Hapi authentication plugin for bearer token validation
Clone or download
Latest commit 3ce25f4 Sep 12, 2018
Permalink
Failed to load latest commit information.
lib update deps closes #54 Aug 17, 2016
test fix(package): update deps Sep 12, 2018
.gitignore init commit Nov 18, 2014
.travis.yml fix(package): require node >=8 Sep 12, 2018
LICENSE Initial commit Nov 18, 2014
Readme.md chore(deps): fix hapi version Jul 10, 2017
package-lock.json 5.0.7 Sep 12, 2018
package.json 5.0.7 Sep 12, 2018

Readme.md

Build Status dep dev peer Code Climate

Hapi authentication plugin

hapi Bearer Token Authentication Scheme

What

The plugin requires validating a token passed in by the bearer authorization header or via the access_token query param. The validation function is something you have to provide to the plugin.

How

var validateFunction = function (token, callback) {

    // Use a real strategy here to check if the token is valid
    if (token === 'abc456789') {
        callback(null, true, userCredentials);
    }
    else {
        callback(null, false, userCredentials);
    }
};

server.register(require('hapi-auth-bearer-simple'), function (err) {

    if (err) {
        throw err;
    }

    server.auth.strategy('bearer', 'bearerAuth', {
        validateFunction: validateFunction
    });

    // Add a standard route here as example
    server.route({
        method: 'GET',
        path: '/',
        handler: function (request, reply) {

            reply({ success: true });
        },
        config: {
            auth: {
                strategy: 'bearer',
                scope: 'user' // or [ 'user', 'admin' ]
            }
        }
    });

    server.start(function (err) {

        if (err) {
            throw err;
        }

        server.log([],'Server started at: ' + server.info.uri);
    });
});
  • validateFunction - (required) a token lookup and validation function with the signature function (token, callback)
    • token - the auth token received from the client.
    • callback - a callback function with the signature function (err, isValid, credentials) where:
      • err - any error.
      • isValid - true if both the username was found and the password matched, otherwise false.
      • credentials - an object passed back to the plugin and which will become available in the requestobject as request.auth.credentials. Normally credentials are only included when isValidis true.
  • exposeRequest - (optional / advanced) If set to true the validateFunction's this will be set to the request. This can be usefull if you have plugins that expose certain functions/objects on the request object and you want to use them in your validateFunction.

Notes

  • 100% code coverage!
  • You can chain strategies see .
  • If you have any problems and/or questions make a new issue.
  • If you want to contribute feel free to fork and add a pull request or again make an issue.