Skip to content

ryanwalters/jot

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

44 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

jot

hapi JSON Web Token (JWT) authentication plugin

Build Status Coverage Status

The 'jwt' scheme takes the following options:

Option Type Required Description
secret string Yes Secret key used to compute the signature
algorithms array Algorithm(s) allowed to verify tokens. Defaults to ['HS256']. Valid algorithms: ['HS256', 'HS384', 'HS512', 'RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512', 'none']
audience string Verify aud claim against this value
cookie string Cookie name. Defaults to sid. Works in tandem with hapi-auth-cookie. Must set JWT when the cookie is set. See examples below
issuer string Verify iss claim against this value
token string Name of the token set in the cookie. Defaults to token
validateFunc function Function to validate the decoded token on every request

Note: Storing the token in a cookie is optional, but recommended. You can always send the token in an Authorization header.

Example:

Or check out the sample app: massive-hapi

/* server.js */


// Register hapi-auth-cookie

server.register(require('hapi-auth-cookie'), (err) => {

    server.auth.strategy('session', 'cookie', {
        cookie: 'cookie-name',
        password: 'TheMinimumLengthOfPasswordsIs32!'
    });
});


// Register jot

server.register(require('jot'), (err) => {

    server.auth.strategy('jwt', 'jwt', {
        secret: 'ADifferentPasswordAlsoAtLeast32!',
        cookie: 'cookie-name'
    });

    server.auth.default({
        strategy: 'jwt',
        scope: ['admin']
    });
});


/* routes.js */


// Login route

server.route({
    method: 'POST',
    path: '/login',
    config: {
        auth: false,
        handler: (request, reply) => {

            // ... validate user credentials, yada yada yada ...

            // Set the token inside of the cookie

            request.cookieAuth.set(Jwt.sign({
                scope: ['admin']
            }, 'ADifferentPasswordAlsoAtLeast32!', {
                expiresIn: 60 * 60 * 2 // 2 hrs, but can be anything
            }));

            reply('ok!');
        }
    }
});


// Resource

server.route({
    method: 'GET',
    path: '/trade-secrets',
    config: {
        handler: (request, reply) => {

            // User is already authorized, time to check out those trade secrets

            reply('secrets!');
        }
    }
});

For more examples, check out the tests.

About

JSON Web Token (JWT) authentication plugin

Resources

License

Stars

Watchers

Forks

Packages

No packages published