Page Contents
Home > @loopback/security > Subject
Subject interface
Subject represents both security state and operations for a single request. It’s the who for security.
Such operations include: - authentication (login) - authorization (access control) - session access - logout
Signature:
export interface Subject
Properties
| Property | Type | Description |
|---|---|---|
| authorities | Set<Permission> | An array of authorities granted by the user to the client application. One example is {@link https://tools.ietf.org/html/rfc6749#section-3.3 | oAuth2 scopes). |
| credentials | Set<Credential> | An array of credentials, such as password, access token, or private/public keys. |
| principals | Set<TypedPrincipal> | An array of principals. It can include information about the current user, the client application, and granted authorities.Subject represents both security state and operations for a single application user.Such operations include: - authentication (login) - authorization (access control) - session access - logout |