--- lang: en title: 'API docs: security.subject' keywords: LoopBack 4.0, LoopBack 4, Node.js, TypeScript, OpenAPI sidebar: lb4_sidebar editurl: https://github.com/loopbackio/loopback-next/tree/master/packages/security permalink: /doc/en/lb4/apidocs.security.subject.html --- [Home](./index.md) > [@loopback/security](./security.md) > [Subject](./security.subject.md) ## Subject interface `Subject` represents both security state and operations for a single request. It's the `who` for security. Such operations include: - authentication (login) - authorization (access control) - session access - logout **Signature:** ```typescript export interface Subject ``` ## Properties
Property Modifiers Type Description
[authorities](./security.subject.authorities.md) Set<[Permission](./security.permission.md)> An array of authorities granted by the user to the client application. One example is {@link https://tools.ietf.org/html/rfc6749\#section-3.3 \| oAuth2 scopes).
[credentials](./security.subject.credentials.md) Set<[Credential](./security.credential.md)> An array of credentials, such as password, access token, or private/public keys.
[principals](./security.subject.principals.md) Set<[TypedPrincipal](./security.typedprincipal.md)> An array of principals. It can include information about the current user, the client application, and granted authorities. `Subject` represents both security state and operations for a single application user. Such operations include: - authentication (login) - authorization (access control) - session access - logout