk12\">properties:</span><span class=\"mtk1\"> {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        </span><span class=\"mtk12\">email:</span><span class=\"mtk1\"> {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">          </span><span class=\"mtk12\">type:</span><span class=\"mtk1\"> </span><span class=\"mtk8\">&#39;string&#39;</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">          </span><span class=\"mtk12\">format:</span><span class=\"mtk1\"> </span><span class=\"mtk8\">&#39;email&#39;</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        },</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        </span><span class=\"mtk12\">password:</span><span class=\"mtk1\"> {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">          </span><span class=\"mtk12\">type:</span><span class=\"mtk1\"> </span><span class=\"mtk8\">&#39;string&#39;</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">          </span><span class=\"mtk12\">minLength:</span><span class=\"mtk1\"> </span><span class=\"mtk7\">6</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        },</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">      },</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    };</span></span>\n<span class=\"grvsc-line\"></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk15\">export</span><span class=\"mtk1\"> </span><span class=\"mtk4\">const</span><span class=\"mtk1\"> </span><span class=\"mtk12\">RequestBody</span><span class=\"mtk1\"> = {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">      </span><span class=\"mtk12\">description:</span><span class=\"mtk1\"> </span><span class=\"mtk8\">&#39;The input of login function&#39;</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">      </span><span class=\"mtk12\">required:</span><span class=\"mtk1\"> </span><span class=\"mtk4\">true</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">      </span><span class=\"mtk12\">content:</span><span class=\"mtk1\"> {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        </span><span class=\"mtk8\">&#39;application/json&#39;</span><span class=\"mtk12\">:</span><span class=\"mtk1\"> { </span><span class=\"mtk12\">schema:</span><span class=\"mtk1\"> </span><span class=\"mtk12\">UserSchema</span><span class=\"mtk1\"> },</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">      },</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    };</span></span>\n<span class=\"grvsc-line\"></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk15\">export</span><span class=\"mtk1\"> </span><span class=\"mtk4\">class</span><span class=\"mtk1\"> </span><span class=\"mtk10\">UserController</span><span class=\"mtk1\"> {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">      </span><span class=\"mtk4\">constructor</span><span class=\"mtk1\">(</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        @</span><span class=\"mtk11\">inject</span><span class=\"mtk1\">(</span><span class=\"mtk12\">TokenServiceBindings</span><span class=\"mtk1\">.</span><span class=\"mtk12\">TOKEN_SERVICE</span><span class=\"mtk1\">)</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        </span><span class=\"mtk4\">public</span><span class=\"mtk1\"> </span><span class=\"mtk12\">jwtService</span><span class=\"mtk1\">: </span><span class=\"mtk10\">TokenService</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        @</span><span class=\"mtk11\">inject</span><span class=\"mtk1\">(</span><span class=\"mtk12\">UserServiceBindings</span><span class=\"mtk1\">.</span><span class=\"mtk12\">USER_SERVICE</span><span class=\"mtk1\">)</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        </span><span class=\"mtk4\">public</span><span class=\"mtk1\"> </span><span class=\"mtk12\">userService</span><span class=\"mtk1\">: </span><span class=\"mtk10\">MyUserService</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        @</span><span class=\"mtk11\">inject</span><span class=\"mtk1\">(</span><span class=\"mtk12\">SecurityBindings</span><span class=\"mtk1\">.</span><span class=\"mtk12\">USER</span><span class=\"mtk1\">, { </span><span class=\"mtk12\">optional:</span><span class=\"mtk1\"> </span><span class=\"mtk4\">true</span><span class=\"mtk1\"> })</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        </span><span class=\"mtk4\">public</span><span class=\"mtk1\"> </span><span class=\"mtk12\">user</span><span class=\"mtk1\">: </span><span class=\"mtk10\">UserProfile</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        @</span><span class=\"mtk11\">repository</span><span class=\"mtk1\">(</span><span class=\"mtk12\">UserRepository</span><span class=\"mtk1\">) </span><span class=\"mtk4\">protected</span><span class=\"mtk1\"> </span><span class=\"mtk12\">userRepository</span><span class=\"mtk1\">: </span><span class=\"mtk10\">UserRepository</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">      ) { }</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    ..........</span></span></code></pre>\n<p>Finally, you'll build your signup endpoint, which will listen to POST requests. Here, you shall save the hashed version of the user's password in the database to keep it safe.</p>\n<pre class=\"grvsc-container dark-default-dark\" data-language=\"javascript\" data-index=\"14\"><code class=\"grvsc-code\"><span class=\"grvsc-line\"><span class=\"mtk1\">     @</span><span class=\"mtk11\">post</span><span class=\"mtk1\">(</span><span class=\"mtk8\">&#39;/signup&#39;</span><span class=\"mtk1\">, {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">      </span><span class=\"mtk12\">responses:</span><span class=\"mtk1\"> {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        </span><span class=\"mtk8\">&#39;200&#39;</span><span class=\"mtk12\">:</span><span class=\"mtk1\"> {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">          </span><span class=\"mtk12\">description:</span><span class=\"mtk1\"> </span><span class=\"mtk8\">&#39;User&#39;</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">          </span><span class=\"mtk12\">content:</span><span class=\"mtk1\"> {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">            </span><span class=\"mtk8\">&#39;application/json&#39;</span><span class=\"mtk12\">:</span><span class=\"mtk1\"> {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">              </span><span class=\"mtk12\">schema:</span><span class=\"mtk1\"> {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">                </span><span class=\"mtk8\">&#39;x-ts-type&#39;</span><span class=\"mtk12\">:</span><span class=\"mtk1\"> </span><span class=\"mtk12\">User</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">              },</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">            },</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">          },</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        },</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">      },</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    })</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk12\">async</span><span class=\"mtk1\"> </span><span class=\"mtk11\">signUp</span><span class=\"mtk1\">(</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">      @</span><span class=\"mtk11\">requestBody</span><span class=\"mtk1\">({</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        </span><span class=\"mtk12\">content:</span><span class=\"mtk1\"> {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">          </span><span class=\"mtk8\">&#39;application/json&#39;</span><span class=\"mtk12\">:</span><span class=\"mtk1\"> {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">            </span><span class=\"mtk12\">schema:</span><span class=\"mtk1\"> </span><span class=\"mtk11\">getModelSchemaRef</span><span class=\"mtk1\">(</span><span class=\"mtk12\">CreateUser</span><span class=\"mtk1\">, {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">              </span><span class=\"mtk12\">title:</span><span class=\"mtk1\"> </span><span class=\"mtk8\">&#39;NewUser&#39;</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">            }),</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">          },</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        },</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">      })</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">      </span><span class=\"mtk12\">newUserRequest</span><span class=\"mtk1\">: </span><span class=\"mtk12\">CreateUser</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    ): </span><span class=\"mtk10\">Promise</span><span class=\"mtk1\">&lt;</span><span class=\"mtk12\">User</span><span class=\"mtk1\">&gt; {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">      const </span><span class=\"mtk12\">password</span><span class=\"mtk1\"> = </span><span class=\"mtk15\">await</span><span class=\"mtk1\"> </span><span class=\"mtk11\">hash</span><span class=\"mtk1\">(</span><span class=\"mtk12\">newUserRequest</span><span class=\"mtk1\">.</span><span class=\"mtk12\">password</span><span class=\"mtk1\">, </span><span class=\"mtk15\">await</span><span class=\"mtk1\"> </span><span class=\"mtk11\">genSalt</span><span class=\"mtk1\">());</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">      const </span><span class=\"mtk12\">savedUser</span><span class=\"mtk1\"> = </span><span class=\"mtk15\">await</span><span class=\"mtk1\"> </span><span class=\"mtk4\">this</span><span class=\"mtk1\">.</span><span class=\"mtk12\">userRepository</span><span class=\"mtk1\">.</span><span class=\"mtk11\">create</span><span class=\"mtk1\">(</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        </span><span class=\"mtk12\">_</span><span class=\"mtk1\">.</span><span class=\"mtk11\">omit</span><span class=\"mtk1\">(</span><span class=\"mtk12\">newUserRequest</span><span class=\"mtk1\">, </span><span class=\"mtk8\">&#39;password&#39;</span><span class=\"mtk1\">),</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">      );</span></span>\n<span class=\"grvsc-line\"></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">      await this.userRepository.userCredentials(savedUser.id).create({ </span><span class=\"mtk12\">password</span><span class=\"mtk1\"> });</span></span>\n<span class=\"grvsc-line\"></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">      </span><span class=\"mtk15\">return</span><span class=\"mtk1\"> </span><span class=\"mtk12\">savedUser</span><span class=\"mtk1\">;</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    }</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    .........</span></span></code></pre>\n<h3 id=\"create-your-login-controller\" style=\"position:relative;\"><a href=\"#create-your-login-controller\" aria-label=\"create your login controller permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Create Your Login Controller</h3>\n<p>Now that you've set up the signup endpoint, create the login endpoint so that registered users may log in to the API.</p>\n<p>Using the code snippet below, set up the login route in the <code>src/controllers/user.controller.ts</code> file. In the event of a successful log-in, a token is sent to the user.</p>\n<pre class=\"grvsc-container dark-default-dark\" data-language=\"javascript\" data-index=\"15\"><code class=\"grvsc-code\"><span class=\"grvsc-line\"><span class=\"mtk1\">      @</span><span class=\"mtk11\">post</span><span class=\"mtk1\">(</span><span class=\"mtk8\">&#39;/signin&#39;</span><span class=\"mtk1\">, {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">      </span><span class=\"mtk12\">responses:</span><span class=\"mtk1\"> {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        </span><span class=\"mtk8\">&#39;200&#39;</span><span class=\"mtk12\">:</span><span class=\"mtk1\"> {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">          </span><span class=\"mtk12\">description:</span><span class=\"mtk1\"> </span><span class=\"mtk8\">&#39;Token&#39;</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">          </span><span class=\"mtk12\">content:</span><span class=\"mtk1\"> {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">            </span><span class=\"mtk8\">&#39;application/json&#39;</span><span class=\"mtk12\">:</span><span class=\"mtk1\"> {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">              </span><span class=\"mtk12\">schema:</span><span class=\"mtk1\"> {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">                </span><span class=\"mtk12\">type:</span><span class=\"mtk1\"> </span><span class=\"mtk8\">&#39;object&#39;</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">                </span><span class=\"mtk12\">properties:</span><span class=\"mtk1\"> {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">                  </span><span class=\"mtk12\">token:</span><span class=\"mtk1\"> {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">                    </span><span class=\"mtk12\">type:</span><span class=\"mtk1\"> </span><span class=\"mtk8\">&#39;string&#39;</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">                  },</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">                },</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">              },</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">            },</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">          },</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        },</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">      },</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    })</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk12\">async</span><span class=\"mtk1\"> </span><span class=\"mtk11\">signIn</span><span class=\"mtk1\">(</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">      @</span><span class=\"mtk11\">requestBody</span><span class=\"mtk1\">(</span><span class=\"mtk12\">RequestBody</span><span class=\"mtk1\">) </span><span class=\"mtk12\">credentials</span><span class=\"mtk1\">: </span><span class=\"mtk12\">Credentials</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    ): </span><span class=\"mtk10\">Promise</span><span class=\"mtk1\">&lt;{ token: </span><span class=\"mtk12\">string</span><span class=\"mtk1\"> }&gt; {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">      const </span><span class=\"mtk12\">user</span><span class=\"mtk1\"> = </span><span class=\"mtk15\">await</span><span class=\"mtk1\"> </span><span class=\"mtk4\">this</span><span class=\"mtk1\">.</span><span class=\"mtk12\">userService</span><span class=\"mtk1\">.</span><span class=\"mtk11\">verifyCredentials</span><span class=\"mtk1\">(</span><span class=\"mtk12\">credentials</span><span class=\"mtk1\">);</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">      const </span><span class=\"mtk12\">userProfile</span><span class=\"mtk1\"> = </span><span class=\"mtk4\">this</span><span class=\"mtk1\">.</span><span class=\"mtk12\">userService</span><span class=\"mtk1\">.</span><span class=\"mtk11\">convertToUserProfile</span><span class=\"mtk1\">(</span><span class=\"mtk12\">user</span><span class=\"mtk1\">);</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">      const </span><span class=\"mtk12\">token</span><span class=\"mtk1\"> = </span><span class=\"mtk15\">await</span><span class=\"mtk1\"> </span><span class=\"mtk4\">this</span><span class=\"mtk1\">.</span><span class=\"mtk12\">jwtService</span><span class=\"mtk1\">.</span><span class=\"mtk11\">generateToken</span><span class=\"mtk1\">(</span><span class=\"mtk12\">userProfile</span><span class=\"mtk1\">);</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">      return { </span><span class=\"mtk12\">token</span><span class=\"mtk1\"> };</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    }</span></span></code></pre>\n<p>Perhaps, you can show the currently logged-in user by adding a <code>/whoami</code> endpoint.</p>\n<p>In the <code>src/controllers/user.controller.ts</code> file, get the details of the currently logged-in user using the code snippet below. Users should access this endpoint only when they are logged in.</p>\n<pre class=\"grvsc-container dark-default-dark\" data-language=\"javascript\" data-index=\"16\"><code class=\"grvsc-code\"><span class=\"grvsc-line\"><span class=\"mtk1\">      @</span><span class=\"mtk11\">authenticate</span><span class=\"mtk1\">(</span><span class=\"mtk8\">&#39;jwt&#39;</span><span class=\"mtk1\">)</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">      @</span><span class=\"mtk11\">get</span><span class=\"mtk1\">(</span><span class=\"mtk8\">&#39;/whoami&#39;</span><span class=\"mtk1\">, {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        </span><span class=\"mtk12\">responses:</span><span class=\"mtk1\"> {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">          </span><span class=\"mtk8\">&#39;200&#39;</span><span class=\"mtk12\">:</span><span class=\"mtk1\"> {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">            </span><span class=\"mtk12\">description:</span><span class=\"mtk1\"> </span><span class=\"mtk8\">&#39;Return current user&#39;</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">            </span><span class=\"mtk12\">content:</span><span class=\"mtk1\"> {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">              </span><span class=\"mtk8\">&#39;application/json&#39;</span><span class=\"mtk12\">:</span><span class=\"mtk1\"> {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">                </span><span class=\"mtk12\">schema:</span><span class=\"mtk1\"> {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">                  </span><span class=\"mtk12\">type:</span><span class=\"mtk1\"> </span><span class=\"mtk8\">&#39;string&#39;</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">                },</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">              },</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">            },</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">          },</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        },</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">      })</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">      </span><span class=\"mtk12\">async</span><span class=\"mtk1\"> </span><span class=\"mtk11\">whoAmI</span><span class=\"mtk1\">(</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        @</span><span class=\"mtk11\">inject</span><span class=\"mtk1\">(</span><span class=\"mtk12\">SecurityBindings</span><span class=\"mtk1\">.</span><span class=\"mtk12\">USER</span><span class=\"mtk1\">)</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        </span><span class=\"mtk12\">loggedInUserProfile</span><span class=\"mtk1\">: </span><span class=\"mtk12\">UserProfile</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">      ): </span><span class=\"mtk10\">Promise</span><span class=\"mtk1\">&lt;</span><span class=\"mtk12\">string</span><span class=\"mtk1\">&gt; {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        return loggedInUserProfile</span><span class=\"mtk12\">[securityId];</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk12\">      }</span></span></code></pre>\n<p>Now, open <code>src/application.ts</code> and bind the authentication components to your application class. First, import Loopback <code>AuthenticationComponent</code>, <code>JWTAuthenticationComponent</code>, and <code>NewsDataSource</code> from your <code>datasources</code> using the following code snippet:</p>\n<pre class=\"grvsc-container dark-default-dark\" data-language=\"javascript\" data-index=\"17\"><code class=\"grvsc-code\"><span class=\"grvsc-line\"><span class=\"mtk3\">//...</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk15\">import</span><span class=\"mtk1\"> { </span><span class=\"mtk12\">AuthenticationComponent</span><span class=\"mtk1\"> } </span><span class=\"mtk15\">from</span><span class=\"mtk1\"> </span><span class=\"mtk8\">&quot;@loopback/authentication&quot;</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk15\">import</span><span class=\"mtk1\"> {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">  </span><span class=\"mtk12\">JWTAuthenticationComponent</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">  </span><span class=\"mtk12\">UserServiceBindings</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">} </span><span class=\"mtk15\">from</span><span class=\"mtk1\"> </span><span class=\"mtk8\">&quot;@loopback/authentication-jwt&quot;</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk15\">import</span><span class=\"mtk1\"> { </span><span class=\"mtk12\">NewsDataSource</span><span class=\"mtk1\"> } </span><span class=\"mtk15\">from</span><span class=\"mtk1\"> </span><span class=\"mtk8\">&quot;./datasources&quot;</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk3\">//...</span></span></code></pre>\n<p>Then, mount the jwt authentication system and bind your <code>NewsDataSource</code> to the <code>UserService</code> data source.</p>\n<pre class=\"grvsc-container dark-default-dark\" data-language=\"javascript\" data-index=\"18\"><code class=\"grvsc-code\"><span class=\"grvsc-line\"><span class=\"mtk3\">//...</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk3\">// ------ ADD SNIPPET INSIDE THE CONTRUCTOR BLOCK ---------</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk4\">this</span><span class=\"mtk1\">.</span><span class=\"mtk11\">component</span><span class=\"mtk1\">(</span><span class=\"mtk12\">AuthenticationComponent</span><span class=\"mtk1\">)</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk4\">this</span><span class=\"mtk1\">.</span><span class=\"mtk11\">component</span><span class=\"mtk1\">(</span><span class=\"mtk12\">JWTAuthenticationComponent</span><span class=\"mtk1\">)</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk4\">this</span><span class=\"mtk1\">.</span><span class=\"mtk11\">dataSource</span><span class=\"mtk1\">(</span><span class=\"mtk12\">NewsDataSource</span><span class=\"mtk1\">, </span><span class=\"mtk12\">UserServiceBindings</span><span class=\"mtk1\">.</span><span class=\"mtk12\">DATASOURCE_NAME</span><span class=\"mtk1\">)</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk3\">//...</span></span></code></pre>\n<p>Finally, add the authenticate action in the Sequence. Also, modify the error when authentication fails to return status code 401 (Unauthorized). Open the <code>src/sequence.ts</code> file and add the code snippet below:</p>\n<pre class=\"grvsc-container dark-default-dark\" data-language=\"javascript\" data-index=\"19\"><code class=\"grvsc-code\"><span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk15\">import</span><span class=\"mtk1\"> { </span><span class=\"mtk12\">FindRoute</span><span class=\"mtk1\">, </span><span class=\"mtk12\">InvokeMethod</span><span class=\"mtk1\">, </span><span class=\"mtk12\">MiddlewareSequence</span><span class=\"mtk1\">, </span><span class=\"mtk12\">ParseParams</span><span class=\"mtk1\">, </span><span class=\"mtk12\">Reject</span><span class=\"mtk1\">, </span><span class=\"mtk12\">RequestContext</span><span class=\"mtk1\">, </span><span class=\"mtk12\">Send</span><span class=\"mtk1\">, </span><span class=\"mtk12\">SequenceActions</span><span class=\"mtk1\">, </span><span class=\"mtk12\">SequenceHandler</span><span class=\"mtk1\"> } </span><span class=\"mtk15\">from</span><span class=\"mtk1\"> </span><span class=\"mtk8\">&#39;@loopback/rest&#39;</span><span class=\"mtk1\">;</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk15\">import</span><span class=\"mtk1\"> {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        </span><span class=\"mtk12\">AuthenticateFn</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        </span><span class=\"mtk12\">AuthenticationBindings</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        </span><span class=\"mtk12\">AUTHENTICATION_STRATEGY_NOT_FOUND</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        </span><span class=\"mtk12\">USER_PROFILE_NOT_FOUND</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    } </span><span class=\"mtk15\">from</span><span class=\"mtk1\"> </span><span class=\"mtk8\">&#39;@loopback/authentication&#39;</span><span class=\"mtk1\">;</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk15\">import</span><span class=\"mtk1\"> { </span><span class=\"mtk12\">inject</span><span class=\"mtk1\"> } </span><span class=\"mtk15\">from</span><span class=\"mtk1\"> </span><span class=\"mtk8\">&quot;@loopback/core&quot;</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk15\">export</span><span class=\"mtk1\"> </span><span class=\"mtk4\">class</span><span class=\"mtk1\"> </span><span class=\"mtk10\">MySequence</span><span class=\"mtk1\"> </span><span class=\"mtk4\">implements</span><span class=\"mtk1\"> </span><span class=\"mtk10\">SequenceHandler</span><span class=\"mtk1\"> {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        </span><span class=\"mtk4\">constructor</span><span class=\"mtk1\">(</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">            @</span><span class=\"mtk11\">inject</span><span class=\"mtk1\">(</span><span class=\"mtk12\">SequenceActions</span><span class=\"mtk1\">.</span><span class=\"mtk12\">FIND_ROUTE</span><span class=\"mtk1\">) </span><span class=\"mtk4\">protected</span><span class=\"mtk1\"> </span><span class=\"mtk12\">findRoute</span><span class=\"mtk1\">: </span><span class=\"mtk10\">FindRoute</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">            @</span><span class=\"mtk11\">inject</span><span class=\"mtk1\">(</span><span class=\"mtk12\">SequenceActions</span><span class=\"mtk1\">.</span><span class=\"mtk12\">PARSE_PARAMS</span><span class=\"mtk1\">)</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">            </span><span class=\"mtk4\">protected</span><span class=\"mtk1\"> </span><span class=\"mtk12\">parseParams</span><span class=\"mtk1\">: </span><span class=\"mtk10\">ParseParams</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">            @</span><span class=\"mtk11\">inject</span><span class=\"mtk1\">(</span><span class=\"mtk12\">SequenceActions</span><span class=\"mtk1\">.</span><span class=\"mtk12\">INVOKE_METHOD</span><span class=\"mtk1\">) </span><span class=\"mtk4\">protected</span><span class=\"mtk1\"> </span><span class=\"mtk12\">invoke</span><span class=\"mtk1\">: </span><span class=\"mtk10\">InvokeMethod</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">            @</span><span class=\"mtk11\">inject</span><span class=\"mtk1\">(</span><span class=\"mtk12\">SequenceActions</span><span class=\"mtk1\">.</span><span class=\"mtk12\">SEND</span><span class=\"mtk1\">) </span><span class=\"mtk4\">protected</span><span class=\"mtk1\"> </span><span class=\"mtk12\">send</span><span class=\"mtk1\">: </span><span class=\"mtk10\">Send</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">            @</span><span class=\"mtk11\">inject</span><span class=\"mtk1\">(</span><span class=\"mtk12\">SequenceActions</span><span class=\"mtk1\">.</span><span class=\"mtk12\">REJECT</span><span class=\"mtk1\">) </span><span class=\"mtk4\">protected</span><span class=\"mtk1\"> </span><span class=\"mtk12\">reject</span><span class=\"mtk1\">: </span><span class=\"mtk10\">Reject</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">            @</span><span class=\"mtk11\">inject</span><span class=\"mtk1\">(</span><span class=\"mtk12\">AuthenticationBindings</span><span class=\"mtk1\">.</span><span class=\"mtk12\">AUTH_ACTION</span><span class=\"mtk1\">)</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">            </span><span class=\"mtk4\">protected</span><span class=\"mtk1\"> </span><span class=\"mtk12\">authenticateRequest</span><span class=\"mtk1\">: </span><span class=\"mtk10\">AuthenticateFn</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        ) { }</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        </span><span class=\"mtk4\">async</span><span class=\"mtk1\"> </span><span class=\"mtk11\">handle</span><span class=\"mtk1\">(</span><span class=\"mtk12\">context</span><span class=\"mtk1\">: </span><span class=\"mtk10\">RequestContext</span><span class=\"mtk1\">) {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">            </span><span class=\"mtk15\">try</span><span class=\"mtk1\"> {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">                </span><span class=\"mtk4\">const</span><span class=\"mtk1\"> { </span><span class=\"mtk12\">request</span><span class=\"mtk1\">, </span><span class=\"mtk12\">response</span><span class=\"mtk1\"> } = </span><span class=\"mtk12\">context</span><span class=\"mtk1\">;</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">                </span><span class=\"mtk4\">const</span><span class=\"mtk1\"> </span><span class=\"mtk12\">route</span><span class=\"mtk1\"> = </span><span class=\"mtk4\">this</span><span class=\"mtk1\">.</span><span class=\"mtk11\">findRoute</span><span class=\"mtk1\">(</span><span class=\"mtk12\">request</span><span class=\"mtk1\">);</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">                </span><span class=\"mtk3\">//call authentication action</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">                </span><span class=\"mtk15\">await</span><span class=\"mtk1\"> </span><span class=\"mtk4\">this</span><span class=\"mtk1\">.</span><span class=\"mtk11\">authenticateRequest</span><span class=\"mtk1\">(</span><span class=\"mtk12\">request</span><span class=\"mtk1\">);</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">                </span><span class=\"mtk3\">// Authentication successful, proceed to invoke controller</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">                </span><span class=\"mtk4\">const</span><span class=\"mtk1\"> </span><span class=\"mtk12\">args</span><span class=\"mtk1\"> = </span><span class=\"mtk15\">await</span><span class=\"mtk1\"> </span><span class=\"mtk4\">this</span><span class=\"mtk1\">.</span><span class=\"mtk11\">parseParams</span><span class=\"mtk1\">(</span><span class=\"mtk12\">request</span><span class=\"mtk1\">, </span><span class=\"mtk12\">route</span><span class=\"mtk1\">);</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">                </span><span class=\"mtk4\">const</span><span class=\"mtk1\"> </span><span class=\"mtk12\">result</span><span class=\"mtk1\"> = </span><span class=\"mtk15\">await</span><span class=\"mtk1\"> </span><span class=\"mtk4\">this</span><span class=\"mtk1\">.</span><span class=\"mtk11\">invoke</span><span class=\"mtk1\">(</span><span class=\"mtk12\">route</span><span class=\"mtk1\">, </span><span class=\"mtk12\">args</span><span class=\"mtk1\">);</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">                </span><span class=\"mtk4\">this</span><span class=\"mtk1\">.</span><span class=\"mtk11\">send</span><span class=\"mtk1\">(</span><span class=\"mtk12\">response</span><span class=\"mtk1\">, </span><span class=\"mtk12\">result</span><span class=\"mtk1\">);</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">            } </span><span class=\"mtk15\">catch</span><span class=\"mtk1\"> (</span><span class=\"mtk12\">error</span><span class=\"mtk1\">) {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">                </span><span class=\"mtk15\">if</span><span class=\"mtk1\"> (</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">                    </span><span class=\"mtk12\">error</span><span class=\"mtk1\">.</span><span class=\"mtk12\">code</span><span class=\"mtk1\"> === </span><span class=\"mtk12\">AUTHENTICATION_STRATEGY_NOT_FOUND</span><span class=\"mtk1\"> ||</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">                    </span><span class=\"mtk12\">error</span><span class=\"mtk1\">.</span><span class=\"mtk12\">code</span><span class=\"mtk1\"> === </span><span class=\"mtk12\">USER_PROFILE_NOT_FOUND</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">                ) {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">                    </span><span class=\"mtk10\">Object</span><span class=\"mtk1\">.</span><span class=\"mtk11\">assign</span><span class=\"mtk1\">(</span><span class=\"mtk12\">error</span><span class=\"mtk1\">, { </span><span class=\"mtk12\">statusCode:</span><span class=\"mtk1\"> </span><span class=\"mtk7\">401</span><span class=\"mtk3\">/* Unauthorized */</span><span class=\"mtk1\"> });</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">                }</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">                </span><span class=\"mtk4\">this</span><span class=\"mtk1\">.</span><span class=\"mtk11\">reject</span><span class=\"mtk1\">(</span><span class=\"mtk12\">context</span><span class=\"mtk1\">, </span><span class=\"mtk12\">error</span><span class=\"mtk1\">);</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">                </span><span class=\"mtk15\">return</span><span class=\"mtk1\">;</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">            }</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        }</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    }</span></span></code></pre>\n<h2 id=\"protect-news-endpoints\" style=\"position:relative;\"><a href=\"#protect-news-endpoints\" aria-label=\"protect news endpoints permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Protect News Endpoints</h2>\n<p>So far, you've implemented user authentication for your API. Now, protect your News endpoints so that only authenticated users can access those routes.</p>\n<p>Open the <code>src/controllers/news.controller.ts</code> file, and import <code>authenticate</code> from jwt authentication.</p>\n<pre class=\"grvsc-container dark-default-dark\" data-language=\"javascript\" data-index=\"20\"><code class=\"grvsc-code\"><span class=\"grvsc-line\"><span class=\"mtk15\">import</span><span class=\"mtk1\"> { </span><span class=\"mtk12\">authenticate</span><span class=\"mtk1\"> } </span><span class=\"mtk15\">from</span><span class=\"mtk1\"> </span><span class=\"mtk8\">&quot;@loopback/authentication&quot;</span></span></code></pre>\n<p>Then on each of the endpoints in your news controller, add <code>@authenticate('jwt')</code> before the <code>NewsController</code> class, which will protect all the routes in <code>NewsController</code>.</p>\n<pre class=\"grvsc-container dark-default-dark\" data-language=\"javascript\" data-index=\"21\"><code class=\"grvsc-code\"><span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk3\">//...</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    @</span><span class=\"mtk11\">authenticate</span><span class=\"mtk1\">(</span><span class=\"mtk8\">&#39;jwt&#39;</span><span class=\"mtk1\">)</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk3\">//...</span></span></code></pre>\n<p>Perhaps, you may not want to protect all the routes, simply add the <code>@authenticate('jwt')</code> method before the route you wish to protect. You can protect the POST route as follows:</p>\n<pre class=\"grvsc-container dark-default-dark\" data-language=\"javascript\" data-index=\"22\"><code class=\"grvsc-code\"><span class=\"grvsc-line\"><span class=\"mtk1\">    @</span><span class=\"mtk11\">authenticate</span><span class=\"mtk1\">(</span><span class=\"mtk8\">&#39;jwt&#39;</span><span class=\"mtk1\">)</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    @</span><span class=\"mtk11\">post</span><span class=\"mtk1\">(</span><span class=\"mtk8\">&#39;/news-models&#39;</span><span class=\"mtk1\">)</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">      @</span><span class=\"mtk11\">response</span><span class=\"mtk1\">(</span><span class=\"mtk7\">200</span><span class=\"mtk1\">, {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        </span><span class=\"mtk12\">description:</span><span class=\"mtk1\"> </span><span class=\"mtk8\">&#39;NewsModel model instance&#39;</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        </span><span class=\"mtk12\">content:</span><span class=\"mtk1\"> { </span><span class=\"mtk8\">&#39;application/json&#39;</span><span class=\"mtk12\">:</span><span class=\"mtk1\"> { </span><span class=\"mtk12\">schema:</span><span class=\"mtk1\"> </span><span class=\"mtk11\">getModelSchemaRef</span><span class=\"mtk1\">(</span><span class=\"mtk12\">NewsModel</span><span class=\"mtk1\">) } },</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">      })</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">      </span><span class=\"mtk12\">async</span><span class=\"mtk1\"> </span><span class=\"mtk11\">create</span><span class=\"mtk1\">(</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        @</span><span class=\"mtk11\">requestBody</span><span class=\"mtk1\">({</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">          </span><span class=\"mtk12\">content:</span><span class=\"mtk1\"> {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">            </span><span class=\"mtk8\">&#39;application/json&#39;</span><span class=\"mtk12\">:</span><span class=\"mtk1\"> {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">              </span><span class=\"mtk12\">schema:</span><span class=\"mtk1\"> </span><span class=\"mtk11\">getModelSchemaRef</span><span class=\"mtk1\">(</span><span class=\"mtk12\">NewsModel</span><span class=\"mtk1\">, {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">                </span><span class=\"mtk12\">title:</span><span class=\"mtk1\"> </span><span class=\"mtk8\">&#39;NewNewsModel&#39;</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">                </span><span class=\"mtk12\">exclude:</span><span class=\"mtk1\"> [</span><span class=\"mtk8\">&#39;id&#39;</span><span class=\"mtk1\">],</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">              }),</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">            },</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">          },</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        })</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        </span><span class=\"mtk12\">newsModel</span><span class=\"mtk1\">: </span><span class=\"mtk12\">Omit</span><span class=\"mtk1\">&lt;</span><span class=\"mtk12\">NewsModel</span><span class=\"mtk1\">, </span><span class=\"mtk8\">&#39;id&#39;</span><span class=\"mtk1\">&gt;,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">      ): </span><span class=\"mtk10\">Promise</span><span class=\"mtk1\">&lt;</span><span class=\"mtk12\">NewsModel</span><span class=\"mtk1\">&gt; {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        return this.newsModelRepository.create(newsModel);</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">      }</span></span></code></pre>\n<h2 id=\"test-your-application\" style=\"position:relative;\"><a href=\"#test-your-application\" aria-label=\"test your application permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Test Your Application</h2>\n<p>You've implemented user authentication in your REST API and secured the routes against unauthorized users. Let's put your application to the test. Press <code>CTRL-C</code> to exit the server and restart it with the following command:</p>\n<pre class=\"grvsc-container dark-default-dark\" data-language=\"bash\" data-index=\"23\"><code class=\"grvsc-code\"><span class=\"grvsc-line\"><span class=\"mtk1\">    npm start</span></span></code></pre>\n<p>If you open the explorer page, you should see the <code>UserController</code> endpoints.</p>\n<p><img src=\"/1f93015b74e330c7dd57e99d9145a9d8/IaV4R43g.webp\" alt=\"User Controller Endpoints\"></p>\n<p>If you try to execute any query on <code>NewsController</code>, you get a 404 (Unauthorized) error. So, sign up by clicking the <code>/signup</code> endpoint — and log in from the <code>/users/login</code> endpoint. On successful login, copy the token, scroll to the top, click on the <code>Authorize</code> button, and paste the token.</p>\n<p><img src=\"/3308ca6960b64dab62adf3646b42032a/atU6nqmA.webp\" alt=\"Authorizing Users\"></p>\n<p>Now you can execute queries on the <code>NewController</code> endpoints.</p>\n<h2 id=\"user-authentication-with-loginradius\" style=\"position:relative;\"><a href=\"#user-authentication-with-loginradius\" aria-label=\"user authentication with loginradius permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>User Authentication with Loginradius</h2>\n<p>LoginRadius is a customer identity and access management (CIAM) platform for developers.</p>\n<p>What does this mean for developers like you?</p>\n<p>LoginRadius simplifies the process of user authentication, authorization, and management across web and mobile apps and APIs. It helps developers quickly implement this functionality so that developers, like you, can focus more on building core features that are essential to their apps.</p>\n<p>Loginradius includes a plethora of enticing CIAM features such as passwordless authentication and social SSO (Twitter, Facebook, etc., based single sign-on).</p>\n<p>Implementing user authentication with LoginRadius is a simple procedure. First, sign up for a Developer Pro trial or simply <a href=\"https://accounts.loginradius.com/auth.aspx?action=register\">sign up for a forever free account here</a>.</p>\n<p>And you can explore what LoginRadius can do by using it for a Node.js application. You can learn more by going through <a href=\"https://www.loginradius.com/developers/\">LoginRadius Node.js developer documentation</a></p>\n<h2 id=\"conclusion\" style=\"position:relative;\"><a href=\"#conclusion\" aria-label=\"conclusion permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Conclusion</h2>\n<p>This tutorial taught you how to create user authentication in a LoopBack REST API by creating a small news database application.</p>\n<p>You can use the steps outlined in this tutorial to create any type of LoopBack REST API that requires user authentication and authorization.</p>\n<p>I hope you enjoyed this tutorial! Feel free to contact me on <a href=\"https://twitter.com/EkekentaZion\">Twitter</a>.</p>\n<style class=\"grvsc-styles\">\n  .grvsc-container {\n    overflow: auto;\n    -webkit-overflow-scrolling: touch;\n    padding-top: 1rem;\n    padding-top: var(--grvsc-padding-top, var(--grvsc-padding-v, 1rem));\n    padding-bottom: 1rem;\n    padding-bottom: var(--grvsc-padding-bottom, var(--grvsc-padding-v, 1rem));\n    border-radius: 8px;\n    border-radius: var(--grvsc-border-radius, 8px);\n    font-feature-settings: normal;\n  }\n  \n  .grvsc-code {\n    display: inline-block;\n    min-width: 100%;\n  }\n  \n  .grvsc-line {\n    display: inline-block;\n    box-sizing: border-box;\n    width: 100%;\n    padding-left: 1.5rem;\n    padding-left: var(--grvsc-padding-left, var(--grvsc-padding-h, 1.5rem));\n    padding-right: 1.5rem;\n    padding-right: var(--grvsc-padding-right, var(--grvsc-padding-h, 1.5rem));\n  }\n  \n  .grvsc-line-highlighted {\n    background-color: var(--grvsc-line-highlighted-background-color, transparent);\n    box-shadow: inset var(--grvsc-line-highlighted-border-width, 4px) 0 0 0 var(--grvsc-line-highlighted-border-color, transparent);\n  }\n  \n  .dark-default-dark {\n    background-color: #1E1E1E;\n    color: #D4D4D4;\n  }\n  .dark-default-dark .mtk1 { color: #D4D4D4; }\n  .dark-default-dark .mtk11 { color: #DCDCAA; }\n  .dark-default-dark .mtk3 { color: #6A9955; }\n  .dark-default-dark .mtk12 { color: #9CDCFE; }\n  .dark-default-dark .mtk8 { color: #CE9178; }\n  .dark-default-dark .mtk15 { color: #C586C0; }\n  .dark-default-dark .mtk4 { color: #569CD6; }\n  .dark-default-dark .mtk10 { color: #4EC9B0; }\n  .dark-default-dark .mtk7 { color: #B5CEA8; }\n</style>","frontmatter":{"date":"February 04, 2022","updated_date":null,"title":"How to Secure Your LoopBack REST API with JWT Authentication","tags":["Authentication","LoopBack","JWT","Node.js"],"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/4a5b6d544acaf9e9a42893f7df9dd057/58556/secure-loopback-rest-api-with-jwt.webp","srcSet":"/static/4a5b6d544acaf9e9a42893f7df9dd057/61e93/secure-loopback-rest-api-with-jwt.webp 200w,\n/static/4a5b6d544acaf9e9a42893f7df9dd057/1f5c5/secure-loopback-rest-api-with-jwt.webp 400w,\n/static/4a5b6d544acaf9e9a42893f7df9dd057/58556/secure-loopback-rest-api-with-jwt.webp 800w,\n/static/4a5b6d544acaf9e9a42893f7df9dd057/99238/secure-loopback-rest-api-with-jwt.webp 1200w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Ekekenta Odionyenfe Clinton","github":"icode247","avatar":null}}}}]}},"pageContext":{"tag":"LoopBack"}},"staticQueryHashes":["1171199041","1384082988","2100481360","23180105","528864852"]}