Skip to content

Commit

Permalink
adds answer to FAQ question about setting JWT auth for all routes ask…
Browse files Browse the repository at this point in the history 
…ed by @abeninskibede in #149 closes #149
  • Loading branch information
@nelsonic
nelsonic committed Aug 22, 2016
1 parent 39af1f0 commit 486c61e
Showing 1 changed file with 31 additions and 0 deletions.
31 changes: 31 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -415,6 +415,37 @@ We store our JWT-based sessions in a Redis datastore and lookup the session (`jt
This means we can invalidate the session in Redis and then reject a request that uses an "old" or invalid JWT. see: https://github.com/dwyl/hapi-auth-jwt2-example/blob/791b0d3906d4deb256daf23fcf8f5021905abe9e/index.js#L25


<br />

### How do I set JWT Auth to *All Routes*?

[@abeninskibede](https://github.com/abeninskibede) asked how to set all routes to use JWT Auth in [hapi-auth-jwt2/issues/149](https://github.com/dwyl/hapi-auth-jwt2/issues/149)

We tend to enable `hapi-auth-jwt2` for _all_ routes by setting the `mode` parameter to `true` (so its `required` for all endpoints) because _most_ of the endpoints in our app require the person/user to be authenticated e.g:

```js
// setting the 3rd argument to true means 'mode' is 'required' see: http://hapijs.com/tutorials/auth#mode
server.auth.strategy('jwt', 'jwt', true, { // so JWT auth is required for all routes
key: process.env.JWT_SECRET,
validateFunc: require('./jwt2_validate_func'),
verifyOptions: { ignoreExpiration: true, algorithms: [ 'HS256' ] }
});
```
> _Detailed Practical Example_: https://github.com/dwyl/hapi-login-example-postgres/blob/245a44f0e88226d99a3ad2e3dc38cc0d1750a241/lib/server.js#L33
When you want a particular route to ***not require*** JWT auth you simply set `config: { auth: false }` e.g:
```js
server.route({
method: 'GET',
path: '/login',
handler: login_handler, // display login/registration form/page
config: { auth: false } // don't require people to be logged in to see the login page! (duh!)
});
```

The best place to _understand_ everything about Hapi Auth is in the docs: http://hapijs.com/tutorials/auth#setting-a-default-strategy
But if you have any questions which are not answered there, feel free to [ask!](https://github.com/dwyl/hapi-auth-jwt2/issues)

<br />

## *Advanced/Alternative* Usage => Bring Your Own `verifyFunc`
Expand Down

0 comments on commit 486c61e

Please sign in to comment.