fixup!: fix

loopbackio · Jun 2, 2020 · 055f2b7 · 055f2b7
1 parent 9faceca
commit 055f2b7
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 23 deletions.
diff --git a/docs/site/Authentication-overview.md b/docs/site/Authentication-overview.md
@@ -12,8 +12,8 @@ and usually consists of two distinct pieces:
 - Authentication
 - Authorization
 
-Authentication is a process of verifying someone's identity before a protected
-resource is accessed.
+Authentication is a process of verifying user/entity to the system, which
+enables identified/validated access to the protected routes.
 
 Authorization is a process of deciding if a user can perform an action on a
 protected resource.
@@ -24,45 +24,48 @@ This document gives you an overview of the authentication system provided in
 LoopBack 4.
 
 Let's start with the following scenario: Suppose you want to secure endpoint
-`GET /todo` using
+`GET /todo` using a
 [JWT(JSON web token)](https://github.com/auth0/node-jsonwebtoken#readme)
-strategy, the diagram below shows how such authentication process works with
+strategy. The diagram below shows how such authentication process works with
 LoopBack's authentication mechanism.
 
 ![authentication_overview_request_handle_flow](./imgs/authentication/authentication-overview.png)
 
-As you can see, a request with token in its header reaches the application. It's
-handled by the REST server's sequence, which invokes the authentication action
-to decode the user profile from token so that controller can inject the user
-into its functions. All you need to add is the code in programming colors:
+As illustrated above, an access token in Authorization header in making request
+to the route is handled by the REST server's sequence, which invokes the
+authentication action to decode the user profile from token so that controllers
+can have the user injected.
+
+For implementing this, all you need to add is the code in programming colors:
 
 - Register the authentication component and JWT extension in your application.
 - Enable the authenticate action in sequence.
 - Decorate the controller endpoint with `@authenticate()` and inject the user
   passed from the authentication layer.
 
 The rest will be handled by our authentication component
-`@loopback/authentication`, which glues all the parts together, and the JWT
-extension `@loopback/jwt-authentication`, which is usually provided by extension
+`@loopback/authentication`, which incorporates the authentication mechanism, and
+the JWT extension `@loopback/jwt-authentication`, which helps in implementing
+JWT-based authentication to the system and should be provided by extension
 developers.
 
-The authentication system is highly extensible and plugible. It's easy to get
-started with. While there are more advanced features to explorer, and they
-benefit when you build more complicated and larger scale applications. This
-requires you to understand the mechanism of the system, like how component
+The authentication system is highly extensible and pluggable. It's easy to get
+started with. While there are more advanced features to explorer - of which are
+beneficial when you build more complicated and larger scale applications. it
+requires understanding the mechanics of the system, like how component
 `@loopback/authentication` works. To help you learn the full features gradually,
-we break down the documentations into several parts:
+we've broken down the documentations into several parts:
 
-- [JWT todo example](missing_link): A tutorial to get started by applying the
-  JWT authentication in the
+- [**JWT todo example**](./tutorials/authentication/Authentication-Tutorial.md):
+  A tutorial to get started by applying the JWT authentication in the
   [todo example](https://loopback.io/doc/en/lb4/todo-tutorial.html).
 - Understand the modules provided out-of-the-box:
-  - [Authentication component](missing_link): A deep dive of component
+  - [**Authentication component**](missing_link): A deep dive of component
     `@loopback/authentication`
-  - [JWT extension](missing_link): A prototype implementation of the JWT
+  - [**JWT extension**](missing_link): A prototype implementation of the JWT
     authentication.
-- [How to create your own authentication strategy](missing_link): Particularly
-  for extension developers.
-- [Use [Passport](https://www.npmjs.com/package/passport) strategies](missing
-  link): The usage of passport adapter module
+- [**How to create your own authentication strategy**](missing_link):
+  Particularly for extension developers.
+- [Use [**Passport**](https://www.npmjs.com/package/passport)
+  strategies](missing link): The usage of passport adapter module
   `@loopback/authentication-passport`.
diff --git a/docs/site/sidebars/lb4_sidebar.yml b/docs/site/sidebars/lb4_sidebar.yml
@@ -515,6 +515,10 @@ children:
     url: express-with-lb4-rest-tutorial.html
     output: 'web, pdf'
 
+  - title: 'How to secure your LoopBack 4 application with JWT authentication'
+    url: Authentication-Tutorial.html
+    output: 'web, pdf'
+
   - title: 'Build large scale Node.js projects with LoopBack 4'
     url: core-tutorial.html
     output: 'web, pdf'