Home

Awesome

hapi-auth-jwt2 example

A functional example Hapi.js app demonstrating hapi-auth-jwt2 authentication using cookies for client-side session storage and Redis (hosted on Heroku) for session validation with tests!

Build Status Test Coverage Code Climate Dependency Status

bitHound Score Node.js Version NPM Version HAPI 15.0.3 devDependency Status

Environment Variables

To run this you will need to add an environment variable for your JWT_SECRET and REDISCLOUD_URL:

export JWT_SECRET=ItsNoSecretBecauseYouToldEverybody
export REDISCLOUD_URL=redis://rediscloud:OhEJvSgna@pub-redis-10689.eu-west-1-2.1.ec2.garantidata.com:10689

If you are new to using environment variables please see: https://github.com/dwyl/learn-environment-variables

Note: you will need to set up your own Redis to use the code in this example in your project. if you're new to Redis check out our quick start guide: https://github.com/dwyl/learn-redis

If you have any questions, please ask! Join the chat at https://gitter.im/dwyl/chat we are here to help!

<br />

Need Help? Got Questions?

If you have questions or need any help please post an issue: https://github.com/dwyl/hapi-auth-jwt2-cookie-example/issues

<hr />

@MassimoCappellano posted the following question: issues#2

Running the example on my computer, from Chrome doing two GET requests (login and restricted resource):

FIRST:

http://localhost:8000/auth

in the server response, in the header set cookie: token=...................................... as expected

THEN:

http://localhost:8000/restricted

{"statusCode":401,"error":"Unauthorized","message":"Missing authentication"}

I expected that the cookie would be set by the auth request (1) so it should be authenticated. Using chrome console seems that the cookie of the first response is not used in the second request. It's correct?

Can someone explain if I miss something?

Answer: you aren't missing anything, the demo server needed to be updated for latest Hapi, please re-try in browser, open Dev Tools then view the "Application" tab and expand the cookies section:

when we view the /auth route in Google Chrome it sets the cookie for the domain: hapi-auth-jwt2-showing-auth-route

And when we visit /restricted which requires as JWT we see: hapi-auth-jwt2-showing-restricted-route