@loopback/authentication 7.1.0 → 7.2.0

package/CHANGELOG.md

@@ -3,6 +3,17 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [7.2.0](https://github.com/strongloop/loopback-next/compare/@loopback/authentication@7.1.0...@loopback/authentication@7.2.0) (2021-04-06)
+
+
+### Features
+
+* allow one strategy to fail the authentication process ([adbbf24](https://github.com/strongloop/loopback-next/commit/adbbf2439ffff42e5e6e3078d479e9c2031c196b))
+
+
+
+
+
 # [7.1.0](https://github.com/strongloop/loopback-next/compare/@loopback/authentication@7.0.7...@loopback/authentication@7.1.0) (2021-03-18)
 
 

package/dist/providers/auth-action.provider.d.ts

@@ -2,17 +2,21 @@
 import { Getter, Provider, Setter } from '@loopback/core';
 import { Middleware, Request } from '@loopback/rest';
 import { UserProfile } from '@loopback/security';
-import { AuthenticateFn, AuthenticationStrategy } from '../types';
+import { AuthenticateFn, AuthenticationOptions, AuthenticationStrategy } from '../types';
 /**
  * Provides the authentication action for a sequence
- * @example `context.bind('authentication.actions.authenticate').toProvider(AuthenticateActionProvider)`
+ * @example
+ * ```ts
+ * context.bind('authentication.actions.authenticate').toProvider(AuthenticateActionProvider)
+ * ```
  */
 export declare class AuthenticateActionProvider implements Provider<AuthenticateFn> {
     readonly getStrategies: Getter<AuthenticationStrategy | AuthenticationStrategy[] | undefined>;
     readonly setCurrentUser: Setter<UserProfile>;
     readonly setRedirectUrl: Setter<string>;
     readonly setRedirectStatus: Setter<number>;
-    constructor(getStrategies: Getter<AuthenticationStrategy | AuthenticationStrategy[] | undefined>, setCurrentUser: Setter<UserProfile>, setRedirectUrl: Setter<string>, setRedirectStatus: Setter<number>);
+    private readonly options;
+    constructor(getStrategies: Getter<AuthenticationStrategy | AuthenticationStrategy[] | undefined>, setCurrentUser: Setter<UserProfile>, setRedirectUrl: Setter<string>, setRedirectStatus: Setter<number>, options?: AuthenticationOptions);
     /**
      * @returns authenticateFn
      */

package/dist/providers/auth-action.provider.js

@@ -13,7 +13,10 @@ const keys_1 = require("../keys");
 const types_1 = require("../types");
 /**
  * Provides the authentication action for a sequence
- * @example `context.bind('authentication.actions.authenticate').toProvider(AuthenticateActionProvider)`
+ * @example
+ * ```ts
+ * context.bind('authentication.actions.authenticate').toProvider(AuthenticateActionProvider)
+ * ```
  */
 let AuthenticateActionProvider = class AuthenticateActionProvider {
     constructor(
@@ -24,11 +27,12 @@ let AuthenticateActionProvider = class AuthenticateActionProvider {
     // To solve this, we are injecting a getter function that will
     // defer resolution of the strategy until authenticate() action
     // is executed.
-    getStrategies, setCurrentUser, setRedirectUrl, setRedirectStatus) {
+    getStrategies, setCurrentUser, setRedirectUrl, setRedirectStatus, options = {}) {
         this.getStrategies = getStrategies;
         this.setCurrentUser = setCurrentUser;
         this.setRedirectUrl = setRedirectUrl;
         this.setRedirectStatus = setRedirectStatus;
+        this.options = options;
     }
     /**
      * @returns authenticateFn
@@ -42,56 +46,51 @@ let AuthenticateActionProvider = class AuthenticateActionProvider {
      */
     async action(request) {
         let strategies = await this.getStrategies();
-        if (!strategies) {
+        if (strategies == null) {
             // The invoked operation does not require authentication.
             return undefined;
         }
         // convert to array if required
         strategies = Array.isArray(strategies) ? strategies : [strategies];
-        let authenticated = false;
-        let redirected = false;
-        let authError;
-        let authResponse;
-        let userProfile;
+        const authErrors = [];
         for (const strategy of strategies) {
-            // the first strategy to succeed or redirect will halt the execution chain
-            if (authenticated || redirected)
-                break;
+            let authResponse = undefined;
             try {
                 authResponse = await strategy.authenticate(request);
-                // response from `strategy.authenticate()` could return an object of type UserProfile or RedirectRoute
-                if (rest_1.RedirectRoute.isRedirectRoute(authResponse)) {
-                    redirected = true;
-                    const redirectOptions = authResponse;
-                    // bind redirection url and status to the context
-                    // controller should handle actual redirection
-                    this.setRedirectUrl(redirectOptions.targetLocation);
-                    this.setRedirectStatus(redirectOptions.statusCode);
-                }
-                else if (authResponse) {
-                    authenticated = true;
-                    // if `strategy.authenticate()` returns an object of type UserProfile, set it as current user
-                    userProfile = authResponse;
-                }
-                else if (!authResponse) {
-                    // important to throw a non-protocol-specific error here
-                    const error = new Error(`User profile not returned from strategy's authenticate function`);
-                    Object.assign(error, {
-                        code: types_1.USER_PROFILE_NOT_FOUND,
-                    });
-                    throw error;
+            }
+            catch (err) {
+                if (this.options.failOnError) {
+                    throw err;
                 }
+                authErrors.push(err);
             }
-            catch (error) {
-                authError = authError !== null && authError !== void 0 ? authError : error;
+            // response from `strategy.authenticate()` could return an object of
+            // type UserProfile or RedirectRoute
+            if (rest_1.RedirectRoute.isRedirectRoute(authResponse)) {
+                const redirectOptions = authResponse;
+                // bind redirection url and status to the context
+                // controller should handle actual redirection
+                this.setRedirectUrl(redirectOptions.targetLocation);
+                this.setRedirectStatus(redirectOptions.statusCode);
+                return;
+            }
+            else if (authResponse != null) {
+                // if `strategy.authenticate()` returns an object of type UserProfile,
+                // set it as current user
+                const userProfile = authResponse;
+                this.setCurrentUser(userProfile);
+                return userProfile;
             }
         }
-        if (!authenticated && !redirected)
-            throw authError;
-        if (userProfile) {
-            this.setCurrentUser(userProfile);
-            return userProfile;
+        if (authErrors.length) {
+            throw authErrors[0];
         }
+        // important to throw a non-protocol-specific error here
+        const error = new Error(`User profile not returned from strategy's authenticate function`);
+        Object.assign(error, {
+            code: types_1.USER_PROFILE_NOT_FOUND,
+        });
+        throw error;
     }
 };
 AuthenticateActionProvider = tslib_1.__decorate([
@@ -99,7 +98,8 @@ AuthenticateActionProvider = tslib_1.__decorate([
     tslib_1.__param(1, core_1.inject.setter(security_1.SecurityBindings.USER)),
     tslib_1.__param(2, core_1.inject.setter(keys_1.AuthenticationBindings.AUTHENTICATION_REDIRECT_URL)),
     tslib_1.__param(3, core_1.inject.setter(keys_1.AuthenticationBindings.AUTHENTICATION_REDIRECT_STATUS)),
-    tslib_1.__metadata("design:paramtypes", [Function, Function, Function, Function])
+    tslib_1.__param(4, core_1.config({ fromBinding: keys_1.AuthenticationBindings.COMPONENT })),
+    tslib_1.__metadata("design:paramtypes", [Function, Function, Function, Function, Object])
 ], AuthenticateActionProvider);
 exports.AuthenticateActionProvider = AuthenticateActionProvider;
 let AuthenticationMiddlewareProvider = class AuthenticationMiddlewareProvider {

package/dist/providers/auth-action.provider.js.map

@@ -1 +1 @@
-{"version":3,"file":"auth-action.provider.js","sourceRoot":"","sources":["../../src/providers/auth-action.provider.ts"],"names":[],"mappings":";AAAA,sDAAsD;AACtD,wCAAwC;AACxC,+CAA+C;AAC/C,gEAAgE;;;;AAEhE,yCAA4E;AAC5E,yCAMwB;AACxB,iDAAiE;AACjE,kCAA+C;AAC/C,oCAKkB;AAClB;;;GAGG;AACH,IAAa,0BAA0B,GAAvC,MAAa,0BAA0B;IACrC;IACE,yDAAyD;IACzD,4DAA4D;IAC5D,qDAAqD;IACrD,qCAAqC;IACrC,8DAA8D;IAC9D,+DAA+D;IAC/D,eAAe;IAEN,aAER,EAEQ,cAAmC,EAEnC,cAA8B,EAE9B,iBAAiC;QARjC,kBAAa,GAAb,aAAa,CAErB;QAEQ,mBAAc,GAAd,cAAc,CAAqB;QAEnC,mBAAc,GAAd,cAAc,CAAgB;QAE9B,sBAAiB,GAAjB,iBAAiB,CAAgB;IACzC,CAAC;IAEJ;;OAEG;IACH,KAAK;QACH,OAAO,OAAO,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACzC,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,MAAM,CAAC,OAAgB;QAC3B,IAAI,UAAU,GAAG,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;QAC5C,IAAI,CAAC,UAAU,EAAE;YACf,yDAAyD;YACzD,OAAO,SAAS,CAAC;SAClB;QACD,+BAA+B;QAC/B,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;QAEnE,IAAI,aAAa,GAAG,KAAK,CAAC;QAC1B,IAAI,UAAU,GAAG,KAAK,CAAC;QACvB,IAAI,SAA4B,CAAC;QACjC,IAAI,YAAqD,CAAC;QAC1D,IAAI,WAAoC,CAAC;QAEzC,KAAK,MAAM,QAAQ,IAAI,UAAU,EAAE;YACjC,0EAA0E;YAC1E,IAAI,aAAa,IAAI,UAAU;gBAAE,MAAM;YAEvC,IAAI;gBACF,YAAY,GAAG,MAAM,QAAQ,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;gBAEpD,sGAAsG;gBACtG,IAAI,oBAAa,CAAC,eAAe,CAAC,YAAY,CAAC,EAAE;oBAC/C,UAAU,GAAG,IAAI,CAAC;oBAClB,MAAM,eAAe,GAAG,YAAY,CAAC;oBACrC,iDAAiD;oBACjD,8CAA8C;oBAC9C,IAAI,CAAC,cAAc,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC;oBACpD,IAAI,CAAC,iBAAiB,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC;iBACpD;qBAAM,IAAI,YAAY,EAAE;oBACvB,aAAa,GAAG,IAAI,CAAC;oBACrB,6FAA6F;oBAC7F,WAAW,GAAG,YAA2B,CAAC;iBAC3C;qBAAM,IAAI,CAAC,YAAY,EAAE;oBACxB,wDAAwD;oBACxD,MAAM,KAAK,GAAG,IAAI,KAAK,CACrB,iEAAiE,CAClE,CAAC;oBACF,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE;wBACnB,IAAI,EAAE,8BAAsB;qBAC7B,CAAC,CAAC;oBACH,MAAM,KAAK,CAAC;iBACb;aACF;YAAC,OAAO,KAAK,EAAE;gBACd,SAAS,GAAG,SAAS,aAAT,SAAS,cAAT,SAAS,GAAI,KAAK,CAAC;aAChC;SACF;QAED,IAAI,CAAC,aAAa,IAAI,CAAC,UAAU;YAAE,MAAM,SAAS,CAAC;QAEnD,IAAI,WAAW,EAAE;YACf,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,CAAC;YACjC,OAAO,WAAW,CAAC;SACpB;IACH,CAAC;CACF,CAAA;AAxFY,0BAA0B;IASlC,mBAAA,aAAM,CAAC,MAAM,CAAC,6BAAsB,CAAC,QAAQ,CAAC,CAAA;IAI9C,mBAAA,aAAM,CAAC,MAAM,CAAC,2BAAgB,CAAC,IAAI,CAAC,CAAA;IAEpC,mBAAA,aAAM,CAAC,MAAM,CAAC,6BAAsB,CAAC,2BAA2B,CAAC,CAAA;IAEjE,mBAAA,aAAM,CAAC,MAAM,CAAC,6BAAsB,CAAC,8BAA8B,CAAC,CAAA;;GAjB5D,0BAA0B,CAwFtC;AAxFY,gEAA0B;AAgGvC,IAAa,gCAAgC,GAA7C,MAAa,gCAAgC;IAC3C,YAEU,YAA4B;QAA5B,iBAAY,GAAZ,YAAY,CAAgB;IACnC,CAAC;IAEJ,KAAK;QACH,OAAO,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;YACzB,IAAI;gBACF,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;aACtC;YAAC,OAAO,KAAK,EAAE;gBACd,IACE,KAAK,CAAC,IAAI,KAAK,yCAAiC;oBAChD,KAAK,CAAC,IAAI,KAAK,8BAAsB,EACrC;oBACA,KAAK,CAAC,UAAU,GAAG,GAAG,CAAC;iBACxB;gBACD,MAAM,KAAK,CAAC;aACb;YACD,OAAO,IAAI,EAAE,CAAC;QAChB,CAAC,CAAC;IACJ,CAAC;CACF,CAAA;AAtBY,gCAAgC;IAN5C,iBAAU,CACT,mBAAY,CAAC;QACX,KAAK,EAAE,2BAAoB,CAAC,cAAc;QAC1C,cAAc,EAAE,CAAC,2BAAoB,CAAC,UAAU,CAAC;KAClD,CAAC,CACH;IAGI,mBAAA,aAAM,CAAC,6BAAsB,CAAC,WAAW,CAAC,CAAA;;GAFlC,gCAAgC,CAsB5C;AAtBY,4EAAgC"}
+{"version":3,"file":"auth-action.provider.js","sourceRoot":"","sources":["../../src/providers/auth-action.provider.ts"],"names":[],"mappings":";AAAA,sDAAsD;AACtD,wCAAwC;AACxC,+CAA+C;AAC/C,gEAAgE;;;;AAEhE,yCAOwB;AACxB,yCAMwB;AACxB,iDAAiE;AACjE,kCAA+C;AAC/C,oCAMkB;AAElB;;;;;;GAMG;AACH,IAAa,0BAA0B,GAAvC,MAAa,0BAA0B;IACrC;IACE,yDAAyD;IACzD,4DAA4D;IAC5D,qDAAqD;IACrD,qCAAqC;IACrC,8DAA8D;IAC9D,+DAA+D;IAC/D,eAAe;IAEN,aAER,EAEQ,cAAmC,EAEnC,cAA8B,EAE9B,iBAAiC,EAEzB,UAAiC,EAAE;QAV3C,kBAAa,GAAb,aAAa,CAErB;QAEQ,mBAAc,GAAd,cAAc,CAAqB;QAEnC,mBAAc,GAAd,cAAc,CAAgB;QAE9B,sBAAiB,GAAjB,iBAAiB,CAAgB;QAEzB,YAAO,GAAP,OAAO,CAA4B;IACnD,CAAC;IAEJ;;OAEG;IACH,KAAK;QACH,OAAO,OAAO,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACzC,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,MAAM,CAAC,OAAgB;QAC3B,IAAI,UAAU,GAAG,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;QAC5C,IAAI,UAAU,IAAI,IAAI,EAAE;YACtB,yDAAyD;YACzD,OAAO,SAAS,CAAC;SAClB;QACD,+BAA+B;QAC/B,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;QAEnE,MAAM,UAAU,GAAc,EAAE,CAAC;QACjC,KAAK,MAAM,QAAQ,IAAI,UAAU,EAAE;YACjC,IAAI,YAAY,GAA4C,SAAS,CAAC;YACtE,IAAI;gBACF,YAAY,GAAG,MAAM,QAAQ,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;aACrD;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE;oBAC5B,MAAM,GAAG,CAAC;iBACX;gBACD,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;aACtB;YAED,oEAAoE;YACpE,oCAAoC;YACpC,IAAI,oBAAa,CAAC,eAAe,CAAC,YAAY,CAAC,EAAE;gBAC/C,MAAM,eAAe,GAAG,YAAY,CAAC;gBACrC,iDAAiD;gBACjD,8CAA8C;gBAC9C,IAAI,CAAC,cAAc,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC;gBACpD,IAAI,CAAC,iBAAiB,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC;gBACnD,OAAO;aACR;iBAAM,IAAI,YAAY,IAAI,IAAI,EAAE;gBAC/B,sEAAsE;gBACtE,yBAAyB;gBACzB,MAAM,WAAW,GAAG,YAA2B,CAAC;gBAChD,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,CAAC;gBACjC,OAAO,WAAW,CAAC;aACpB;SACF;QAED,IAAI,UAAU,CAAC,MAAM,EAAE;YACrB,MAAM,UAAU,CAAC,CAAC,CAAC,CAAC;SACrB;QACD,wDAAwD;QACxD,MAAM,KAAK,GAAG,IAAI,KAAK,CACrB,iEAAiE,CAClE,CAAC;QACF,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE;YACnB,IAAI,EAAE,8BAAsB;SAC7B,CAAC,CAAC;QACH,MAAM,KAAK,CAAC;IACd,CAAC;CACF,CAAA;AArFY,0BAA0B;IASlC,mBAAA,aAAM,CAAC,MAAM,CAAC,6BAAsB,CAAC,QAAQ,CAAC,CAAA;IAI9C,mBAAA,aAAM,CAAC,MAAM,CAAC,2BAAgB,CAAC,IAAI,CAAC,CAAA;IAEpC,mBAAA,aAAM,CAAC,MAAM,CAAC,6BAAsB,CAAC,2BAA2B,CAAC,CAAA;IAEjE,mBAAA,aAAM,CAAC,MAAM,CAAC,6BAAsB,CAAC,8BAA8B,CAAC,CAAA;IAEpE,mBAAA,aAAM,CAAC,EAAC,WAAW,EAAE,6BAAsB,CAAC,SAAS,EAAC,CAAC,CAAA;;GAnB/C,0BAA0B,CAqFtC;AArFY,gEAA0B;AA6FvC,IAAa,gCAAgC,GAA7C,MAAa,gCAAgC;IAC3C,YAEU,YAA4B;QAA5B,iBAAY,GAAZ,YAAY,CAAgB;IACnC,CAAC;IAEJ,KAAK;QACH,OAAO,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;YACzB,IAAI;gBACF,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;aACtC;YAAC,OAAO,KAAK,EAAE;gBACd,IACE,KAAK,CAAC,IAAI,KAAK,yCAAiC;oBAChD,KAAK,CAAC,IAAI,KAAK,8BAAsB,EACrC;oBACA,KAAK,CAAC,UAAU,GAAG,GAAG,CAAC;iBACxB;gBACD,MAAM,KAAK,CAAC;aACb;YACD,OAAO,IAAI,EAAE,CAAC;QAChB,CAAC,CAAC;IACJ,CAAC;CACF,CAAA;AAtBY,gCAAgC;IAN5C,iBAAU,CACT,mBAAY,CAAC;QACX,KAAK,EAAE,2BAAoB,CAAC,cAAc;QAC1C,cAAc,EAAE,CAAC,2BAAoB,CAAC,UAAU,CAAC;KAClD,CAAC,CACH;IAGI,mBAAA,aAAM,CAAC,6BAAsB,CAAC,WAAW,CAAC,CAAA;;GAFlC,gCAAgC,CAsB5C;AAtBY,4EAAgC"}

package/dist/types.d.ts

@@ -45,6 +45,14 @@ export interface AuthenticationOptions {
      * those methods without authentication metadata.
      */
     defaultMetadata?: AuthenticationMetadata[];
+    /**
+     * This flag allows an authentication strategy to abort the authentication by
+     * throwing an error if `failOnError` is set to `true`. By default, the
+     * authentication process continues to the next one even when a strategy
+     * throws an error. If one of other strategies succeed, the error will be
+     * discarded.
+     */
+    failOnError?: boolean;
 }
 /**
  * An interface that describes the common authentication strategy.

package/dist/types.js.map

@@ -1 +1 @@
-{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":";AAAA,sDAAsD;AACtD,wCAAwC;AACxC,+CAA+C;AAC/C,gEAAgE;;;AAEhE,yCAOwB;AAGxB,iCAA8C;AAgFjC,QAAA,iCAAiC,GAC5C,mCAAmC,CAAC;AAEzB,QAAA,sBAAsB,GAAG,wBAAwB,CAAC;AAE/D;;;;;;;GAOG;AACH,SAAgB,8BAA8B,CAC5C,OAAgB,EAChB,aAAkD;IAElD,OAAO,mBAAY,CACjB,OAAO,EACP,6BAAsB,CAAC,4CAA4C,EACnE,aAAa,EACb;QACE,SAAS,EACP,6BAAsB,CAAC,4CAA4C;KACtE,CACF,CAAC;AACJ,CAAC;AAbD,wEAaC;AAED;;GAEG;AACI,MAAM,cAAc,GAAoB,OAAO,CAAC,EAAE;IACvD,mBAAY,CACV,6BAAsB,CAAC,4CAA4C,CACpE,CAAC,OAAO,CAAC,CAAC;IACX,OAAO,CAAC,GAAG,CAAC;QACV,SAAS,EACP,6BAAsB,CAAC,4CAA4C;KACtE,CAAC,CAAC;AACL,CAAC,CAAC;AARW,QAAA,cAAc,kBAQzB;AAEF;;;;;GAKG;AACH,SAAgB,oCAAoC,CAClD,QAAkC,EAClC,YAAoB;IAEpB,OAAO,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,KAAK,YAAY,CAAC,CAAC;AAC/D,CAAC;AALD,oFAKC"}
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":";AAAA,sDAAsD;AACtD,wCAAwC;AACxC,+CAA+C;AAC/C,gEAAgE;;;AAEhE,yCAOwB;AAGxB,iCAA8C;AAyFjC,QAAA,iCAAiC,GAC5C,mCAAmC,CAAC;AAEzB,QAAA,sBAAsB,GAAG,wBAAwB,CAAC;AAE/D;;;;;;;GAOG;AACH,SAAgB,8BAA8B,CAC5C,OAAgB,EAChB,aAAkD;IAElD,OAAO,mBAAY,CACjB,OAAO,EACP,6BAAsB,CAAC,4CAA4C,EACnE,aAAa,EACb;QACE,SAAS,EACP,6BAAsB,CAAC,4CAA4C;KACtE,CACF,CAAC;AACJ,CAAC;AAbD,wEAaC;AAED;;GAEG;AACI,MAAM,cAAc,GAAoB,OAAO,CAAC,EAAE;IACvD,mBAAY,CACV,6BAAsB,CAAC,4CAA4C,CACpE,CAAC,OAAO,CAAC,CAAC;IACX,OAAO,CAAC,GAAG,CAAC;QACV,SAAS,EACP,6BAAsB,CAAC,4CAA4C;KACtE,CAAC,CAAC;AACL,CAAC,CAAC;AARW,QAAA,cAAc,kBAQzB;AAEF;;;;;GAKG;AACH,SAAgB,oCAAoC,CAClD,QAAkC,EAClC,YAAoB;IAEpB,OAAO,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,KAAK,YAAY,CAAC,CAAC;AAC/D,CAAC;AALD,oFAKC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@loopback/authentication",
-  "version": "7.1.0",
+  "version": "7.2.0",
   "description": "A LoopBack component for authentication support.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -24,24 +24,24 @@
     "access": "public"
   },
   "peerDependencies": {
-    "@loopback/core": "^2.15.0",
-    "@loopback/rest": "^9.2.0"
+    "@loopback/core": "^2.15.1",
+    "@loopback/rest": "^9.2.1"
   },
   "dependencies": {
-    "@loopback/security": "^0.4.0",
+    "@loopback/security": "^0.4.1",
     "@types/express": "^4.17.11",
     "@types/lodash": "^4.14.168",
     "lodash": "^4.17.21",
     "tslib": "^2.1.0"
   },
   "devDependencies": {
-    "@loopback/build": "^6.3.0",
-    "@loopback/core": "^2.15.0",
-    "@loopback/eslint-config": "^10.1.0",
-    "@loopback/openapi-spec-builder": "^3.1.0",
-    "@loopback/rest": "^9.2.0",
-    "@loopback/testlab": "^3.3.0",
-    "@types/node": "^10.17.55",
+    "@loopback/build": "^6.3.1",
+    "@loopback/core": "^2.15.1",
+    "@loopback/eslint-config": "^10.1.1",
+    "@loopback/openapi-spec-builder": "^3.1.1",
+    "@loopback/rest": "^9.2.1",
+    "@loopback/testlab": "^3.3.1",
+    "@types/node": "^10.17.56",
     "jsonwebtoken": "^8.5.1"
   },
   "keywords": [
@@ -59,5 +59,5 @@
     "url": "https://github.com/strongloop/loopback-next.git",
     "directory": "packages/authentication"
   },
-  "gitHead": "85a45b8a0d6c1216c11256cb511ec6cfbfb4c226"
+  "gitHead": "156ca0fcf8fa246ca380ab28b44b3708896be2b6"
 }

package/src/providers/auth-action.provider.ts

@@ -3,7 +3,14 @@
 // This file is licensed under the MIT License.
 // License text available at https://opensource.org/licenses/MIT
 
-import {Getter, inject, injectable, Provider, Setter} from '@loopback/core';
+import {
+  config,
+  Getter,
+  inject,
+  injectable,
+  Provider,
+  Setter,
+} from '@loopback/core';
 import {
   asMiddleware,
   Middleware,
@@ -15,13 +22,18 @@ import {SecurityBindings, UserProfile} from '@loopback/security';
 import {AuthenticationBindings} from '../keys';
 import {
   AuthenticateFn,
+  AuthenticationOptions,
   AuthenticationStrategy,
   AUTHENTICATION_STRATEGY_NOT_FOUND,
   USER_PROFILE_NOT_FOUND,
 } from '../types';
+
 /**
  * Provides the authentication action for a sequence
- * @example `context.bind('authentication.actions.authenticate').toProvider(AuthenticateActionProvider)`
+ * @example
+ * ```ts
+ * context.bind('authentication.actions.authenticate').toProvider(AuthenticateActionProvider)
+ * ```
  */
 export class AuthenticateActionProvider implements Provider<AuthenticateFn> {
   constructor(
@@ -42,6 +54,8 @@ export class AuthenticateActionProvider implements Provider<AuthenticateFn> {
     readonly setRedirectUrl: Setter<string>,
     @inject.setter(AuthenticationBindings.AUTHENTICATION_REDIRECT_STATUS)
     readonly setRedirectStatus: Setter<number>,
+    @config({fromBinding: AuthenticationBindings.COMPONENT})
+    private readonly options: AuthenticationOptions = {},
   ) {}
 
   /**
@@ -57,59 +71,54 @@ export class AuthenticateActionProvider implements Provider<AuthenticateFn> {
    */
   async action(request: Request): Promise<UserProfile | undefined> {
     let strategies = await this.getStrategies();
-    if (!strategies) {
+    if (strategies == null) {
       // The invoked operation does not require authentication.
       return undefined;
     }
     // convert to array if required
     strategies = Array.isArray(strategies) ? strategies : [strategies];
 
-    let authenticated = false;
-    let redirected = false;
-    let authError: Error | undefined;
-    let authResponse: UserProfile | RedirectRoute | undefined;
-    let userProfile: UserProfile | undefined;
-
+    const authErrors: unknown[] = [];
     for (const strategy of strategies) {
-      // the first strategy to succeed or redirect will halt the execution chain
-      if (authenticated || redirected) break;
-
+      let authResponse: UserProfile | RedirectRoute | undefined = undefined;
       try {
         authResponse = await strategy.authenticate(request);
-
-        // response from `strategy.authenticate()` could return an object of type UserProfile or RedirectRoute
-        if (RedirectRoute.isRedirectRoute(authResponse)) {
-          redirected = true;
-          const redirectOptions = authResponse;
-          // bind redirection url and status to the context
-          // controller should handle actual redirection
-          this.setRedirectUrl(redirectOptions.targetLocation);
-          this.setRedirectStatus(redirectOptions.statusCode);
-        } else if (authResponse) {
-          authenticated = true;
-          // if `strategy.authenticate()` returns an object of type UserProfile, set it as current user
-          userProfile = authResponse as UserProfile;
-        } else if (!authResponse) {
-          // important to throw a non-protocol-specific error here
-          const error = new Error(
-            `User profile not returned from strategy's authenticate function`,
-          );
-          Object.assign(error, {
-            code: USER_PROFILE_NOT_FOUND,
-          });
-          throw error;
+      } catch (err) {
+        if (this.options.failOnError) {
+          throw err;
         }
-      } catch (error) {
-        authError = authError ?? error;
+        authErrors.push(err);
       }
-    }
 
-    if (!authenticated && !redirected) throw authError;
+      // response from `strategy.authenticate()` could return an object of
+      // type UserProfile or RedirectRoute
+      if (RedirectRoute.isRedirectRoute(authResponse)) {
+        const redirectOptions = authResponse;
+        // bind redirection url and status to the context
+        // controller should handle actual redirection
+        this.setRedirectUrl(redirectOptions.targetLocation);
+        this.setRedirectStatus(redirectOptions.statusCode);
+        return;
+      } else if (authResponse != null) {
+        // if `strategy.authenticate()` returns an object of type UserProfile,
+        // set it as current user
+        const userProfile = authResponse as UserProfile;
+        this.setCurrentUser(userProfile);
+        return userProfile;
+      }
+    }
 
-    if (userProfile) {
-      this.setCurrentUser(userProfile);
-      return userProfile;
+    if (authErrors.length) {
+      throw authErrors[0];
     }
+    // important to throw a non-protocol-specific error here
+    const error = new Error(
+      `User profile not returned from strategy's authenticate function`,
+    );
+    Object.assign(error, {
+      code: USER_PROFILE_NOT_FOUND,
+    });
+    throw error;
   }
 }
 

package/src/types.ts

@@ -60,6 +60,15 @@ export interface AuthenticationOptions {
    * those methods without authentication metadata.
    */
   defaultMetadata?: AuthenticationMetadata[];
+
+  /**
+   * This flag allows an authentication strategy to abort the authentication by
+   * throwing an error if `failOnError` is set to `true`. By default, the
+   * authentication process continues to the next one even when a strategy
+   * throws an error. If one of other strategies succeed, the error will be
+   * discarded.
+   */
+  failOnError?: boolean;
 }
 
 /**