-
Notifications
You must be signed in to change notification settings - Fork 126
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Obtain the request token in the handler #123
Comments
hi @mcortesi, |
Thanks @nelsonic for the quick reply. Optionally it could have it's own token, but that's another story. The value I want is the one here: https://github.com/dwyl/hapi-auth-jwt2/blob/master/lib/index.js#L29 |
Ah, yes, if you need the token before its decoded/verified then you would need to extract it as you have done. 👍 |
I use the plugin for that. So, I need to decode and verify the signature of the token; but i also need the token to call other servers. So in some way, we are saying that we want to make a call 'on behalf of' the user making the request. Is it a strange or ill advised use case? |
That sounds fine. Proxying the "other" server makes sense. |
Initially yes. But our idea is to device an on behalf of mechanism probably using two jwt, one of the server's and one for the user. Going back to my first comment, does it make sense to expose the token in the plugin? |
Good question. exposing the raw |
@nelsonic will do. Now, about that. To My suggestion would be set the token in the request. Where? I'm not to sure, since there seem to be some possible places for that:
Another option is to expose an What do you think? |
@mcortesi this has been available in the plugin for the past few releases so I'm closing the issue. 👍 |
Is this still valid? console.debug(
@nelsonic could be my user error, but I'm debugging :( |
Hi @framerate, you're working late ... 😉 This question does not appear to be related to the OP "Obtain request token in handler ..." 😕 Those
Then open the hapi-auth-jwt2/test/basic_server.js Line 31 in af75302
e.g: const privado = function(req, h) {
console.log(JSON.stringify(Object.keys(req.auth).sort(), null, 2))
return 'worked';
}; The output is: [
"artifacts",
"credentials",
"error",
"isAuthenticated",
"isAuthorized",
"mode",
"strategy",
"token"
] Pretty close, but no Hope you are able to achieve your goal, if not please open a |
Always working :) I think maybe we got our wires crossed. it's definitely related to this bug, I'm saying that request.auth.token (like originally requested here, and listed in the documentation) is undefined in "request.auth" That doesn't seem right? |
@framerate If you {
isAuthenticated: true,
isAuthorized: false,
credentials: { id: 123, name: 'Charlie', iat: 1565166536 },
artifacts:
'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MTIzLCJuYW1lIjoiQ2hhcmxpZSIsImlhdCI6MTU2NTE2NjUzNn0.EjSw-Sf2N5nQTSkoIVdLsHRyAj_sVMFMrhuk77D7yIY',
strategy: 'jwt',
mode: 'try',
error: null,
token:
'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MTIzLCJuYW1lIjoiQ2hhcmxpZSIsImlhdCI6MTU2NTE2NjUzNn0.EjSw-Sf2N5nQTSkoIVdLsHRyAj_sVMFMrhuk77D7yIY'
} The (apologies if I'm not understanding your question ... but |
It's really a question, don't know if it's the right place to ask it.
I need to obtain the user token within a route handler. It's useful to me, since i can use it to proxy call to other servers using the user's authentication token.
I checked the code and I've notice it's not stored anywhere. So, I ended up creating a
onPostAuth
listener that calls theextract()
function from the module, with the same options that i used for the plugin.Do you image any other way of doing it? Does it seem a good thing to add to the library? If so, I have no problem in adding it so, and sending a pull request.
The text was updated successfully, but these errors were encountered: