update @loopback\authentication documentation

[emonddr]

Description / Steps to reproduce / Feature proposal

The REAME.md of the @loopback/authentication module needs to be updated
to discuss the new authentication architecture.

Current Behavior

Shows an authentication example that makes use of npm modules : passport passport-http and the old strategy adapter.

Expected Behavior

Explain more of the architecture of the authentication module (not specific implementations of strategies), and provide links to examples which provide ready-to-run applications and detailed explanations of implementations.

Acceptance Criteria

• Remove information that is not applicable or not relevant in the current authentication/README.md file.

• [] Re-work https://github.com/strongloop/loopback-next/blob/master/packages/authentication/docs/authentication-system.md into standalone pages for Application and Extension developers on loopback.io.

• Create tutorial on enabling jwt authentication with shopping cart example.

• Show how to set up basic authentication in the docs and point to the above tutorial. If we can showcase basic authentication strategy in the README without too much information, then we can include some code snippets there. Otherwise point to docs.

• document briefly discusses the AuthenticationStrategy interface, and the extensionPoint/extensions pattern, how custom authentication strategies can be registered, how a custom sequence must be created, and how controller methods must be decorated in order to authenticate endpoints in a LoopBack application. (I don't see the point in going into a lot of step by step details if we are providing a link to examples whose README.md files will go into details). Include basic usage as well.

See Reporting Issues for more tips on writing good issues

[jannyHou]

@emonddr Thank you for creating the doc issue, for the 4 tasks in the acceptance criteria:

1 - I agree 👍
2,3 - Are we creating 2 example under https://github.com/strongloop/loopback-next/tree/master/examples?
4 - sounds good, if the doc PR get landed before #2311 closed, we can link to the ongoing feature branch and update the link after the adapter feature done.

[emonddr]

@jannyHou

2,3 - Are we creating 2 example under https://github.com/strongloop/loopback-next/tree/master/examples?

we can either have 2 separate examples showing separate custom authentication strategies or we can have 1 example\authentication example which showcases the 2 different strategies.

[emonddr]

Other LoopBack4 documents which will need to be revised:

• Extending LoopBack 4 since it uses an old chart (this chart discusses a theoretical design to illustrate what components are and how they can be organized. No need to update this chart)
• Using components since it shows the import of 'types/passport' module
• Using decorators since it seems to be an unused/orphan document not referenced in TOC
• Declarative test demo is this page still relevant? It mentions Authenticated requests/login endpoints (After speaking with Miroslav, I updated this document to clarify this tool is only for LB3.x)
• Dependency Injection since it shows an outdate AuthenticateActionProvider using the StrategyAdapter

[emonddr]

@raymondfeng what is the Declarative Test Demo, and is it still relevant? thx.

[dhmlau]

@emonddr, let's limit the scope of this task to be the core authentication documentation, and open a separate task for updating other docs pages that involve authentication. We can better groom that new task over there too. Thanks.