feat(docs): update migration docs for authentication/authorization

loopbackio · Jan 16, 2020 · f2f64b7 · f2f64b7
1 parent 9038b37
commit f2f64b7
Show file tree

Hide file tree

Showing 4 changed files with 131 additions and 23 deletions.
diff --git a/docs/site/migration/auth/built-in.md b/docs/site/migration/auth/built-in.md
@@ -6,8 +6,45 @@ sidebar: lb4_sidebar
 permalink: /doc/en/lb4/migration-auth-built-in.html
 ---
 
-{% include note.html content="
-This is a placeholder page, the task of adding content is tracked by the
-following GitHub issue:
-[loopback-next#3719](https://github.com/strongloop/loopback-next/issues/3719)
-" %}
+## Migrate the authentication flow
+
+### Request access tokens via login
+
+1. Implement the following functions
+
+- User service
+
+  - https://github.com/strongloop/loopback4-example-shopping/blob/master/packages/shopping/src/services/user-service.ts
+
+- Token service
+
+  - https://github.com/strongloop/loopback4-example-shopping/blob/master/packages/shopping/src/services/jwt-service.ts
+
+- Login method
+
+  - https://github.com/strongloop/loopback4-example-shopping/blob/master/packages/shopping/src/controllers/user.controller.ts#L204
+
+2. Reuse the `User` database from LB3
+
+- Datasource for the User database
+- UserCredentialsRepository
+
+  - https://github.com/strongloop/loopback4-example-shopping/blob/master/packages/shopping/src/repositories/user-credentials.repository.ts
+
+### Protect API calls with access tokens
+
+- JWT strategy
+
+  - https://github.com/strongloop/loopback4-example-shopping/blob/master/packages/shopping/src/authentication-strategies/jwt-strategy.ts
+
+## Migrate the authorization flow
+
+### Migrate ACLs
+
+1. Decorate protected methods with `@authorize`
+
+- https://github.com/strongloop/loopback4-example-shopping/blob/11c48ef222a7960cb266bd88878c0eb9f8138127/packages/shopping/src/controllers/user-order.controller.ts#L48
+
+2. Implement an Authorizer
+
+- https://github.com/strongloop/loopback4-example-shopping/blob/master/packages/shopping/src/services/authorizor.ts
diff --git a/docs/site/migration/auth/example.md b/docs/site/migration/auth/example.md
@@ -0,0 +1,36 @@
+---
+lang: en
+title:
+  'Migrating authentication and authorization for an example LoopBack 3
+  application'
+keywords: LoopBack 4.0, LoopBack 4, LoopBack 3, Migration
+sidebar: lb4_sidebar
+permalink: /doc/en/lb4/migration-auth-example.html
+---
+
+## Example LoopBack 3 application
+
+- https://github.com/strongloop/loopback-example-access-control
+
+## Migration to LoopBack 4
+
+1. Set up `/login` endpoint
+
+2. Set up authentication
+
+- Authentication action
+- `@authenticate`
+- Authentication strategies
+
+3. Set up authorization
+
+- Migrate ACLs -> `@authorize`
+- Migrate custom role resolvers -> `Authorizer` or `Voter`
+
+## Use a third party library as the authorizer
+
+- Casbin
+
+## Use a third party service as the authorizer
+
+- Auth0
diff --git a/docs/site/migration/auth/overview.md b/docs/site/migration/auth/overview.md
@@ -6,23 +6,60 @@ sidebar: lb4_sidebar
 permalink: /doc/en/lb4/migration-auth-overview.html
 ---
 
+## LoopBack 3 authentication and authorization facilities
+
 LoopBack version 3 provides several options for adding authentication and
-authorization to secure the applications:
+authorization to secure the applications. See
+[docs](https://loopback.io/doc/en/lb3/Authentication-authorization-and-permissions.html)
+for more details.
+
+### Authentication
+
+1. Built-in `User` and `AccessToken` based authentication
+
+LoopBack 3 includes a built-in `User` model with `login` and other methods to
+perform username/password based authentication and return an access token, which
+can then be used to access protected resources.
+
+2. Integration with [Passport](http://www.passportjs.org/)
+
+[loopback-component-passport](https://github.com/strongloop/loopback-component-passport)
+provides integration between LoopBack 3 and
+[Passport](http://www.passportjs.org) to support third-party login and account
+linking for LoopBack applications. The migration path is described in
+[Migrating Passport-based authentication](./passport.md).
+
+3. oAuth 2.0
+
+[loopback-component-oauth2](https://github.com/strongloop/loopback-component-oauth2)
+provides full integration between OAuth 2.0 and LoopBack. It enables LoopBack
+applications to function as an oAuth 2.0 provider to authenticate and authorize
+client applications and/or resource owners (i.e. users) to access protected API
+endpoints. The migration path is described in
+[Migrating OAuth2 provider](./oauth2.md).
+
+### Authorization
 
 - A set of built-in models like `User`, `AccessToken` and `ACL` makes it easy to
   store your user credentials locally and define custom access control checks.
   The migration path is described in
   [Migrating built-in authentication and authorization](./built-in.md).
 
-- [loopback-component-passport](https://github.com/strongloop/loopback-component-passport)
-  provides integration between LoopBack 3 and
-  [Passport](http://www.passportjs.org) to support third-party login and account
-  linking for LoopBack applications. The migration path is described in
-  [Migrating Passport-based authentication](./passport.md).
-
-- [loopback-component-oauth2](https://github.com/strongloop/loopback-component-oauth2)
-  provides full integration between OAuth 2.0 and LoopBack. It enables LoopBack
-  applications to function as an oAuth 2.0 provider to authenticate and
-  authorize client applications and/or resource owners (i.e. users) to access
-  protected API endpoints. The migration path is described in
-  [Migrating OAuth2 provider](./oauth2.md).
+- Built-in ACL based authorization
+
+## LoopBack 4 authentication and authorization facilities
+
+LoopBack 4 focuses on capturing the minimum common metadata for authentication
+and authorization and enabling extensibility so that different security
+strategies/schemes can be plugged in to enforce authentication and
+authorization.
+
+### Authentication
+
+- AuthenticationStrategy
+- PassportAdapter
+
+### Authorization
+
+- Authorizer
+- Use your own interceptor for authorization
diff --git a/docs/site/migration/auth/passport.md b/docs/site/migration/auth/passport.md
@@ -6,8 +6,6 @@ sidebar: lb4_sidebar
 permalink: /doc/en/lb4/migration-auth-passport.html
 ---
 
-{% include note.html content="
-This is a placeholder page, the task of adding content is tracked by the
-following GitHub issue:
-[loopback-next#3958](https://github.com/strongloop/loopback-next/issues/3958)
-" %}
+## Migrate from `loopback-component-passport`
+
+https://github.com/strongloop/loopback-next/tree/master/extensions/authentication-passport