Awesome
hapi-auth-jwt
hapi JSON Web Token (JWT) authentication plugin
JSON Web Token authentication requires verifying a signed token. The 'jwt'
scheme takes the following options:
key
- (required) The private key the token was signed with.validateFunc
- (optional) validation and user lookup function with the signaturefunction(request, token, callback)
where:request
- is the hapi request object of the request which is being authenticated.token
- the verified and decoded jwt tokencallback
- a callback function with the signaturefunction(err, isValid, credentials)
where:err
- an internal error.isValid
-true
if the token was valid otherwisefalse
.credentials
- a credentials object passed back to the application inrequest.auth.credentials
. Typically,credentials
are only included whenisValid
istrue
, but there are cases when the application needs to know who tried to authenticate even when it fails (e.g. with authentication mode'try'
).
verifyOptions
- settings to define how tokens are verified by the jsonwebtoken libraryalgorithms
: List of strings with the names of the allowed algorithms. For instance,["HS256", "HS384"]
.audience
: if you want to check audience (aud
), provide a value hereissuer
: if you want to check issuer (iss
), provide a value hereignoreExpiration
: iftrue
do not validate the expiration of the token.maxAge
: optional sets an expiration based on theiat
field. Eg2h
See the example folder for an executable example.
var Hapi = require('hapi'),
jwt = require('jsonwebtoken'),
server = new Hapi.Server();
server.connection({ port: 8080 });
var accounts = {
123: {
id: 123,
user: 'john',
fullName: 'John Doe',
scope: ['a', 'b']
}
};
var privateKey = 'BbZJjyoXAdr8BUZuiKKARWimKfrSmQ6fv8kZ7OFfc';
// Use this token to build your request with the 'Authorization' header.
// Ex:
// Authorization: Bearer <token>
var token = jwt.sign({ accountId: 123 }, privateKey, { algorithm: 'HS256'} );
var validate = function (request, decodedToken, callback) {
var error,
credentials = accounts[decodedToken.accountId] || {};
if (!credentials) {
return callback(error, false, credentials);
}
return callback(error, true, credentials)
};
server.register(require('hapi-auth-jwt'), function (error) {
server.auth.strategy('token', 'jwt', {
key: privateKey,
validateFunc: validate,
verifyOptions: { algorithms: [ 'HS256' ] } // only allow HS256 algorithm
});
server.route({
method: 'GET',
path: '/',
config: {
auth: 'token'
}
});
// With scope requirements
server.route({
method: 'GET',
path: '/withScope',
config: {
auth: {
strategy: 'token',
scope: ['a']
}
}
});
});
server.start();