I am new to loopback.js coming from Express. I am creating a small API. I have created custom middleware functions and would like to have the ACL verification logic in the middleware.
I used the loopback cli for creating the acl slc loopback:acl
However, the accesstoken that I am sending with my POST request does not get verified in the middleware where the DB queries reside. This poses a security concern and I am sure we always do the token verification at the start of the middleware chain.
Can someone help me understand how I can do that? Will I have to write my own function for this or is there a way to automate it using the loopback framework?
You can use loopback.token() middleware to explicitly verify access token in custom apis. Reference