@loopback/authentication 4.2.9 → 6.0.1

package/CHANGELOG.md

@@ -3,6 +3,62 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [6.0.1](https://github.com/strongloop/loopback-next/compare/@loopback/authentication@6.0.0...@loopback/authentication@6.0.1) (2020-08-27)
+
+**Note:** Version bump only for package @loopback/authentication
+
+
+
+
+
+# [6.0.0](https://github.com/strongloop/loopback-next/compare/@loopback/authentication@5.0.0...@loopback/authentication@6.0.0) (2020-08-19)
+
+
+### Features
+
+* **authentication:** add support for multiple strategies on same method ([f2f1580](https://github.com/strongloop/loopback-next/commit/f2f15806189d568d0a2c6d6198de74e6801f094c)), closes [#5310](https://github.com/strongloop/loopback-next/issues/5310)
+* **authentication:** update signature of authenticate decorator ([ae6c0e6](https://github.com/strongloop/loopback-next/commit/ae6c0e68a58a2b574fd534242e599aa2a96fc855))
+
+
+### BREAKING CHANGES
+
+* **authentication:** The `@authenticate` signature changed, options are no longer
+a separate input parameter but instead have to be provided in the metadata object.
+The metadata value is now `AuthenticationMetadata[]`.
+
+Signed-off-by: nflaig <nflaig@protonmail.com>
+
+
+
+
+
+# [5.0.0](https://github.com/strongloop/loopback-next/compare/@loopback/authentication@4.2.10...@loopback/authentication@5.0.0) (2020-08-05)
+
+
+### Features
+
+* **authentication:** add a middleware for authentication ([de6f96c](https://github.com/strongloop/loopback-next/commit/de6f96c7af946486ded0425e643ff22c92d6f04f))
+* **authentication:** authentication action is no longer needed ([041fa21](https://github.com/strongloop/loopback-next/commit/041fa213482bcfe723dd075518fa890dce3936e0))
+
+
+### BREAKING CHANGES
+
+* **authentication:** with the newly introduced middleware-based sequence for
+'@loopback/rest', it is no longer needed to explicitly add the authentication
+action for middleware-based sequence.
+
+
+
+
+
+## [4.2.10](https://github.com/strongloop/loopback-next/compare/@loopback/authentication@4.2.9...@loopback/authentication@4.2.10) (2020-07-20)
+
+**Note:** Version bump only for package @loopback/authentication
+
+
+
+
+
 ## [4.2.9](https://github.com/strongloop/loopback-next/compare/@loopback/authentication@4.2.8...@loopback/authentication@4.2.9) (2020-06-30)
 
 **Note:** Version bump only for package @loopback/authentication

package/README.md

@@ -1,6 +1,8 @@
 # @loopback/authentication
 
-A LoopBack 4 component for authentication support.
+A LoopBack 4 component for authentication support. Its corresponding
+documentation is in
+[LoopBack component authentication](https://loopback.io/doc/en/lb4/Loopback-component-authentication.html)
 
 ## Overview
 
@@ -13,7 +15,8 @@ It contains:
 
 - A decorator to express an authentication requirement on controller methods
 - A provider to access method-level authentication metadata
-- An action in the REST sequence to enforce authentication
+- An action in the REST sequence to enforce authentication (**No longer needed
+  for middleware based sequence**)
 - An extension point to discover all authentication strategies and handle the
   delegation
 
@@ -25,22 +28,23 @@ npm install --save @loopback/authentication
 
 ## Basic Use
 
-[Load the AuthenticationComponent](https://loopback.io/doc/en/lb4/Loopback-component-authentication.html#authentication-component)
+[Load the AuthenticationComponent](https://loopback.io/doc/en/lb4/Loopback-component-authentication.html#mounting-authentication-component)
 into your application.
 
 **Extension developers** need to:
 
-- [create custom authentication strategies](https://loopback.io/doc/en/lb4/Loopback-component-authentication.html#creating-a-custom-authentication-strategy)
+- [create custom authentication strategies](https://loopback.io/doc/en/lb4/Implement-your-own-strategy.html)
 
 **Application Developers** need to:
 
-- [decorate controller functions with the authentication decorator](https://loopback.io/doc/en/lb4/Loopback-component-authentication.html#using-the-authentication-decorator)
-- [add the authentication action to a custom sequence](https://loopback.io/doc/en/lb4/Loopback-component-authentication.html#adding-an-authentication-action-to-a-custom-sequence)
+- [decorate controller functions with the authentication decorator](https://loopback.io/doc/en/lb4/Authentication-component-decorator.html)
+- [add the authentication action to a custom sequence](https://loopback.io/doc/en/lb4/Authentication-component-action.html#adding-an-authentication-action-to-a-custom-sequence)
   and
-  [bind the custom sequence to the application](https://loopback.io/doc/en/lb4/Loopback-component-authentication.html#binding-the-authenticating-sequence-to-the-application)
-- [register the authentication strategies](https://loopback.io/doc/en/lb4/Loopback-component-authentication.html#registering-a-custom-authentication-strategy)
+  [bind the custom sequence to the application](https://loopback.io/doc/en/lb4/Authentication-component-action.html#binding-the-authenticating-sequence-to-the-application)
+  (**No longer needed for middleware based sequence**)
+- [register the authentication strategies](https://loopback.io/doc/en/lb4/Authentication-component-strategy.html)
 
-[Create and register a passport based strategy](https://www.npmjs.com/package/@loopback/authentication-passport)
+[Create and register a passport based strategy](https://loopback.io/doc/en/lb4/Authentication-passport.html)
 
 ## Related resources
 

package/dist/authentication.component.d.ts

@@ -1,5 +1,7 @@
-import { Component, ProviderMap } from '@loopback/core';
+import { Component } from '@loopback/core';
+import { AuthenticateActionProvider, AuthenticationMiddlewareProvider, AuthenticationStrategyProvider, AuthMetadataProvider } from './providers';
 export declare class AuthenticationComponent implements Component {
-    providers?: ProviderMap;
-    constructor();
+    providers: {
+        [x: string]: typeof AuthenticateActionProvider | typeof AuthenticationMiddlewareProvider | typeof AuthMetadataProvider | typeof AuthenticationStrategyProvider;
+    };
 }

package/dist/authentication.component.js

@@ -15,12 +15,13 @@ let AuthenticationComponent = class AuthenticationComponent {
             [keys_1.AuthenticationBindings.AUTH_ACTION.key]: providers_1.AuthenticateActionProvider,
             [keys_1.AuthenticationBindings.STRATEGY.key]: providers_1.AuthenticationStrategyProvider,
             [keys_1.AuthenticationBindings.METADATA.key]: providers_1.AuthMetadataProvider,
+            [keys_1.AuthenticationBindings.AUTHENTICATION_MIDDLEWARE
+                .key]: providers_1.AuthenticationMiddlewareProvider,
         };
     }
 };
 AuthenticationComponent = tslib_1.__decorate([
-    core_1.bind({ tags: { [core_1.ContextTags.KEY]: keys_1.AuthenticationBindings.COMPONENT } }),
-    tslib_1.__metadata("design:paramtypes", [])
+    core_1.bind({ tags: { [core_1.ContextTags.KEY]: keys_1.AuthenticationBindings.COMPONENT } })
 ], AuthenticationComponent);
 exports.AuthenticationComponent = AuthenticationComponent;
 //# sourceMappingURL=authentication.component.js.map

package/dist/authentication.component.js.map

@@ -1 +1 @@
-{"version":3,"file":"authentication.component.js","sourceRoot":"","sources":["../src/authentication.component.ts"],"names":[],"mappings":";AAAA,sDAAsD;AACtD,wCAAwC;AACxC,+CAA+C;AAC/C,gEAAgE;;;;AAEhE,yCAAyE;AACzE,iCAA8C;AAC9C,2CAIqB;AAGrB,IAAa,uBAAuB,GAApC,MAAa,uBAAuB;IAGlC;QACE,IAAI,CAAC,SAAS,GAAG;YACf,CAAC,6BAAsB,CAAC,WAAW,CAAC,GAAG,CAAC,EAAE,sCAA0B;YACpE,CAAC,6BAAsB,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,0CAA8B;YACrE,CAAC,6BAAsB,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,gCAAoB;SAC5D,CAAC;IACJ,CAAC;CACF,CAAA;AAVY,uBAAuB;IADnC,WAAI,CAAC,EAAC,IAAI,EAAE,EAAC,CAAC,kBAAW,CAAC,GAAG,CAAC,EAAE,6BAAsB,CAAC,SAAS,EAAC,EAAC,CAAC;;GACvD,uBAAuB,CAUnC;AAVY,0DAAuB"}
+{"version":3,"file":"authentication.component.js","sourceRoot":"","sources":["../src/authentication.component.ts"],"names":[],"mappings":";AAAA,sDAAsD;AACtD,wCAAwC;AACxC,+CAA+C;AAC/C,gEAAgE;;;;AAEhE,yCAA4D;AAC5D,iCAA8C;AAC9C,2CAKqB;AAGrB,IAAa,uBAAuB,GAApC,MAAa,uBAAuB;IAApC;QACE,cAAS,GAAG;YACV,CAAC,6BAAsB,CAAC,WAAW,CAAC,GAAG,CAAC,EAAE,sCAA0B;YACpE,CAAC,6BAAsB,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,0CAA8B;YACrE,CAAC,6BAAsB,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,gCAAoB;YAC3D,CAAC,6BAAsB,CAAC,yBAAyB;iBAC9C,GAAG,CAAC,EAAE,4CAAgC;SAC1C,CAAC;IACJ,CAAC;CAAA,CAAA;AARY,uBAAuB;IADnC,WAAI,CAAC,EAAC,IAAI,EAAE,EAAC,CAAC,kBAAW,CAAC,GAAG,CAAC,EAAE,6BAAsB,CAAC,SAAS,EAAC,EAAC,CAAC;GACvD,uBAAuB,CAQnC;AARY,0DAAuB"}

package/dist/decorators/authenticate.decorator.d.ts

@@ -3,11 +3,10 @@ import { AuthenticationMetadata } from '../types';
 /**
  * Mark a controller method as requiring authenticated user.
  *
- * @param strategyNameOrMetadata - The name of the authentication strategy to use
- * or the authentication metadata object.
- * @param options - Additional options to configure the authentication.
+ * @param strategies - The names of the authentication strategies to use
+ * or authentication metadata objects.
  */
-export declare function authenticate(strategyNameOrMetadata: string | AuthenticationMetadata, options?: object): (target: any, method?: string | undefined, methodDescriptor?: TypedPropertyDescriptor<any> | undefined) => any;
+export declare function authenticate(...strategies: (string | AuthenticationMetadata)[]): (target: any, method?: string | undefined, methodDescriptor?: TypedPropertyDescriptor<any> | undefined) => any;
 export declare namespace authenticate {
     /**
      * `@authenticate.skip()` - a sugar decorator to skip authentication
@@ -20,4 +19,4 @@ export declare namespace authenticate {
  * @param targetClass - Target controller
  * @param methodName - Target method
  */
-export declare function getAuthenticateMetadata(targetClass: Constructor<{}>, methodName: string): AuthenticationMetadata | undefined;
+export declare function getAuthenticateMetadata(targetClass: Constructor<{}>, methodName: string): AuthenticationMetadata[] | undefined;

package/dist/decorators/authenticate.decorator.js

@@ -12,11 +12,10 @@ class AuthenticateClassDecoratorFactory extends core_1.ClassDecoratorFactory {
 /**
  * Mark a controller method as requiring authenticated user.
  *
- * @param strategyNameOrMetadata - The name of the authentication strategy to use
- * or the authentication metadata object.
- * @param options - Additional options to configure the authentication.
+ * @param strategies - The names of the authentication strategies to use
+ * or authentication metadata objects.
  */
-function authenticate(strategyNameOrMetadata, options) {
+function authenticate(...strategies) {
     return function authenticateDecoratorForClassOrMethod(
     // Class or a prototype
     // eslint-disable-next-line @typescript-eslint/no-explicit-any
@@ -25,23 +24,27 @@ function authenticate(strategyNameOrMetadata, options) {
     // See https://github.com/strongloop/loopback-next/pull/2704
     // eslint-disable-next-line @typescript-eslint/no-explicit-any
     methodDescriptor) {
-        let spec;
-        if (typeof strategyNameOrMetadata === 'object') {
-            spec = strategyNameOrMetadata;
-        }
-        else {
-            spec = { strategy: strategyNameOrMetadata, options: options !== null && options !== void 0 ? options : {} };
+        const specs = [];
+        for (const strategy of strategies) {
+            if (typeof strategy === 'object') {
+                specs.push(strategy);
+            }
+            else {
+                specs.push({ strategy: strategy });
+            }
         }
         if (method && methodDescriptor) {
             // Method
-            return core_1.MethodDecoratorFactory.createDecorator(keys_1.AUTHENTICATION_METADATA_KEY, spec, { decoratorName: '@authenticate' })(target, method, methodDescriptor);
+            return core_1.MethodDecoratorFactory.createDecorator(keys_1.AUTHENTICATION_METADATA_KEY, specs, { decoratorName: '@authenticate' })(target, method, methodDescriptor);
         }
         if (typeof target === 'function' && !method && !methodDescriptor) {
             // Class
-            return AuthenticateClassDecoratorFactory.createDecorator(keys_1.AUTHENTICATION_METADATA_CLASS_KEY, spec, { decoratorName: '@authenticate' })(target);
+            return AuthenticateClassDecoratorFactory.createDecorator(keys_1.AUTHENTICATION_METADATA_CLASS_KEY, specs, {
+                decoratorName: '@authenticate',
+            })(target);
         }
         // Not on a class or method
-        throw new Error('@intercept cannot be used on a property: ' +
+        throw new Error('@authenticate cannot be used on a property: ' +
             core_1.DecoratorFactory.getTargetName(target, method, methodDescriptor));
     };
 }

package/dist/decorators/authenticate.decorator.js.map

@@ -1 +1 @@
-{"version":3,"file":"authenticate.decorator.js","sourceRoot":"","sources":["../../src/decorators/authenticate.decorator.ts"],"names":[],"mappings":";AAAA,sDAAsD;AACtD,wCAAwC;AACxC,+CAA+C;AAC/C,gEAAgE;;;AAEhE,yCAMwB;AACxB,kCAIiB;AAGjB,MAAM,iCAAkC,SAAQ,4BAE/C;CAAG;AAEJ;;;;;;GAMG;AACH,SAAgB,YAAY,CAC1B,sBAAuD,EACvD,OAAgB;IAEhB,OAAO,SAAS,qCAAqC;IACnD,uBAAuB;IACvB,8DAA8D;IAC9D,MAAW,EACX,MAAe;IACf,6CAA6C;IAC7C,4DAA4D;IAC5D,8DAA8D;IAC9D,gBAA+C;QAE/C,IAAI,IAA4B,CAAC;QACjC,IAAI,OAAO,sBAAsB,KAAK,QAAQ,EAAE;YAC9C,IAAI,GAAG,sBAAsB,CAAC;SAC/B;aAAM;YACL,IAAI,GAAG,EAAC,QAAQ,EAAE,sBAAsB,EAAE,OAAO,EAAE,OAAO,aAAP,OAAO,cAAP,OAAO,GAAI,EAAE,EAAC,CAAC;SACnE;QACD,IAAI,MAAM,IAAI,gBAAgB,EAAE;YAC9B,SAAS;YACT,OAAO,6BAAsB,CAAC,eAAe,CAC3C,kCAA2B,EAC3B,IAAI,EACJ,EAAC,aAAa,EAAE,eAAe,EAAC,CACjC,CAAC,MAAM,EAAE,MAAM,EAAE,gBAAgB,CAAC,CAAC;SACrC;QACD,IAAI,OAAO,MAAM,KAAK,UAAU,IAAI,CAAC,MAAM,IAAI,CAAC,gBAAgB,EAAE;YAChE,QAAQ;YACR,OAAO,iCAAiC,CAAC,eAAe,CACtD,wCAAiC,EACjC,IAAI,EACJ,EAAC,aAAa,EAAE,eAAe,EAAC,CACjC,CAAC,MAAM,CAAC,CAAC;SACX;QACD,2BAA2B;QAC3B,MAAM,IAAI,KAAK,CACb,2CAA2C;YACzC,uBAAgB,CAAC,aAAa,CAAC,MAAM,EAAE,MAAM,EAAE,gBAAgB,CAAC,CACnE,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC;AA1CD,oCA0CC;AAED,WAAiB,YAAY;IAC3B;;OAEG;IACU,iBAAI,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,EAAC,QAAQ,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAC,CAAC,CAAC;AACrE,CAAC,EALgB,YAAY,GAAZ,oBAAY,KAAZ,oBAAY,QAK5B;AAED;;;;;GAKG;AACH,SAAgB,uBAAuB,CACrC,WAA4B,EAC5B,UAAkB;IAElB,2BAA2B;IAC3B,IAAI,QAAQ,GAAG,wBAAiB,CAAC,iBAAiB,CAChD,yCAAkC,EAClC,WAAW,CAAC,SAAS,EACrB,UAAU,CACX,CAAC;IACF,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAC;IAC9B,+CAA+C;IAC/C,QAAQ,GAAG,wBAAiB,CAAC,gBAAgB,CAC3C,wCAAiC,EACjC,WAAW,CACZ,CAAC;IACF,OAAO,QAAQ,CAAC;AAClB,CAAC;AAjBD,0DAiBC"}
+{"version":3,"file":"authenticate.decorator.js","sourceRoot":"","sources":["../../src/decorators/authenticate.decorator.ts"],"names":[],"mappings":";AAAA,sDAAsD;AACtD,wCAAwC;AACxC,+CAA+C;AAC/C,gEAAgE;;;AAEhE,yCAMwB;AACxB,kCAIiB;AAGjB,MAAM,iCAAkC,SAAQ,4BAE/C;CAAG;AAEJ;;;;;GAKG;AACH,SAAgB,YAAY,CAC1B,GAAG,UAA+C;IAElD,OAAO,SAAS,qCAAqC;IACnD,uBAAuB;IACvB,8DAA8D;IAC9D,MAAW,EACX,MAAe;IACf,6CAA6C;IAC7C,4DAA4D;IAC5D,8DAA8D;IAC9D,gBAA+C;QAE/C,MAAM,KAAK,GAA6B,EAAE,CAAC;QAE3C,KAAK,MAAM,QAAQ,IAAI,UAAU,EAAE;YACjC,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE;gBAChC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;aACtB;iBAAM;gBACL,KAAK,CAAC,IAAI,CAAC,EAAC,QAAQ,EAAE,QAAQ,EAAC,CAAC,CAAC;aAClC;SACF;QAED,IAAI,MAAM,IAAI,gBAAgB,EAAE;YAC9B,SAAS;YACT,OAAO,6BAAsB,CAAC,eAAe,CAC3C,kCAA2B,EAC3B,KAAK,EACL,EAAC,aAAa,EAAE,eAAe,EAAC,CACjC,CAAC,MAAM,EAAE,MAAM,EAAE,gBAAgB,CAAC,CAAC;SACrC;QACD,IAAI,OAAO,MAAM,KAAK,UAAU,IAAI,CAAC,MAAM,IAAI,CAAC,gBAAgB,EAAE;YAChE,QAAQ;YACR,OAAO,iCAAiC,CAAC,eAAe,CAEtD,wCAAiC,EAAE,KAAK,EAAE;gBAC1C,aAAa,EAAE,eAAe;aAC/B,CAAC,CAAC,MAAM,CAAC,CAAC;SACZ;QACD,2BAA2B;QAC3B,MAAM,IAAI,KAAK,CACb,8CAA8C;YAC5C,uBAAgB,CAAC,aAAa,CAAC,MAAM,EAAE,MAAM,EAAE,gBAAgB,CAAC,CACnE,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC;AA7CD,oCA6CC;AAED,WAAiB,YAAY;IAC3B;;OAEG;IACU,iBAAI,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,EAAC,QAAQ,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAC,CAAC,CAAC;AACrE,CAAC,EALgB,YAAY,GAAZ,oBAAY,KAAZ,oBAAY,QAK5B;AAED;;;;;GAKG;AACH,SAAgB,uBAAuB,CACrC,WAA4B,EAC5B,UAAkB;IAElB,2BAA2B;IAC3B,IAAI,QAAQ,GAAG,wBAAiB,CAAC,iBAAiB,CAChD,yCAAkC,EAClC,WAAW,CAAC,SAAS,EACrB,UAAU,CACX,CAAC;IACF,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAC;IAC9B,+CAA+C;IAC/C,QAAQ,GAAG,wBAAiB,CAAC,gBAAgB,CAC3C,wCAAiC,EACjC,WAAW,CACZ,CAAC;IACF,OAAO,QAAQ,CAAC;AAClB,CAAC;AAjBD,0DAiBC"}

package/dist/keys.d.ts

@@ -1,5 +1,6 @@
 import { BindingKey, MetadataAccessor } from '@loopback/core';
 import { UserProfile } from '@loopback/security';
+import { Middleware } from '@loopback/rest';
 import { AuthenticationComponent } from './authentication.component';
 import { AuthenticateFn, AuthenticationMetadata, AuthenticationStrategy, UserProfileFactory } from './types';
 /**
@@ -21,8 +22,8 @@ export declare namespace AuthenticationBindings {
      */
     const USER_PROFILE_FACTORY: BindingKey<UserProfileFactory<any>>;
     /**
-     * Key used to bind an authentication strategy to the context for the
-     * authentication function to use.
+     * Key used to bind an authentication strategy or multiple strategies
+     * to the context for the authentication function to use.
      *
      * @example
      * ```ts
@@ -31,7 +32,7 @@ export declare namespace AuthenticationBindings {
      *   .toProvider(MyAuthenticationStrategy);
      * ```
      */
-    const STRATEGY: BindingKey<AuthenticationStrategy | undefined>;
+    const STRATEGY: BindingKey<AuthenticationStrategy | AuthenticationStrategy[] | undefined>;
     /**
      * Key used to inject the authentication function into the sequence.
      *
@@ -64,6 +65,10 @@ export declare namespace AuthenticationBindings {
      * ```
      */
     const AUTH_ACTION: BindingKey<AuthenticateFn>;
+    /**
+     * Binding key for AUTHENTICATION_MIDDLEWARE
+     */
+    const AUTHENTICATION_MIDDLEWARE: BindingKey<Middleware>;
     /**
      * Key used to inject authentication metadata, which is used to determine
      * whether a request requires authentication or not.
@@ -73,18 +78,17 @@ export declare namespace AuthenticationBindings {
      * class MyPassportStrategyProvider implements Provider<Strategy | undefined> {
      *   constructor(
      *     @inject(AuthenticationBindings.METADATA)
-     *     private metadata: AuthenticationMetadata,
+     *     private metadata?: AuthenticationMetadata[],
      *   ) {}
      *   value(): ValueOrPromise<Strategy | undefined> {
-     *     if (this.metadata) {
-     *       const name = this.metadata.strategy;
+     *     if (this.metadata?.length) {
      *       // logic to determine which authentication strategy to return
      *     }
      *   }
      * }
      * ```
      */
-    const METADATA: BindingKey<AuthenticationMetadata | undefined>;
+    const METADATA: BindingKey<AuthenticationMetadata[] | undefined>;
     const AUTHENTICATION_STRATEGY_EXTENSION_POINT_NAME = "authentication.strategies";
     const CURRENT_USER: BindingKey<UserProfile>;
     const AUTHENTICATION_REDIRECT_URL: BindingKey<string>;

package/dist/keys.js

@@ -28,8 +28,8 @@ var AuthenticationBindings;
     /* eslint-disable @typescript-eslint/no-explicit-any */
     AuthenticationBindings.USER_PROFILE_FACTORY = core_1.BindingKey.create('authentication.userProfileFactory');
     /**
-     * Key used to bind an authentication strategy to the context for the
-     * authentication function to use.
+     * Key used to bind an authentication strategy or multiple strategies
+     * to the context for the authentication function to use.
      *
      * @example
      * ```ts
@@ -71,6 +71,10 @@ var AuthenticationBindings;
      * ```
      */
     AuthenticationBindings.AUTH_ACTION = core_1.BindingKey.create('authentication.actions.authenticate');
+    /**
+     * Binding key for AUTHENTICATION_MIDDLEWARE
+     */
+    AuthenticationBindings.AUTHENTICATION_MIDDLEWARE = core_1.BindingKey.create('middleware.authentication');
     /**
      * Key used to inject authentication metadata, which is used to determine
      * whether a request requires authentication or not.
@@ -80,11 +84,10 @@ var AuthenticationBindings;
      * class MyPassportStrategyProvider implements Provider<Strategy | undefined> {
      *   constructor(
      *     @inject(AuthenticationBindings.METADATA)
-     *     private metadata: AuthenticationMetadata,
+     *     private metadata?: AuthenticationMetadata[],
      *   ) {}
      *   value(): ValueOrPromise<Strategy | undefined> {
-     *     if (this.metadata) {
-     *       const name = this.metadata.strategy;
+     *     if (this.metadata?.length) {
      *       // logic to determine which authentication strategy to return
      *     }
      *   }

package/dist/keys.js.map

@@ -1 +1 @@
-{"version":3,"file":"keys.js","sourceRoot":"","sources":["../src/keys.ts"],"names":[],"mappings":";AAAA,sDAAsD;AACtD,wCAAwC;AACxC,+CAA+C;AAC/C,gEAAgE;;;AAEhE,yCAA4D;AAC5D,iDAAiE;AASjE;;GAEG;AACH,IAAiB,sBAAsB,CA+GtC;AA/GD,WAAiB,sBAAsB;IACxB,gCAAS,GAAG,iBAAU,CAAC,MAAM,CACxC,oCAAoC,CACrC,CAAC;IAEF;;;;;;;;;;;OAWG;IACH,uDAAuD;IAC1C,2CAAoB,GAAG,iBAAU,CAAC,MAAM,CAEnD,mCAAmC,CAAC,CAAC;IAEvC;;;;;;;;;;OAUG;IACU,+BAAQ,GAAG,iBAAU,CAAC,MAAM,CACvC,yBAAyB,CAC1B,CAAC;IAEF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA8BG;IACU,kCAAW,GAAG,iBAAU,CAAC,MAAM,CAC1C,qCAAqC,CACtC,CAAC;IAEF;;;;;;;;;;;;;;;;;;;OAmBG;IACU,+BAAQ,GAAG,iBAAU,CAAC,MAAM,CACvC,kCAAkC,CACnC,CAAC;IAEW,mEAA4C,GACvD,2BAA2B,CAAC;IAE9B,oFAAoF;IACvE,mCAAY,GAA4B,2BAAgB,CAAC,IAAI,CAAC;IAE3E,+CAA+C;IAClC,kDAA2B,GAAG,iBAAU,CAAC,MAAM,CAC1D,6BAA6B,CAC9B,CAAC;IAEF,2FAA2F;IAC9E,qDAA8B,GAAG,iBAAU,CAAC,MAAM,CAC7D,gCAAgC,CACjC,CAAC;AACJ,CAAC,EA/GgB,sBAAsB,GAAtB,8BAAsB,KAAtB,8BAAsB,QA+GtC;AAED;;GAEG;AACU,QAAA,kCAAkC,GAAG,uBAAgB,CAAC,MAAM,CAGvE,uBAAuB,CAAC,CAAC;AAE3B;;GAEG;AACU,QAAA,2BAA2B,GAAG,0CAAkC,CAAC;AAE9E;;GAEG;AACU,QAAA,iCAAiC,GAAG,uBAAgB,CAAC,MAAM,CAGtE,sBAAsB,CAAC,CAAC"}
+{"version":3,"file":"keys.js","sourceRoot":"","sources":["../src/keys.ts"],"names":[],"mappings":";AAAA,sDAAsD;AACtD,wCAAwC;AACxC,+CAA+C;AAC/C,gEAAgE;;;AAEhE,yCAA4D;AAC5D,iDAAiE;AAUjE;;GAEG;AACH,IAAiB,sBAAsB,CAqHtC;AArHD,WAAiB,sBAAsB;IACxB,gCAAS,GAAG,iBAAU,CAAC,MAAM,CACxC,oCAAoC,CACrC,CAAC;IAEF;;;;;;;;;;;OAWG;IACH,uDAAuD;IAC1C,2CAAoB,GAAG,iBAAU,CAAC,MAAM,CAEnD,mCAAmC,CAAC,CAAC;IAEvC;;;;;;;;;;OAUG;IACU,+BAAQ,GAAG,iBAAU,CAAC,MAAM,CAEvC,yBAAyB,CAAC,CAAC;IAE7B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA8BG;IACU,kCAAW,GAAG,iBAAU,CAAC,MAAM,CAC1C,qCAAqC,CACtC,CAAC;IAEF;;OAEG;IACU,gDAAyB,GAAG,iBAAU,CAAC,MAAM,CACxD,2BAA2B,CAC5B,CAAC;IAEF;;;;;;;;;;;;;;;;;;OAkBG;IACU,+BAAQ,GAAG,iBAAU,CAAC,MAAM,CAEvC,kCAAkC,CAAC,CAAC;IAEzB,mEAA4C,GACvD,2BAA2B,CAAC;IAE9B,oFAAoF;IACvE,mCAAY,GAA4B,2BAAgB,CAAC,IAAI,CAAC;IAE3E,+CAA+C;IAClC,kDAA2B,GAAG,iBAAU,CAAC,MAAM,CAC1D,6BAA6B,CAC9B,CAAC;IAEF,2FAA2F;IAC9E,qDAA8B,GAAG,iBAAU,CAAC,MAAM,CAC7D,gCAAgC,CACjC,CAAC;AACJ,CAAC,EArHgB,sBAAsB,GAAtB,8BAAsB,KAAtB,8BAAsB,QAqHtC;AAED;;GAEG;AACU,QAAA,kCAAkC,GAAG,uBAAgB,CAAC,MAAM,CAGvE,uBAAuB,CAAC,CAAC;AAE3B;;GAEG;AACU,QAAA,2BAA2B,GAAG,0CAAkC,CAAC;AAE9E;;GAEG;AACU,QAAA,iCAAiC,GAAG,uBAAgB,CAAC,MAAM,CAGtE,sBAAsB,CAAC,CAAC"}

package/dist/providers/auth-action.provider.d.ts

@@ -1,5 +1,5 @@
 import { Getter, Provider, Setter } from '@loopback/core';
-import { Request } from '@loopback/rest';
+import { Middleware, Request } from '@loopback/rest';
 import { UserProfile } from '@loopback/security';
 import { AuthenticateFn, AuthenticationStrategy } from '../types';
 /**
@@ -7,11 +7,11 @@ import { AuthenticateFn, AuthenticationStrategy } from '../types';
  * @example `context.bind('authentication.actions.authenticate').toProvider(AuthenticateActionProvider)`
  */
 export declare class AuthenticateActionProvider implements Provider<AuthenticateFn> {
-    readonly getStrategy: Getter<AuthenticationStrategy>;
+    readonly getStrategies: Getter<AuthenticationStrategy | AuthenticationStrategy[] | undefined>;
     readonly setCurrentUser: Setter<UserProfile>;
     readonly setRedirectUrl: Setter<string>;
     readonly setRedirectStatus: Setter<number>;
-    constructor(getStrategy: Getter<AuthenticationStrategy>, setCurrentUser: Setter<UserProfile>, setRedirectUrl: Setter<string>, setRedirectStatus: Setter<number>);
+    constructor(getStrategies: Getter<AuthenticationStrategy | AuthenticationStrategy[] | undefined>, setCurrentUser: Setter<UserProfile>, setRedirectUrl: Setter<string>, setRedirectStatus: Setter<number>);
     /**
      * @returns authenticateFn
      */
@@ -22,3 +22,8 @@ export declare class AuthenticateActionProvider implements Provider<Authenticate
      */
     action(request: Request): Promise<UserProfile | undefined>;
 }
+export declare class AuthenticationMiddlewareProvider implements Provider<Middleware> {
+    private authenticate;
+    constructor(authenticate: AuthenticateFn);
+    value(): Middleware;
+}

package/dist/providers/auth-action.provider.js

@@ -4,7 +4,7 @@
 // This file is licensed under the MIT License.
 // License text available at https://opensource.org/licenses/MIT
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.AuthenticateActionProvider = void 0;
+exports.AuthenticationMiddlewareProvider = exports.AuthenticateActionProvider = void 0;
 const tslib_1 = require("tslib");
 const core_1 = require("@loopback/core");
 const rest_1 = require("@loopback/rest");
@@ -24,8 +24,8 @@ let AuthenticateActionProvider = class AuthenticateActionProvider {
     // To solve this, we are injecting a getter function that will
     // defer resolution of the strategy until authenticate() action
     // is executed.
-    getStrategy, setCurrentUser, setRedirectUrl, setRedirectStatus) {
-        this.getStrategy = getStrategy;
+    getStrategies, setCurrentUser, setRedirectUrl, setRedirectStatus) {
+        this.getStrategies = getStrategies;
         this.setCurrentUser = setCurrentUser;
         this.setRedirectUrl = setRedirectUrl;
         this.setRedirectStatus = setRedirectStatus;
@@ -41,35 +41,57 @@ let AuthenticateActionProvider = class AuthenticateActionProvider {
      * @param request - The incoming request provided by the REST layer
      */
     async action(request) {
-        const strategy = await this.getStrategy();
-        if (!strategy) {
+        let strategies = await this.getStrategies();
+        if (!strategies) {
             // The invoked operation does not require authentication.
             return undefined;
         }
-        const authResponse = await strategy.authenticate(request);
+        // convert to array if required
+        strategies = Array.isArray(strategies) ? strategies : [strategies];
+        let authenticated = false;
+        let redirected = false;
+        let authError;
+        let authResponse;
         let userProfile;
-        // response from `strategy.authenticate()` could return an object of type UserProfile or RedirectRoute
-        if (rest_1.RedirectRoute.isRedirectRoute(authResponse)) {
-            const redirectOptions = authResponse;
-            // bind redirection url and status to the context
-            // controller should handle actual redirection
-            this.setRedirectUrl(redirectOptions.targetLocation);
-            this.setRedirectStatus(redirectOptions.statusCode);
+        for (const strategy of strategies) {
+            // the first strategy to succeed or redirect will halt the execution chain
+            if (authenticated || redirected)
+                break;
+            try {
+                authResponse = await strategy.authenticate(request);
+                // response from `strategy.authenticate()` could return an object of type UserProfile or RedirectRoute
+                if (rest_1.RedirectRoute.isRedirectRoute(authResponse)) {
+                    redirected = true;
+                    const redirectOptions = authResponse;
+                    // bind redirection url and status to the context
+                    // controller should handle actual redirection
+                    this.setRedirectUrl(redirectOptions.targetLocation);
+                    this.setRedirectStatus(redirectOptions.statusCode);
+                }
+                else if (authResponse) {
+                    authenticated = true;
+                    // if `strategy.authenticate()` returns an object of type UserProfile, set it as current user
+                    userProfile = authResponse;
+                }
+                else if (!authResponse) {
+                    // important to throw a non-protocol-specific error here
+                    const error = new Error(`User profile not returned from strategy's authenticate function`);
+                    Object.assign(error, {
+                        code: types_1.USER_PROFILE_NOT_FOUND,
+                    });
+                    throw error;
+                }
+            }
+            catch (error) {
+                authError = authError !== null && authError !== void 0 ? authError : error;
+            }
         }
-        else if (authResponse) {
-            // if `strategy.authenticate()` returns an object of type UserProfile, set it as current user
-            userProfile = authResponse;
+        if (!authenticated && !redirected)
+            throw authError;
+        if (userProfile) {
             this.setCurrentUser(userProfile);
             return userProfile;
         }
-        else if (!authResponse) {
-            // important to throw a non-protocol-specific error here
-            const error = new Error(`User profile not returned from strategy's authenticate function`);
-            Object.assign(error, {
-                code: types_1.USER_PROFILE_NOT_FOUND,
-            });
-            throw error;
-        }
     }
 };
 AuthenticateActionProvider = tslib_1.__decorate([
@@ -80,4 +102,33 @@ AuthenticateActionProvider = tslib_1.__decorate([
     tslib_1.__metadata("design:paramtypes", [Function, Function, Function, Function])
 ], AuthenticateActionProvider);
 exports.AuthenticateActionProvider = AuthenticateActionProvider;
+let AuthenticationMiddlewareProvider = class AuthenticationMiddlewareProvider {
+    constructor(authenticate) {
+        this.authenticate = authenticate;
+    }
+    value() {
+        return async (ctx, next) => {
+            try {
+                await this.authenticate(ctx.request);
+            }
+            catch (error) {
+                if (error.code === types_1.AUTHENTICATION_STRATEGY_NOT_FOUND ||
+                    error.code === types_1.USER_PROFILE_NOT_FOUND) {
+                    error.statusCode = 401;
+                }
+                throw error;
+            }
+            return next();
+        };
+    }
+};
+AuthenticationMiddlewareProvider = tslib_1.__decorate([
+    core_1.bind(rest_1.asMiddleware({
+        group: rest_1.RestMiddlewareGroups.AUTHENTICATION,
+        upstreamGroups: [rest_1.RestMiddlewareGroups.FIND_ROUTE],
+    })),
+    tslib_1.__param(0, core_1.inject(keys_1.AuthenticationBindings.AUTH_ACTION)),
+    tslib_1.__metadata("design:paramtypes", [Function])
+], AuthenticationMiddlewareProvider);
+exports.AuthenticationMiddlewareProvider = AuthenticationMiddlewareProvider;
 //# sourceMappingURL=auth-action.provider.js.map

package/dist/providers/auth-action.provider.js.map

@@ -1 +1 @@
-{"version":3,"file":"auth-action.provider.js","sourceRoot":"","sources":["../../src/providers/auth-action.provider.ts"],"names":[],"mappings":";AAAA,sDAAsD;AACtD,wCAAwC;AACxC,+CAA+C;AAC/C,gEAAgE;;;;AAEhE,yCAAgE;AAChE,yCAAsD;AACtD,iDAAiE;AACjE,kCAA+C;AAC/C,oCAIkB;AAClB;;;GAGG;AACH,IAAa,0BAA0B,GAAvC,MAAa,0BAA0B;IACrC;IACE,yDAAyD;IACzD,4DAA4D;IAC5D,qDAAqD;IACrD,qCAAqC;IACrC,8DAA8D;IAC9D,+DAA+D;IAC/D,eAAe;IAEN,WAA2C,EAE3C,cAAmC,EAEnC,cAA8B,EAE9B,iBAAiC;QANjC,gBAAW,GAAX,WAAW,CAAgC;QAE3C,mBAAc,GAAd,cAAc,CAAqB;QAEnC,mBAAc,GAAd,cAAc,CAAgB;QAE9B,sBAAiB,GAAjB,iBAAiB,CAAgB;IACzC,CAAC;IAEJ;;OAEG;IACH,KAAK;QACH,OAAO,OAAO,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACzC,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,MAAM,CAAC,OAAgB;QAC3B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;QAC1C,IAAI,CAAC,QAAQ,EAAE;YACb,yDAAyD;YACzD,OAAO,SAAS,CAAC;SAClB;QAED,MAAM,YAAY,GAAG,MAAM,QAAQ,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;QAC1D,IAAI,WAAwB,CAAC;QAE7B,sGAAsG;QACtG,IAAI,oBAAa,CAAC,eAAe,CAAC,YAAY,CAAC,EAAE;YAC/C,MAAM,eAAe,GAAG,YAAY,CAAC;YACrC,iDAAiD;YACjD,8CAA8C;YAC9C,IAAI,CAAC,cAAc,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC;YACpD,IAAI,CAAC,iBAAiB,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC;SACpD;aAAM,IAAI,YAAY,EAAE;YACvB,6FAA6F;YAC7F,WAAW,GAAG,YAA2B,CAAC;YAC1C,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,CAAC;YACjC,OAAO,WAAW,CAAC;SACpB;aAAM,IAAI,CAAC,YAAY,EAAE;YACxB,wDAAwD;YACxD,MAAM,KAAK,GAAG,IAAI,KAAK,CACrB,iEAAiE,CAClE,CAAC;YACF,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE;gBACnB,IAAI,EAAE,8BAAsB;aAC7B,CAAC,CAAC;YACH,MAAM,KAAK,CAAC;SACb;IACH,CAAC;CACF,CAAA;AA/DY,0BAA0B;IASlC,mBAAA,aAAM,CAAC,MAAM,CAAC,6BAAsB,CAAC,QAAQ,CAAC,CAAA;IAE9C,mBAAA,aAAM,CAAC,MAAM,CAAC,2BAAgB,CAAC,IAAI,CAAC,CAAA;IAEpC,mBAAA,aAAM,CAAC,MAAM,CAAC,6BAAsB,CAAC,2BAA2B,CAAC,CAAA;IAEjE,mBAAA,aAAM,CAAC,MAAM,CAAC,6BAAsB,CAAC,8BAA8B,CAAC,CAAA;;GAf5D,0BAA0B,CA+DtC;AA/DY,gEAA0B"}
+{"version":3,"file":"auth-action.provider.js","sourceRoot":"","sources":["../../src/providers/auth-action.provider.ts"],"names":[],"mappings":";AAAA,sDAAsD;AACtD,wCAAwC;AACxC,+CAA+C;AAC/C,gEAAgE;;;;AAEhE,yCAAsE;AACtE,yCAMwB;AACxB,iDAAiE;AACjE,kCAA+C;AAC/C,oCAKkB;AAClB;;;GAGG;AACH,IAAa,0BAA0B,GAAvC,MAAa,0BAA0B;IACrC;IACE,yDAAyD;IACzD,4DAA4D;IAC5D,qDAAqD;IACrD,qCAAqC;IACrC,8DAA8D;IAC9D,+DAA+D;IAC/D,eAAe;IAEN,aAER,EAEQ,cAAmC,EAEnC,cAA8B,EAE9B,iBAAiC;QARjC,kBAAa,GAAb,aAAa,CAErB;QAEQ,mBAAc,GAAd,cAAc,CAAqB;QAEnC,mBAAc,GAAd,cAAc,CAAgB;QAE9B,sBAAiB,GAAjB,iBAAiB,CAAgB;IACzC,CAAC;IAEJ;;OAEG;IACH,KAAK;QACH,OAAO,OAAO,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACzC,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,MAAM,CAAC,OAAgB;QAC3B,IAAI,UAAU,GAAG,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;QAC5C,IAAI,CAAC,UAAU,EAAE;YACf,yDAAyD;YACzD,OAAO,SAAS,CAAC;SAClB;QACD,+BAA+B;QAC/B,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;QAEnE,IAAI,aAAa,GAAG,KAAK,CAAC;QAC1B,IAAI,UAAU,GAAG,KAAK,CAAC;QACvB,IAAI,SAA4B,CAAC;QACjC,IAAI,YAAqD,CAAC;QAC1D,IAAI,WAAoC,CAAC;QAEzC,KAAK,MAAM,QAAQ,IAAI,UAAU,EAAE;YACjC,0EAA0E;YAC1E,IAAI,aAAa,IAAI,UAAU;gBAAE,MAAM;YAEvC,IAAI;gBACF,YAAY,GAAG,MAAM,QAAQ,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;gBAEpD,sGAAsG;gBACtG,IAAI,oBAAa,CAAC,eAAe,CAAC,YAAY,CAAC,EAAE;oBAC/C,UAAU,GAAG,IAAI,CAAC;oBAClB,MAAM,eAAe,GAAG,YAAY,CAAC;oBACrC,iDAAiD;oBACjD,8CAA8C;oBAC9C,IAAI,CAAC,cAAc,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC;oBACpD,IAAI,CAAC,iBAAiB,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC;iBACpD;qBAAM,IAAI,YAAY,EAAE;oBACvB,aAAa,GAAG,IAAI,CAAC;oBACrB,6FAA6F;oBAC7F,WAAW,GAAG,YAA2B,CAAC;iBAC3C;qBAAM,IAAI,CAAC,YAAY,EAAE;oBACxB,wDAAwD;oBACxD,MAAM,KAAK,GAAG,IAAI,KAAK,CACrB,iEAAiE,CAClE,CAAC;oBACF,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE;wBACnB,IAAI,EAAE,8BAAsB;qBAC7B,CAAC,CAAC;oBACH,MAAM,KAAK,CAAC;iBACb;aACF;YAAC,OAAO,KAAK,EAAE;gBACd,SAAS,GAAG,SAAS,aAAT,SAAS,cAAT,SAAS,GAAI,KAAK,CAAC;aAChC;SACF;QAED,IAAI,CAAC,aAAa,IAAI,CAAC,UAAU;YAAE,MAAM,SAAS,CAAC;QAEnD,IAAI,WAAW,EAAE;YACf,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,CAAC;YACjC,OAAO,WAAW,CAAC;SACpB;IACH,CAAC;CACF,CAAA;AAxFY,0BAA0B;IASlC,mBAAA,aAAM,CAAC,MAAM,CAAC,6BAAsB,CAAC,QAAQ,CAAC,CAAA;IAI9C,mBAAA,aAAM,CAAC,MAAM,CAAC,2BAAgB,CAAC,IAAI,CAAC,CAAA;IAEpC,mBAAA,aAAM,CAAC,MAAM,CAAC,6BAAsB,CAAC,2BAA2B,CAAC,CAAA;IAEjE,mBAAA,aAAM,CAAC,MAAM,CAAC,6BAAsB,CAAC,8BAA8B,CAAC,CAAA;;GAjB5D,0BAA0B,CAwFtC;AAxFY,gEAA0B;AAgGvC,IAAa,gCAAgC,GAA7C,MAAa,gCAAgC;IAC3C,YAEU,YAA4B;QAA5B,iBAAY,GAAZ,YAAY,CAAgB;IACnC,CAAC;IAEJ,KAAK;QACH,OAAO,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;YACzB,IAAI;gBACF,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;aACtC;YAAC,OAAO,KAAK,EAAE;gBACd,IACE,KAAK,CAAC,IAAI,KAAK,yCAAiC;oBAChD,KAAK,CAAC,IAAI,KAAK,8BAAsB,EACrC;oBACA,KAAK,CAAC,UAAU,GAAG,GAAG,CAAC;iBACxB;gBACD,MAAM,KAAK,CAAC;aACb;YACD,OAAO,IAAI,EAAE,CAAC;QAChB,CAAC,CAAC;IACJ,CAAC;CACF,CAAA;AAtBY,gCAAgC;IAN5C,WAAI,CACH,mBAAY,CAAC;QACX,KAAK,EAAE,2BAAoB,CAAC,cAAc;QAC1C,cAAc,EAAE,CAAC,2BAAoB,CAAC,UAAU,CAAC;KAClD,CAAC,CACH;IAGI,mBAAA,aAAM,CAAC,6BAAsB,CAAC,WAAW,CAAC,CAAA;;GAFlC,gCAAgC,CAsB5C;AAtBY,4EAAgC"}

package/dist/providers/auth-metadata.provider.d.ts

@@ -4,7 +4,7 @@ import { AuthenticationMetadata, AuthenticationOptions } from '../types';
  * Provides authentication metadata of a controller method
  * @example `context.bind('authentication.operationMetadata').toProvider(AuthMetadataProvider)`
  */
-export declare class AuthMetadataProvider implements Provider<AuthenticationMetadata | undefined> {
+export declare class AuthMetadataProvider implements Provider<AuthenticationMetadata[] | undefined> {
     private readonly controllerClass;
     private readonly methodName;
     private readonly options;
@@ -12,5 +12,5 @@ export declare class AuthMetadataProvider implements Provider<AuthenticationMeta
     /**
      * @returns AuthenticationMetadata
      */
-    value(): AuthenticationMetadata | undefined;
+    value(): AuthenticationMetadata[] | undefined;
 }

package/dist/providers/auth-metadata.provider.js

@@ -23,11 +23,12 @@ let AuthMetadataProvider = class AuthMetadataProvider {
      * @returns AuthenticationMetadata
      */
     value() {
+        var _a;
         if (!this.controllerClass || !this.methodName)
             return;
         const metadata = decorators_1.getAuthenticateMetadata(this.controllerClass, this.methodName);
         // Skip authentication if `skip` is `true`
-        if (metadata === null || metadata === void 0 ? void 0 : metadata.skip)
+        if ((_a = metadata === null || metadata === void 0 ? void 0 : metadata[0]) === null || _a === void 0 ? void 0 : _a.skip)
             return undefined;
         if (metadata)
             return metadata;

package/dist/providers/auth-metadata.provider.js.map

@@ -1 +1 @@
-{"version":3,"file":"auth-metadata.provider.js","sourceRoot":"","sources":["../../src/providers/auth-metadata.provider.ts"],"names":[],"mappings":";AAAA,sDAAsD;AACtD,wCAAwC;AACxC,+CAA+C;AAC/C,gEAAgE;;;;AAEhE,yCAMwB;AACxB,8CAAsD;AACtD,kCAA+C;AAG/C;;;GAGG;AACH,IAAa,oBAAoB,GAAjC,MAAa,oBAAoB;IAE/B,YAEmB,eAAgC,EAEhC,UAAkB,EAElB,UAAiC,EAAE;QAJnC,oBAAe,GAAf,eAAe,CAAiB;QAEhC,eAAU,GAAV,UAAU,CAAQ;QAElB,YAAO,GAAP,OAAO,CAA4B;IACnD,CAAC;IAEJ;;OAEG;IACH,KAAK;QACH,IAAI,CAAC,IAAI,CAAC,eAAe,IAAI,CAAC,IAAI,CAAC,UAAU;YAAE,OAAO;QACtD,MAAM,QAAQ,GAAG,oCAAuB,CACtC,IAAI,CAAC,eAAe,EACpB,IAAI,CAAC,UAAU,CAChB,CAAC;QACF,0CAA0C;QAC1C,IAAI,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,IAAI;YAAE,OAAO,SAAS,CAAC;QACrC,IAAI,QAAQ;YAAE,OAAO,QAAQ,CAAC;QAC9B,gCAAgC;QAChC,OAAO,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC;IACtC,CAAC;CACF,CAAA;AA1BY,oBAAoB;IAG5B,mBAAA,aAAM,CAAC,mBAAY,CAAC,gBAAgB,EAAE,EAAC,QAAQ,EAAE,IAAI,EAAC,CAAC,CAAA;IAEvD,mBAAA,aAAM,CAAC,mBAAY,CAAC,sBAAsB,EAAE,EAAC,QAAQ,EAAE,IAAI,EAAC,CAAC,CAAA;IAE7D,mBAAA,aAAM,CAAC,EAAC,WAAW,EAAE,6BAAsB,CAAC,SAAS,EAAC,CAAC,CAAA;;GAP/C,oBAAoB,CA0BhC;AA1BY,oDAAoB"}
+{"version":3,"file":"auth-metadata.provider.js","sourceRoot":"","sources":["../../src/providers/auth-metadata.provider.ts"],"names":[],"mappings":";AAAA,sDAAsD;AACtD,wCAAwC;AACxC,+CAA+C;AAC/C,gEAAgE;;;;AAEhE,yCAMwB;AACxB,8CAAsD;AACtD,kCAA+C;AAG/C;;;GAGG;AACH,IAAa,oBAAoB,GAAjC,MAAa,oBAAoB;IAE/B,YAEmB,eAAgC,EAEhC,UAAkB,EAElB,UAAiC,EAAE;QAJnC,oBAAe,GAAf,eAAe,CAAiB;QAEhC,eAAU,GAAV,UAAU,CAAQ;QAElB,YAAO,GAAP,OAAO,CAA4B;IACnD,CAAC;IAEJ;;OAEG;IACH,KAAK;;QACH,IAAI,CAAC,IAAI,CAAC,eAAe,IAAI,CAAC,IAAI,CAAC,UAAU;YAAE,OAAO;QACtD,MAAM,QAAQ,GAAG,oCAAuB,CACtC,IAAI,CAAC,eAAe,EACpB,IAAI,CAAC,UAAU,CAChB,CAAC;QACF,0CAA0C;QAC1C,UAAI,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAG,CAAC,2CAAG,IAAI;YAAE,OAAO,SAAS,CAAC;QAC1C,IAAI,QAAQ;YAAE,OAAO,QAAQ,CAAC;QAC9B,gCAAgC;QAChC,OAAO,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC;IACtC,CAAC;CACF,CAAA;AA1BY,oBAAoB;IAG5B,mBAAA,aAAM,CAAC,mBAAY,CAAC,gBAAgB,EAAE,EAAC,QAAQ,EAAE,IAAI,EAAC,CAAC,CAAA;IAEvD,mBAAA,aAAM,CAAC,mBAAY,CAAC,sBAAsB,EAAE,EAAC,QAAQ,EAAE,IAAI,EAAC,CAAC,CAAA;IAE7D,mBAAA,aAAM,CAAC,EAAC,WAAW,EAAE,6BAAsB,CAAC,SAAS,EAAC,CAAC,CAAA;;GAP/C,oBAAoB,CA0BhC;AA1BY,oDAAoB"}

package/dist/providers/auth-strategy.provider.d.ts

@@ -9,10 +9,10 @@ import { AuthenticationMetadata, AuthenticationStrategy } from '../types';
  *
  * @example `context.bind('authentication.strategy').toProvider(AuthenticationStrategyProvider)`
  */
-export declare class AuthenticationStrategyProvider implements Provider<AuthenticationStrategy | undefined> {
+export declare class AuthenticationStrategyProvider implements Provider<AuthenticationStrategy[] | undefined> {
     protected authenticationStrategies: Getter<AuthenticationStrategy[]>;
-    protected metadata?: AuthenticationMetadata | undefined;
-    constructor(authenticationStrategies: Getter<AuthenticationStrategy[]>, metadata?: AuthenticationMetadata | undefined);
-    value(): Promise<AuthenticationStrategy | undefined>;
-    findAuthenticationStrategy(name: string): Promise<AuthenticationStrategy | undefined>;
+    protected metadata?: AuthenticationMetadata[] | undefined;
+    constructor(authenticationStrategies: Getter<AuthenticationStrategy[]>, metadata?: AuthenticationMetadata[] | undefined);
+    value(): Promise<AuthenticationStrategy[] | undefined>;
+    private findAuthenticationStrategies;
 }

package/dist/providers/auth-strategy.provider.js

@@ -24,25 +24,31 @@ let AuthenticationStrategyProvider = class AuthenticationStrategyProvider {
         this.metadata = metadata;
     }
     async value() {
-        if (!this.metadata) {
+        var _a;
+        if (!((_a = this.metadata) === null || _a === void 0 ? void 0 : _a.length)) {
             return undefined;
         }
-        const name = this.metadata.strategy;
-        const strategy = await this.findAuthenticationStrategy(name);
-        if (!strategy) {
-            // important to throw a non-protocol-specific error here
-            const error = new Error(`The strategy '${name}' is not available.`);
-            Object.assign(error, {
-                code: types_1.AUTHENTICATION_STRATEGY_NOT_FOUND,
-            });
-            throw error;
-        }
-        return strategy;
+        return this.findAuthenticationStrategies(this.metadata);
     }
-    async findAuthenticationStrategy(name) {
-        const strategies = await this.authenticationStrategies();
-        const matchingAuthStrategy = strategies.find(a => a.name === name);
-        return matchingAuthStrategy;
+    async findAuthenticationStrategies(metadata) {
+        const strategies = [];
+        const existingStrategies = await this.authenticationStrategies();
+        const findStrategy = (name) => {
+            const strategy = existingStrategies.find(a => a.name === name);
+            if (!strategy) {
+                const error = new Error(`The strategy '${name}' is not available.`);
+                Object.assign(error, {
+                    code: types_1.AUTHENTICATION_STRATEGY_NOT_FOUND,
+                });
+                throw error;
+            }
+            return strategy;
+        };
+        for (const data of metadata) {
+            const strategy = findStrategy(data.strategy);
+            strategies.push(strategy);
+        }
+        return strategies;
     }
 };
 AuthenticationStrategyProvider = tslib_1.__decorate([
@@ -50,7 +56,7 @@ AuthenticationStrategyProvider = tslib_1.__decorate([
     ,
     tslib_1.__param(0, core_1.extensions()),
     tslib_1.__param(1, core_1.inject(keys_1.AuthenticationBindings.METADATA)),
-    tslib_1.__metadata("design:paramtypes", [Function, Object])
+    tslib_1.__metadata("design:paramtypes", [Function, Array])
 ], AuthenticationStrategyProvider);
 exports.AuthenticationStrategyProvider = AuthenticationStrategyProvider;
 //# sourceMappingURL=auth-strategy.provider.js.map

package/dist/providers/auth-strategy.provider.js.map

@@ -1 +1 @@
-{"version":3,"file":"auth-strategy.provider.js","sourceRoot":"","sources":["../../src/providers/auth-strategy.provider.ts"],"names":[],"mappings":";AAAA,iDAAiD;AACjD,wCAAwC;AACxC,+CAA+C;AAC/C,gEAAgE;;;;AAEhE,yCAOwB;AACxB,kCAA+C;AAC/C,oCAIkB;AAElB;;;;;;;;GAQG;AAKH,IAAa,8BAA8B,GAA3C,MAAa,8BAA8B;IAEzC,YAEY,wBAA0D,EAE1D,QAAiC;QAFjC,6BAAwB,GAAxB,wBAAwB,CAAkC;QAE1D,aAAQ,GAAR,QAAQ,CAAyB;IAC1C,CAAC;IACJ,KAAK,CAAC,KAAK;QACT,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE;YAClB,OAAO,SAAS,CAAC;SAClB;QACD,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;QACpC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,0BAA0B,CAAC,IAAI,CAAC,CAAC;QAC7D,IAAI,CAAC,QAAQ,EAAE;YACb,wDAAwD;YACxD,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,iBAAiB,IAAI,qBAAqB,CAAC,CAAC;YACpE,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE;gBACnB,IAAI,EAAE,yCAAiC;aACxC,CAAC,CAAC;YACH,MAAM,KAAK,CAAC;SACb;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,KAAK,CAAC,0BAA0B,CAAC,IAAY;QAC3C,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,wBAAwB,EAAE,CAAC;QACzD,MAAM,oBAAoB,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;QACnE,OAAO,oBAAoB,CAAC;IAC9B,CAAC;CACF,CAAA;AA9BY,8BAA8B;IAJ1C,qBAAc,CACb,6BAAsB,CAAC,4CAA4C,EACnE,EAAC,KAAK,EAAE,mBAAY,CAAC,SAAS,EAAC,CAChC,CAAC,6DAA6D;;IAI1D,mBAAA,iBAAU,EAAE,CAAA;IAEZ,mBAAA,aAAM,CAAC,6BAAsB,CAAC,QAAQ,CAAC,CAAA;;GAL/B,8BAA8B,CA8B1C;AA9BY,wEAA8B"}
+{"version":3,"file":"auth-strategy.provider.js","sourceRoot":"","sources":["../../src/providers/auth-strategy.provider.ts"],"names":[],"mappings":";AAAA,iDAAiD;AACjD,wCAAwC;AACxC,+CAA+C;AAC/C,gEAAgE;;;;AAEhE,yCAOwB;AACxB,kCAA+C;AAC/C,oCAIkB;AAElB;;;;;;;;GAQG;AAKH,IAAa,8BAA8B,GAA3C,MAAa,8BAA8B;IAEzC,YAEY,wBAA0D,EAE1D,QAAmC;QAFnC,6BAAwB,GAAxB,wBAAwB,CAAkC;QAE1D,aAAQ,GAAR,QAAQ,CAA2B;IAC5C,CAAC;IACJ,KAAK,CAAC,KAAK;;QACT,IAAI,QAAC,IAAI,CAAC,QAAQ,0CAAE,MAAM,CAAA,EAAE;YAC1B,OAAO,SAAS,CAAC;SAClB;QACD,OAAO,IAAI,CAAC,4BAA4B,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC1D,CAAC;IAEO,KAAK,CAAC,4BAA4B,CACxC,QAAkC;QAElC,MAAM,UAAU,GAA6B,EAAE,CAAC;QAEhD,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,wBAAwB,EAAE,CAAC;QAEjE,MAAM,YAAY,GAAG,CAAC,IAAY,EAAE,EAAE;YACpC,MAAM,QAAQ,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;YAC/D,IAAI,CAAC,QAAQ,EAAE;gBACb,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,iBAAiB,IAAI,qBAAqB,CAAC,CAAC;gBACpE,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE;oBACnB,IAAI,EAAE,yCAAiC;iBACxC,CAAC,CAAC;gBACH,MAAM,KAAK,CAAC;aACb;YACD,OAAO,QAAQ,CAAC;QAClB,CAAC,CAAC;QAEF,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE;YAC3B,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAC7C,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;SAC3B;QAED,OAAO,UAAU,CAAC;IACpB,CAAC;CACF,CAAA;AAzCY,8BAA8B;IAJ1C,qBAAc,CACb,6BAAsB,CAAC,4CAA4C,EACnE,EAAC,KAAK,EAAE,mBAAY,CAAC,SAAS,EAAC,CAChC,CAAC,6DAA6D;;IAI1D,mBAAA,iBAAU,EAAE,CAAA;IAEZ,mBAAA,aAAM,CAAC,6BAAsB,CAAC,QAAQ,CAAC,CAAA;;GAL/B,8BAA8B,CAyC1C;AAzCY,wEAA8B"}

package/dist/types.d.ts

@@ -1,5 +1,5 @@
 import { Binding, BindingTemplate, Constructor, Context } from '@loopback/core';
-import { Request, RedirectRoute } from '@loopback/rest';
+import { RedirectRoute, Request } from '@loopback/rest';
 import { UserProfile } from '@loopback/security';
 /**
  * Authentication metadata stored via Reflection API
@@ -43,7 +43,7 @@ export interface AuthenticationOptions {
      * `@authenticate`. If not set, no default authentication will be enforced for
      * those methods without authentication metadata.
      */
-    defaultMetadata?: AuthenticationMetadata;
+    defaultMetadata?: AuthenticationMetadata[];
 }
 /**
  * An interface that describes the common authentication strategy.
@@ -87,3 +87,10 @@ export declare function registerAuthenticationStrategy(context: Context, strateg
  * A binding template for auth strategy contributor extensions
  */
 export declare const asAuthStrategy: BindingTemplate;
+/**
+ * Get the authentication metadata object for the specified strategy.
+ *
+ * @param metadata - Array of authentication metadata objects
+ * @param strategyName - Name of the authentication strategy
+ */
+export declare function getAuthenticationMetadataForStrategy(metadata: AuthenticationMetadata[], strategyName: string): AuthenticationMetadata | undefined;

package/dist/types.js

@@ -4,7 +4,7 @@
 // This file is licensed under the MIT License.
 // License text available at https://opensource.org/licenses/MIT
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.asAuthStrategy = exports.registerAuthenticationStrategy = exports.USER_PROFILE_NOT_FOUND = exports.AUTHENTICATION_STRATEGY_NOT_FOUND = void 0;
+exports.getAuthenticationMetadataForStrategy = exports.asAuthStrategy = exports.registerAuthenticationStrategy = exports.USER_PROFILE_NOT_FOUND = exports.AUTHENTICATION_STRATEGY_NOT_FOUND = void 0;
 const core_1 = require("@loopback/core");
 const keys_1 = require("./keys");
 exports.AUTHENTICATION_STRATEGY_NOT_FOUND = 'AUTHENTICATION_STRATEGY_NOT_FOUND';
@@ -32,4 +32,14 @@ exports.asAuthStrategy = binding => {
         namespace: keys_1.AuthenticationBindings.AUTHENTICATION_STRATEGY_EXTENSION_POINT_NAME,
     });
 };
+/**
+ * Get the authentication metadata object for the specified strategy.
+ *
+ * @param metadata - Array of authentication metadata objects
+ * @param strategyName - Name of the authentication strategy
+ */
+function getAuthenticationMetadataForStrategy(metadata, strategyName) {
+    return metadata.find(data => data.strategy === strategyName);
+}
+exports.getAuthenticationMetadataForStrategy = getAuthenticationMetadataForStrategy;
 //# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -1 +1 @@
-{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":";AAAA,sDAAsD;AACtD,wCAAwC;AACxC,+CAA+C;AAC/C,gEAAgE;;;AAEhE,yCAOwB;AAGxB,iCAA8C;AAgFjC,QAAA,iCAAiC,GAC5C,mCAAmC,CAAC;AAEzB,QAAA,sBAAsB,GAAG,wBAAwB,CAAC;AAE/D;;;;;;;GAOG;AACH,SAAgB,8BAA8B,CAC5C,OAAgB,EAChB,aAAkD;IAElD,OAAO,mBAAY,CACjB,OAAO,EACP,6BAAsB,CAAC,4CAA4C,EACnE,aAAa,EACb;QACE,SAAS,EACP,6BAAsB,CAAC,4CAA4C;KACtE,CACF,CAAC;AACJ,CAAC;AAbD,wEAaC;AAED;;GAEG;AACU,QAAA,cAAc,GAAoB,OAAO,CAAC,EAAE;IACvD,mBAAY,CACV,6BAAsB,CAAC,4CAA4C,CACpE,CAAC,OAAO,CAAC,CAAC;IACX,OAAO,CAAC,GAAG,CAAC;QACV,SAAS,EACP,6BAAsB,CAAC,4CAA4C;KACtE,CAAC,CAAC;AACL,CAAC,CAAC"}
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":";AAAA,sDAAsD;AACtD,wCAAwC;AACxC,+CAA+C;AAC/C,gEAAgE;;;AAEhE,yCAOwB;AAGxB,iCAA8C;AAgFjC,QAAA,iCAAiC,GAC5C,mCAAmC,CAAC;AAEzB,QAAA,sBAAsB,GAAG,wBAAwB,CAAC;AAE/D;;;;;;;GAOG;AACH,SAAgB,8BAA8B,CAC5C,OAAgB,EAChB,aAAkD;IAElD,OAAO,mBAAY,CACjB,OAAO,EACP,6BAAsB,CAAC,4CAA4C,EACnE,aAAa,EACb;QACE,SAAS,EACP,6BAAsB,CAAC,4CAA4C;KACtE,CACF,CAAC;AACJ,CAAC;AAbD,wEAaC;AAED;;GAEG;AACU,QAAA,cAAc,GAAoB,OAAO,CAAC,EAAE;IACvD,mBAAY,CACV,6BAAsB,CAAC,4CAA4C,CACpE,CAAC,OAAO,CAAC,CAAC;IACX,OAAO,CAAC,GAAG,CAAC;QACV,SAAS,EACP,6BAAsB,CAAC,4CAA4C;KACtE,CAAC,CAAC;AACL,CAAC,CAAC;AAEF;;;;;GAKG;AACH,SAAgB,oCAAoC,CAClD,QAAkC,EAClC,YAAoB;IAEpB,OAAO,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,KAAK,YAAY,CAAC,CAAC;AAC/D,CAAC;AALD,oFAKC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@loopback/authentication",
-  "version": "4.2.9",
+  "version": "6.0.1",
   "description": "A LoopBack component for authentication support.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -24,21 +24,20 @@
     "access": "public"
   },
   "dependencies": {
-    "@loopback/core": "^2.9.1",
-    "@loopback/openapi-v3": "^3.4.5",
-    "@loopback/rest": "^5.2.0",
-    "@loopback/security": "^0.2.14",
-    "@types/express": "^4.17.6",
-    "@types/lodash": "^4.14.157",
-    "lodash": "^4.17.15",
-    "tslib": "^2.0.0"
+    "@loopback/core": "^2.9.5",
+    "@loopback/rest": "^6.2.0",
+    "@loopback/security": "^0.2.18",
+    "@types/express": "^4.17.7",
+    "@types/lodash": "^4.14.160",
+    "lodash": "^4.17.20",
+    "tslib": "^2.0.1"
   },
   "devDependencies": {
-    "@loopback/build": "^6.1.0",
-    "@loopback/eslint-config": "^8.0.3",
-    "@loopback/openapi-spec-builder": "^2.1.9",
-    "@loopback/testlab": "^3.2.0",
-    "@types/node": "^10.17.26",
+    "@loopback/build": "^6.2.2",
+    "@loopback/eslint-config": "^9.0.2",
+    "@loopback/openapi-spec-builder": "^2.1.13",
+    "@loopback/testlab": "^3.2.4",
+    "@types/node": "^10.17.28",
     "jsonwebtoken": "^8.5.1"
   },
   "keywords": [
@@ -56,5 +55,5 @@
     "url": "https://github.com/strongloop/loopback-next.git",
     "directory": "packages/authentication"
   },
-  "gitHead": "b89db3d3b8be6a36e63e91c2331d217fda7538de"
+  "gitHead": "a3f54273814de63819e0d8bc86509f8a737800bb"
 }

package/src/authentication.component.ts

@@ -3,23 +3,22 @@
 // This file is licensed under the MIT License.
 // License text available at https://opensource.org/licenses/MIT
 
-import {bind, Component, ContextTags, ProviderMap} from '@loopback/core';
+import {bind, Component, ContextTags} from '@loopback/core';
 import {AuthenticationBindings} from './keys';
 import {
   AuthenticateActionProvider,
+  AuthenticationMiddlewareProvider,
   AuthenticationStrategyProvider,
   AuthMetadataProvider,
 } from './providers';
 
 @bind({tags: {[ContextTags.KEY]: AuthenticationBindings.COMPONENT}})
 export class AuthenticationComponent implements Component {
-  providers?: ProviderMap;
-
-  constructor() {
-    this.providers = {
-      [AuthenticationBindings.AUTH_ACTION.key]: AuthenticateActionProvider,
-      [AuthenticationBindings.STRATEGY.key]: AuthenticationStrategyProvider,
-      [AuthenticationBindings.METADATA.key]: AuthMetadataProvider,
-    };
-  }
+  providers = {
+    [AuthenticationBindings.AUTH_ACTION.key]: AuthenticateActionProvider,
+    [AuthenticationBindings.STRATEGY.key]: AuthenticationStrategyProvider,
+    [AuthenticationBindings.METADATA.key]: AuthMetadataProvider,
+    [AuthenticationBindings.AUTHENTICATION_MIDDLEWARE
+      .key]: AuthenticationMiddlewareProvider,
+  };
 }

package/src/decorators/authenticate.decorator.ts

@@ -18,19 +18,17 @@ import {
 import {AuthenticationMetadata} from '../types';
 
 class AuthenticateClassDecoratorFactory extends ClassDecoratorFactory<
-  AuthenticationMetadata
+  AuthenticationMetadata[]
 > {}
 
 /**
  * Mark a controller method as requiring authenticated user.
  *
- * @param strategyNameOrMetadata - The name of the authentication strategy to use
- * or the authentication metadata object.
- * @param options - Additional options to configure the authentication.
+ * @param strategies - The names of the authentication strategies to use
+ * or authentication metadata objects.
  */
 export function authenticate(
-  strategyNameOrMetadata: string | AuthenticationMetadata,
-  options?: object,
+  ...strategies: (string | AuthenticationMetadata)[]
 ) {
   return function authenticateDecoratorForClassOrMethod(
     // Class or a prototype
@@ -42,31 +40,35 @@ export function authenticate(
     // eslint-disable-next-line @typescript-eslint/no-explicit-any
     methodDescriptor?: TypedPropertyDescriptor<any>,
   ) {
-    let spec: AuthenticationMetadata;
-    if (typeof strategyNameOrMetadata === 'object') {
-      spec = strategyNameOrMetadata;
-    } else {
-      spec = {strategy: strategyNameOrMetadata, options: options ?? {}};
+    const specs: AuthenticationMetadata[] = [];
+
+    for (const strategy of strategies) {
+      if (typeof strategy === 'object') {
+        specs.push(strategy);
+      } else {
+        specs.push({strategy: strategy});
+      }
     }
+
     if (method && methodDescriptor) {
       // Method
-      return MethodDecoratorFactory.createDecorator<AuthenticationMetadata>(
+      return MethodDecoratorFactory.createDecorator<AuthenticationMetadata[]>(
         AUTHENTICATION_METADATA_KEY,
-        spec,
+        specs,
         {decoratorName: '@authenticate'},
       )(target, method, methodDescriptor);
     }
     if (typeof target === 'function' && !method && !methodDescriptor) {
       // Class
-      return AuthenticateClassDecoratorFactory.createDecorator(
-        AUTHENTICATION_METADATA_CLASS_KEY,
-        spec,
-        {decoratorName: '@authenticate'},
-      )(target);
+      return AuthenticateClassDecoratorFactory.createDecorator<
+        AuthenticationMetadata[]
+      >(AUTHENTICATION_METADATA_CLASS_KEY, specs, {
+        decoratorName: '@authenticate',
+      })(target);
     }
     // Not on a class or method
     throw new Error(
-      '@intercept cannot be used on a property: ' +
+      '@authenticate cannot be used on a property: ' +
         DecoratorFactory.getTargetName(target, method, methodDescriptor),
     );
   };
@@ -88,16 +90,16 @@ export namespace authenticate {
 export function getAuthenticateMetadata(
   targetClass: Constructor<{}>,
   methodName: string,
-): AuthenticationMetadata | undefined {
+): AuthenticationMetadata[] | undefined {
   // First check method level
-  let metadata = MetadataInspector.getMethodMetadata<AuthenticationMetadata>(
+  let metadata = MetadataInspector.getMethodMetadata<AuthenticationMetadata[]>(
     AUTHENTICATION_METADATA_METHOD_KEY,
     targetClass.prototype,
     methodName,
   );
   if (metadata) return metadata;
   // Check if the class level has `@authenticate`
-  metadata = MetadataInspector.getClassMetadata<AuthenticationMetadata>(
+  metadata = MetadataInspector.getClassMetadata<AuthenticationMetadata[]>(
     AUTHENTICATION_METADATA_CLASS_KEY,
     targetClass,
   );

package/src/keys.ts

@@ -5,6 +5,7 @@
 
 import {BindingKey, MetadataAccessor} from '@loopback/core';
 import {SecurityBindings, UserProfile} from '@loopback/security';
+import {Middleware} from '@loopback/rest';
 import {AuthenticationComponent} from './authentication.component';
 import {
   AuthenticateFn,
@@ -39,8 +40,8 @@ export namespace AuthenticationBindings {
   >('authentication.userProfileFactory');
 
   /**
-   * Key used to bind an authentication strategy to the context for the
-   * authentication function to use.
+   * Key used to bind an authentication strategy or multiple strategies
+   * to the context for the authentication function to use.
    *
    * @example
    * ```ts
@@ -49,9 +50,9 @@ export namespace AuthenticationBindings {
    *   .toProvider(MyAuthenticationStrategy);
    * ```
    */
-  export const STRATEGY = BindingKey.create<AuthenticationStrategy | undefined>(
-    'authentication.strategy',
-  );
+  export const STRATEGY = BindingKey.create<
+    AuthenticationStrategy | AuthenticationStrategy[] | undefined
+  >('authentication.strategy');
 
   /**
    * Key used to inject the authentication function into the sequence.
@@ -88,6 +89,13 @@ export namespace AuthenticationBindings {
     'authentication.actions.authenticate',
   );
 
+  /**
+   * Binding key for AUTHENTICATION_MIDDLEWARE
+   */
+  export const AUTHENTICATION_MIDDLEWARE = BindingKey.create<Middleware>(
+    'middleware.authentication',
+  );
+
   /**
    * Key used to inject authentication metadata, which is used to determine
    * whether a request requires authentication or not.
@@ -97,20 +105,19 @@ export namespace AuthenticationBindings {
    * class MyPassportStrategyProvider implements Provider<Strategy | undefined> {
    *   constructor(
    *     @inject(AuthenticationBindings.METADATA)
-   *     private metadata: AuthenticationMetadata,
+   *     private metadata?: AuthenticationMetadata[],
    *   ) {}
    *   value(): ValueOrPromise<Strategy | undefined> {
-   *     if (this.metadata) {
-   *       const name = this.metadata.strategy;
+   *     if (this.metadata?.length) {
    *       // logic to determine which authentication strategy to return
    *     }
    *   }
    * }
    * ```
    */
-  export const METADATA = BindingKey.create<AuthenticationMetadata | undefined>(
-    'authentication.operationMetadata',
-  );
+  export const METADATA = BindingKey.create<
+    AuthenticationMetadata[] | undefined
+  >('authentication.operationMetadata');
 
   export const AUTHENTICATION_STRATEGY_EXTENSION_POINT_NAME =
     'authentication.strategies';

package/src/providers/auth-action.provider.ts

@@ -3,13 +3,20 @@
 // This file is licensed under the MIT License.
 // License text available at https://opensource.org/licenses/MIT
 
-import {Getter, inject, Provider, Setter} from '@loopback/core';
-import {Request, RedirectRoute} from '@loopback/rest';
+import {bind, Getter, inject, Provider, Setter} from '@loopback/core';
+import {
+  asMiddleware,
+  Middleware,
+  RedirectRoute,
+  Request,
+  RestMiddlewareGroups,
+} from '@loopback/rest';
 import {SecurityBindings, UserProfile} from '@loopback/security';
 import {AuthenticationBindings} from '../keys';
 import {
   AuthenticateFn,
   AuthenticationStrategy,
+  AUTHENTICATION_STRATEGY_NOT_FOUND,
   USER_PROFILE_NOT_FOUND,
 } from '../types';
 /**
@@ -26,7 +33,9 @@ export class AuthenticateActionProvider implements Provider<AuthenticateFn> {
     // defer resolution of the strategy until authenticate() action
     // is executed.
     @inject.getter(AuthenticationBindings.STRATEGY)
-    readonly getStrategy: Getter<AuthenticationStrategy>,
+    readonly getStrategies: Getter<
+      AuthenticationStrategy | AuthenticationStrategy[] | undefined
+    >,
     @inject.setter(SecurityBindings.USER)
     readonly setCurrentUser: Setter<UserProfile>,
     @inject.setter(AuthenticationBindings.AUTHENTICATION_REDIRECT_URL)
@@ -47,36 +56,89 @@ export class AuthenticateActionProvider implements Provider<AuthenticateFn> {
    * @param request - The incoming request provided by the REST layer
    */
   async action(request: Request): Promise<UserProfile | undefined> {
-    const strategy = await this.getStrategy();
-    if (!strategy) {
+    let strategies = await this.getStrategies();
+    if (!strategies) {
       // The invoked operation does not require authentication.
       return undefined;
     }
+    // convert to array if required
+    strategies = Array.isArray(strategies) ? strategies : [strategies];
+
+    let authenticated = false;
+    let redirected = false;
+    let authError: Error | undefined;
+    let authResponse: UserProfile | RedirectRoute | undefined;
+    let userProfile: UserProfile | undefined;
+
+    for (const strategy of strategies) {
+      // the first strategy to succeed or redirect will halt the execution chain
+      if (authenticated || redirected) break;
+
+      try {
+        authResponse = await strategy.authenticate(request);
+
+        // response from `strategy.authenticate()` could return an object of type UserProfile or RedirectRoute
+        if (RedirectRoute.isRedirectRoute(authResponse)) {
+          redirected = true;
+          const redirectOptions = authResponse;
+          // bind redirection url and status to the context
+          // controller should handle actual redirection
+          this.setRedirectUrl(redirectOptions.targetLocation);
+          this.setRedirectStatus(redirectOptions.statusCode);
+        } else if (authResponse) {
+          authenticated = true;
+          // if `strategy.authenticate()` returns an object of type UserProfile, set it as current user
+          userProfile = authResponse as UserProfile;
+        } else if (!authResponse) {
+          // important to throw a non-protocol-specific error here
+          const error = new Error(
+            `User profile not returned from strategy's authenticate function`,
+          );
+          Object.assign(error, {
+            code: USER_PROFILE_NOT_FOUND,
+          });
+          throw error;
+        }
+      } catch (error) {
+        authError = authError ?? error;
+      }
+    }
 
-    const authResponse = await strategy.authenticate(request);
-    let userProfile: UserProfile;
+    if (!authenticated && !redirected) throw authError;
 
-    // response from `strategy.authenticate()` could return an object of type UserProfile or RedirectRoute
-    if (RedirectRoute.isRedirectRoute(authResponse)) {
-      const redirectOptions = authResponse;
-      // bind redirection url and status to the context
-      // controller should handle actual redirection
-      this.setRedirectUrl(redirectOptions.targetLocation);
-      this.setRedirectStatus(redirectOptions.statusCode);
-    } else if (authResponse) {
-      // if `strategy.authenticate()` returns an object of type UserProfile, set it as current user
-      userProfile = authResponse as UserProfile;
+    if (userProfile) {
       this.setCurrentUser(userProfile);
       return userProfile;
-    } else if (!authResponse) {
-      // important to throw a non-protocol-specific error here
-      const error = new Error(
-        `User profile not returned from strategy's authenticate function`,
-      );
-      Object.assign(error, {
-        code: USER_PROFILE_NOT_FOUND,
-      });
-      throw error;
     }
   }
 }
+
+@bind(
+  asMiddleware({
+    group: RestMiddlewareGroups.AUTHENTICATION,
+    upstreamGroups: [RestMiddlewareGroups.FIND_ROUTE],
+  }),
+)
+export class AuthenticationMiddlewareProvider implements Provider<Middleware> {
+  constructor(
+    @inject(AuthenticationBindings.AUTH_ACTION)
+    private authenticate: AuthenticateFn,
+  ) {}
+
+  value(): Middleware {
+    return async (ctx, next) => {
+      try {
+        await this.authenticate(ctx.request);
+      } catch (error) {
+        if (
+          error.code === AUTHENTICATION_STRATEGY_NOT_FOUND ||
+          error.code === USER_PROFILE_NOT_FOUND
+        ) {
+          error.statusCode = 401;
+        }
+        throw error;
+      }
+      return next();
+    };
+  }
+}

package/src/providers/auth-metadata.provider.ts

@@ -6,9 +6,9 @@
 import {
   config,
   Constructor,
+  CoreBindings,
   inject,
   Provider,
-  CoreBindings,
 } from '@loopback/core';
 import {getAuthenticateMetadata} from '../decorators';
 import {AuthenticationBindings} from '../keys';
@@ -19,7 +19,7 @@ import {AuthenticationMetadata, AuthenticationOptions} from '../types';
  * @example `context.bind('authentication.operationMetadata').toProvider(AuthMetadataProvider)`
  */
 export class AuthMetadataProvider
-  implements Provider<AuthenticationMetadata | undefined> {
+  implements Provider<AuthenticationMetadata[] | undefined> {
   constructor(
     @inject(CoreBindings.CONTROLLER_CLASS, {optional: true})
     private readonly controllerClass: Constructor<{}>,
@@ -32,14 +32,14 @@ export class AuthMetadataProvider
   /**
    * @returns AuthenticationMetadata
    */
-  value(): AuthenticationMetadata | undefined {
+  value(): AuthenticationMetadata[] | undefined {
     if (!this.controllerClass || !this.methodName) return;
     const metadata = getAuthenticateMetadata(
       this.controllerClass,
       this.methodName,
     );
     // Skip authentication if `skip` is `true`
-    if (metadata?.skip) return undefined;
+    if (metadata?.[0]?.skip) return undefined;
     if (metadata) return metadata;
     // Fall back to default metadata
     return this.options.defaultMetadata;

package/src/providers/auth-strategy.provider.ts

@@ -5,10 +5,10 @@
 
 import {
   BindingScope,
-  Getter,
-  inject,
   extensionPoint,
   extensions,
+  Getter,
+  inject,
   Provider,
 } from '@loopback/core';
 import {AuthenticationBindings} from '../keys';
@@ -32,33 +32,44 @@ import {
   {scope: BindingScope.TRANSIENT},
 ) //this needs to be transient, e.g. for request level context.
 export class AuthenticationStrategyProvider
-  implements Provider<AuthenticationStrategy | undefined> {
+  implements Provider<AuthenticationStrategy[] | undefined> {
   constructor(
     @extensions()
     protected authenticationStrategies: Getter<AuthenticationStrategy[]>,
     @inject(AuthenticationBindings.METADATA)
-    protected metadata?: AuthenticationMetadata,
+    protected metadata?: AuthenticationMetadata[],
   ) {}
-  async value(): Promise<AuthenticationStrategy | undefined> {
-    if (!this.metadata) {
+  async value(): Promise<AuthenticationStrategy[] | undefined> {
+    if (!this.metadata?.length) {
       return undefined;
     }
-    const name = this.metadata.strategy;
-    const strategy = await this.findAuthenticationStrategy(name);
-    if (!strategy) {
-      // important to throw a non-protocol-specific error here
-      const error = new Error(`The strategy '${name}' is not available.`);
-      Object.assign(error, {
-        code: AUTHENTICATION_STRATEGY_NOT_FOUND,
-      });
-      throw error;
-    }
-    return strategy;
+    return this.findAuthenticationStrategies(this.metadata);
   }
 
-  async findAuthenticationStrategy(name: string) {
-    const strategies = await this.authenticationStrategies();
-    const matchingAuthStrategy = strategies.find(a => a.name === name);
-    return matchingAuthStrategy;
+  private async findAuthenticationStrategies(
+    metadata: AuthenticationMetadata[],
+  ): Promise<AuthenticationStrategy[]> {
+    const strategies: AuthenticationStrategy[] = [];
+
+    const existingStrategies = await this.authenticationStrategies();
+
+    const findStrategy = (name: string) => {
+      const strategy = existingStrategies.find(a => a.name === name);
+      if (!strategy) {
+        const error = new Error(`The strategy '${name}' is not available.`);
+        Object.assign(error, {
+          code: AUTHENTICATION_STRATEGY_NOT_FOUND,
+        });
+        throw error;
+      }
+      return strategy;
+    };
+
+    for (const data of metadata) {
+      const strategy = findStrategy(data.strategy);
+      strategies.push(strategy);
+    }
+
+    return strategies;
   }
 }

package/src/types.ts

@@ -11,7 +11,7 @@ import {
   Context,
   extensionFor,
 } from '@loopback/core';
-import {Request, RedirectRoute} from '@loopback/rest';
+import {RedirectRoute, Request} from '@loopback/rest';
 import {UserProfile} from '@loopback/security';
 import {AuthenticationBindings} from './keys';
 
@@ -59,7 +59,7 @@ export interface AuthenticationOptions {
    * `@authenticate`. If not set, no default authentication will be enforced for
    * those methods without authentication metadata.
    */
-  defaultMetadata?: AuthenticationMetadata;
+  defaultMetadata?: AuthenticationMetadata[];
 }
 
 /**
@@ -133,3 +133,16 @@ export const asAuthStrategy: BindingTemplate = binding => {
       AuthenticationBindings.AUTHENTICATION_STRATEGY_EXTENSION_POINT_NAME,
   });
 };
+
+/**
+ * Get the authentication metadata object for the specified strategy.
+ *
+ * @param metadata - Array of authentication metadata objects
+ * @param strategyName - Name of the authentication strategy
+ */
+export function getAuthenticationMetadataForStrategy(
+  metadata: AuthenticationMetadata[],
+  strategyName: string,
+): AuthenticationMetadata | undefined {
+  return metadata.find(data => data.strategy === strategyName);
+}