LB4 - Authorization Implementation - Cannot find name AuthResponse - Authorization sample

[venkatamandala]

Description / Steps to reproduce / Feature proposal

I followed the Authorization tutorial at https://loopback.io/doc/en/lb4/Loopback-component-authorization.html and i have compilation error in "sequence.ts" at AuthResponse Statement (see below)

const authUser: AuthResponse = await this.authenticateRequest(request);

Cannot find name 'AuthResponse'

NOTE: I followed and completed the Authentication piece and getting token successfully in Authentication flow. Please help where i am doing wrong. I followed the exact article provided.

Please check below code for Sequence.ts

import { inject } from '@loopback/context';
import {
FindRoute,
InvokeMethod,
ParseParams,
Reject,
RequestContext,
RestBindings,
Send,
SequenceHandler,
HttpErrors,
} from '@loopback/rest';
import { AuthenticationBindings, AuthenticateFn } from '@loopback/authentication';

import {
AuthorizatonBindings,
AuthorizeFn,
AuthorizeErrorKeys,
UserPermissionsFn,
PermissionKey
} from './authorization';

const SequenceActions = RestBindings.SequenceActions;

export class MySequence implements SequenceHandler {
constructor(
@Inject(SequenceActions.FIND_ROUTE) protected findRoute: FindRoute,
@Inject(SequenceActions.PARSE_PARAMS) protected parseParams: ParseParams,
@Inject(SequenceActions.INVOKE_METHOD) protected invoke: InvokeMethod,
@Inject(SequenceActions.SEND) public send: Send,
@Inject(SequenceActions.REJECT) public reject: Reject,
@Inject(AuthenticationBindings.AUTH_ACTION)
protected authenticateRequest: AuthenticateFn,
@Inject(AuthorizatonBindings.USER_PERMISSIONS)
protected fetchUserPermissons: UserPermissionsFn,
@Inject(AuthorizatonBindings.AUTHORIZE_ACTION)
protected checkAuthorization: AuthorizeFn,
) { }

async handle(context: RequestContext) {
try {
const { request, response } = context;
const route = this.findRoute(request);
const args = await this.parseParams(request, route);
// This is the important line added to the default sequence implementation
const authUser: AuthResponse = await this.authenticateRequest(request);

  // Parse and calculate user permissions based on role and user level
  const permissions: PermissionKey[] = this.fetchUserPermissons(
    authUser.permissions,
    authUser.role.permissions,
  );
  // This is main line added to sequence
  // where we are invoking the authorize action function to check for access
  const isAccessAllowed: boolean = await this.checkAuthorization(
    permissions,
  );
  if (!isAccessAllowed) {
    throw new HttpErrors.Forbidden(AuthorizeErrorKeys.NotAllowedAccess);
  }

  const result = await this.invoke(route, args);
  this.send(response, result);
} catch (err) {
  this.reject(context, err);
}

}
}

Current Behavior

Expected Behavior

See Reporting Issues for more tips on writing good issues

[emonddr]

@venkatamandala
Apologies for the broken example, we are in the midst of landing different PRs which
are updating @loopback/authentication .

feat: resolve authentication strategy registered via extension point landed in early May and it was a breaking change.

Draft:Changes to passport strategy adapter will be updating how passport strategies are handled given the new authentication strategy interface. We are exploring a few options right now. Once things have been decided, the documentation you mention will be updated.

refactor shopping cart example to utilize latest @loopback/authentication module is also in the works at the moment.

So please stay tuned...

:)

P.S. Same comment for #2886 and #2887.

[raymondfeng]

See #1205

[samarpanB]

@venkatamandala AuthResponse is actually the authenticated User Model. Its implementation is not described in the documentation as it can vary application to application. In general, AuthResponse is the returned user model after authentication. You can use the User Model as well, in place of it.

[leo-tiofan]

// Do authentication of the user and fetch user permissions below  
const authUser: User | undefined = await this.authenticateRequest(request);

@samarpanB AuthenticateFn from @loopback/authentication return UserProfile or undefined. Since I use custom User model, it will cause an error because it's not assignable. Do you have any suggestion?

[samarpanB]

@bgleolalahi Whatever you return from @loopback/authentication, you should use that as authUser type. You only need to make sure that it contains permissions.
You can also refer to one of our simplistic loopback-starter project (consider it as boiler plate) we created to showcase samples of authentication and authorization and few other significant integrations. It was created to help and provide guidance to developers.

[dhmlau]

@bgleolalahi, does @samarpanB answer your question? Is this issue good to close? Thanks.

[leo-tiofan]

@bgleolalahi Whatever you return from @loopback/authentication, you should use that as authUser type. You only need to make sure that it contains permissions.
You can also refer to one of our simplistic loopback-starter project (consider it as boiler plate) we created to showcase samples of authentication and authorization and few other significant integrations. It was created to help and provide guidance to developers.

Okay, thank you for helping. @samarpanB

@dhmlau Yes, we can close the issue now. Thanks.

[DimitriEmman]

hello i have the same problem.i am using loopback/authentification.help please

[samarpanB]

@DimitriEmman , please have a look at my replies above for solution. If you still face issues, I would need more information on what error you are getting before I can help with that.

Please note this issue was for Authorization implementation not for authentication. If you are facing issues with authentication, please look for existing issues about authentication (if any) related to your problem and any solutions provided there. Or else, you can also raise a new issue providing more details about it.

Hope this helps. Thanks.

[DimitriEmman]

Hi @samarpanB thanks for replying.
this is my sequence

import { UserPermissionsFn } from './authorization/types';
import { Authresponse } from './models/authresponse.model';
import {inject} from '@loopback/context';
import {
FindRoute,
InvokeMethod,
ParseParams,
Reject,
RequestContext,
RestBindings,
Send,
SequenceHandler,
HttpErrors,
} from '@loopback/rest';
import {
AuthenticationBindings,
AUTHENTICATION_STRATEGY_NOT_FOUND,
USER_PROFILE_NOT_FOUND,
AuthenticateFn,
UserProfile
} from '@loopback/authentication';

import {
AuthorizatonBindings,
AuthorizeFn,
AuthorizeErrorKeys,
PermissionKey,
} from './authorization';

const SequenceActions = RestBindings.SequenceActions;

export class MySequence implements SequenceHandler {
constructor(
@Inject(SequenceActions.FIND_ROUTE) protected findRoute: FindRoute,
@Inject(SequenceActions.PARSE_PARAMS) protected parseParams: ParseParams,
@Inject(SequenceActions.INVOKE_METHOD) protected invoke: InvokeMethod,
@Inject(SequenceActions.SEND) public send: Send,
@Inject(SequenceActions.REJECT) public reject: Reject,
@Inject(AuthenticationBindings.AUTH_ACTION)
protected authenticateRequest: AuthenticateFn,
@Inject(AuthorizatonBindings.USER_PERMISSIONS)
protected fetchUserPermissons: UserPermissionsFn,
@Inject(AuthorizatonBindings.AUTHORIZE_ACTION)
protected checkAuthorization: AuthorizeFn,
) {}

async handle(context: RequestContext) {
try {
const {request, response} = context;
const route = this.findRoute(request);
const args = await this.parseParams(request, route);

  //await this.authenticateRequest(request);

  const authUser :  Authresponse   = await this.authenticateRequest(request);
  // Parse and calculate user permissions based on role and user level
 
  const permissions: PermissionKey[] = this.fetchUserPermissons(
    authUser.permissions,
    authUser.role.permissions,
  );
  console.log('bonjour');
  const isAccessAllowed: boolean = await this.checkAuthorization(
    permissions,
  );
  if (!isAccessAllowed) {
    throw new HttpErrors.Forbidden(AuthorizeErrorKeys.NotAllowedAccess);
  }

  const result = await this.invoke(route, args);
  this.send(response, result);
} catch (err) {
  if (
    err.code === AUTHENTICATION_STRATEGY_NOT_FOUND ||
    err.code === USER_PROFILE_NOT_FOUND
  ) {
    Object.assign(err, {statusCode: 401 /* Unauthorized */});
  }
  this.reject(context, err);
}

}
}

and i get this error after npm start :
src/sequence.ts:55:13 - error TS2322: Type 'UserProfile | undefined' is not assignable to type 'Authresponse'. Type 'undefined' is not assignable to type 'Authresponse'.

55 const authUser : Authresponse = await this.authenticateRequest(request);

[DimitriEmman]

i am not using loopback4-authentication but loopback-authentication

[dougal83]

i am not using loopback4-authentication but loopback-authentication

You can compare/copy code from a working example: LB4 Shopping example /w auth

[DimitriEmman]

@dougal83 did you integrate the authorization in this example(shopping example)?