From 36fbdae5c5705779eb0a456bc3666c2d6c0c9b61 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miroslav=20Bajto=C5=A1?= <mbajtoss@gmail.com>
Date: Fri, 17 Jan 2020 15:27:29 +0100
Subject: [PATCH] fixup! fix instructions for accessing the current user
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Miroslav Bajtoš <mbajtoss@gmail.com>
---
 docs/site/migration/models/remoting-hooks.md | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/docs/site/migration/models/remoting-hooks.md b/docs/site/migration/models/remoting-hooks.md
index 2371b8166e5c..357c5700bb91 100644
--- a/docs/site/migration/models/remoting-hooks.md
+++ b/docs/site/migration/models/remoting-hooks.md
@@ -510,7 +510,7 @@ This remoting hook can be rewritten to a LoopBack 4 interceptor as follows:
 ```ts
 class WarnAnonymousInterceptor implements Provider<Interceptor> {
   constructor(
-    @inject.getter(SecurityBindings.USER)
+    @inject.getter(SecurityBindings.USER, {optional: true})
     private getCurrentUser: Getter<UserProfile>,
   ) {}
 
@@ -526,3 +526,11 @@ class WarnAnonymousInterceptor implements Provider<Interceptor> {
   }
 }
 ```
+
+Please note the current user must be injected as an optional value, because the
+value is available for authenticated endpoints only. In a typical application,
+not all endpoints are decorated with the `@authenticate` decorator. If you leave
+the injection as required (that's the default), then you will get a binding
+error when an unauthenticated endpoint is accessed. See
+[Using the Authentication Decorator](../../Loopback-component-authentication.html#using-the-authentication-decorator)
+for more details.