Using JWT via URI

[3goats]

Hi,

I need to configure HAPI to accept the JWT via the URI as part of a GET request. Is it possible to use it in this way?

Regards.

[nelsonic]

Hi @carlskii
The URI use-case is not implemented (yet) as it encourages people to share URLs with tokens (which can lead to security compromise) but... we would consider a Pull Request if you want to submit one...

[nelsonic]

@carlskii What would you want to call the URL parameter?
e.g. token or jwt ?

[nelsonic]

@carlskii we can implement this in no time. please just let us know what url parameter you want to use. thanks.

[3goats]

I guess it could just be called "token".

The use case for me would be to ideally generate a time expiring key or token to some of my routes. A bit like Amazons S3 signed url feature. Not sure though if JWT is the right thing for this though.

[nelsonic]

Using the exp (expiry) time stamp in the JWT you can easily reject a token that has expired.
Are you hoping to send the link in an email?
E.g: http//:yoursite.com/restricted?token=JWT.goes.here

[3goats]

Yes that's the plan.

Sent from my iPad

On 22 Apr 2015, at 17:14, Nelson notifications@github.com wrote:

Using the exp (expiry) time stamp in the JWT you can easily reject a token that has expired.
Are you hoping to send the link in an email?

—
Reply to this email directly or view it on GitHub.

[nelsonic]

Ok, do you have time to help us write some code or documentation for the feature?

(If you're low on time we could squeeze it in tomorrow and send you a pull request for review...)

[3goats]

I can help document it, but my skills with regards writing the code for this type of thing are limited.

Sent from my iPad

On 22 Apr 2015, at 17:20, Nelson notifications@github.com wrote:

Ok, do you have time to help us write some code or documentation for the feature?

—
Reply to this email directly or view it on GitHub.

[rainabba]

What is the status on this issue? Is this project maintained (no reply since April 22 on the issue)?

[nelsonic]

@rainabba thanks for reminding us about this! This module is maintained and actively used.
We have just published a new version of the module to npm which allows tokens to be passed in via url parameter.
Please let us know if you need any help getting started with using it. 👍

[nelsonic]

@carlskii we have released Version 4.6.0 which includes support for token url parameter.
Closing this issue as we consider it to be resolved by the latest release.
Let us know if you need anything else! 👍

[rainabba]

Much appreciated!

[nelsonic]

@rainabba we appreciate you keeping us on our toes! 😉
please ⭐ the repository to signal to others that you find it useful.
Thanks again! 👍

[alexdrans]

Just needed this feature, thanks feature requesters of times past!

[nelsonic]

@alexdrans yeah, we're lucky that way...! ❤️
(hope you are well and your project(s) are going smoothly!)