Retrieval Options

To identify the authenticated entity and determine its authorization to access the resource, you must provide two mandatory configuration, in addition to a third optional one.

User Extractor

extractUser: (request: Request) => { roles: string[]} | Promise<{ roles: string[] }>;

A function that takes the current request object and returns the current authenticated user. This function is invoked on each request.

Role Fetcher

role: {
  fetch: (roles: string[], ...args: any[]) => IRole[] | Promise<IRole[]>;
  inject?: InjectionToken[];
};

This function retrieves role details. For each request, the roles extracted from the user object are passed to the fetch function to obtain the role details, which include the permissions of each role. The inject array should contain a list of injectables that will be available to the fetch function when invoked.

The parameters should be passed in a specific order. First, the fetch function should be provided, which takes roles as an array of strings followed by additional arguments. Additionally, if provided, the inject property should be specified in the exact order as defined.

Forbidden Exception Factory

In addition to the previous two options, a third one can be provided to customize the authorization guard,

exceptionFactory?: (permissions: string[],context: ExecutionContext) => HttpException;

This factory will be used to construct an exception in case of Forbidden Resource response

PreviousGetting Started NextFeatures

Last updated 1 year ago