hapi-auth

Basic auth POC using hapi yar and a client-side reverse-proxy

Auth Flow

User visits site for first time, no cookie, generate token payload, encrypt, then store in an HTTP only cookie
User visits site with expired cookie, generate a new token payload, encrypt, then and store in an HTTP only cookie
User visits site with invalid token TOKEN_FRESHNESS threshold, but token has not expired, pro-actively re-auth the user
User visits site with invalid token TOKEN_FRESHNESS threshold and is expired, generate a new token payload, encrypt, then and store in an HTTP only cookie

Further Enchancements

Add SSL support
Restrict by domain name

Name		Name	Last commit message	Last commit date
Latest commit History 27 Commits
client		client
data		data
image		image
lib		lib
plugins		plugins
views		views
.eslintrc		.eslintrc
.gitignore		.gitignore
README.md		README.md
manifest.json		manifest.json
package.json		package.json
server.js		server.js

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

client

client

data

data

image

image

lib

lib

plugins

plugins

views

views

.eslintrc

.eslintrc

.gitignore

.gitignore

README.md

README.md

manifest.json

manifest.json

package.json

package.json

server.js

server.js

Repository files navigation

hapi-auth

Auth Flow

Further Enchancements

About

Releases

Packages

Languages

clohr/hapi-auth

Folders and files

Latest commit

History

Repository files navigation

hapi-auth

Auth Flow

Further Enchancements

About

Resources

Stars

Watchers

Forks

Languages