---
lang: en
title: 'API docs: security.subject'
keywords: LoopBack 4.0, LoopBack 4, Node.js, TypeScript, OpenAPI
sidebar: lb4_sidebar
editurl: https://github.com/loopbackio/loopback-next/tree/master/packages/security
permalink: /doc/en/lb4/apidocs.security.subject.html
---

<!-- Do not edit this file. It is automatically generated by API Documenter. -->

[Home](./index.md) &gt; [@loopback/security](./security.md) &gt; [Subject](./security.subject.md)

## Subject interface

`Subject` represents both security state and operations for a single request. It's the `who` for security.

Such operations include: - authentication (login) - authorization (access control) - session access - logout

**Signature:**

```typescript
export interface Subject 
```

## Properties

|  Property | Modifiers | Type | Description |
|  --- | --- | --- | --- |
|  [authorities](./security.subject.authorities.md) |  | Set&lt;[Permission](./security.permission.md)<!-- -->&gt; | An array of authorities granted by the user to the client application. One example is {@<!-- -->link https://tools.ietf.org/html/rfc6749\#section-3.3 \| oAuth2 scopes). |
|  [credentials](./security.subject.credentials.md) |  | Set&lt;[Credential](./security.credential.md)<!-- -->&gt; | An array of credentials, such as password, access token, or private/public keys. |
|  [principals](./security.subject.principals.md) |  | Set&lt;[TypedPrincipal](./security.typedprincipal.md)<!-- -->&gt; | <p>An array of principals. It can include information about the current user, the client application, and granted authorities.</p><p><code>Subject</code> represents both security state and operations for a single application user.</p><p>Such operations include: - authentication (login) - authorization (access control) - session access - logout</p> |