hapi-auth-anonymous
Advanced tools
Plugin that supports bearer token security using our idenity store.
(C) 2014 Martin Wawrusch
HAPI plugin that supports anonymous logins from mobile devices.
PLEASE NOTE THAT SIGNIFICANT PARTS OF THE CODE HAVE BEEN USED FROM ANOTHER NPM MODULE (hapi-auth-bearer by Jordan Stout)
ALSO, THIS IS WORK IN PROGRESS
THIS IS OBVIOUSLY NOT SECURE AS IN BANK LEVEL SECURITY - IT'S FOR CASUAL APPS ONLY
The scenario is like this: A user opens an app on a mobile device, and is identified by some persistent UUID. Each request to the backend includes an Authorization: anonymous [UUID] header. The UUID can be any format as long as it is a string. This module now ensures that, either a new user is created in the backend or an existing user with that id is retrieved. Voila, we support anonymous users.
This module requires the following HAPI modules to be loaded:
and a mongoose connector plugin (does not have to be this one)
Hapi = require "hapi"
hapiAuthAnonymous = require 'hapi-auth-anonymous'
hapiOauthStoreMultiTenant = require 'hapi-oauth-store-multi-tenant'
hapiUserStoreMultiTenant = require 'hapi-user-store-multi-tenant'
hapiMongooseDbConnector = require 'hapi-mongoose-db-connector'
server = new Hapi.Server config.server.port, config.server.host, {}
pluginConf = [
plugin: hapiUserStoreMultiTenant
options:
autoIndex: false
,
plugin: hapiOauthStoreMultiTenant
options:
autoIndex: false
,
plugin: hapiAuthAnonymous
options:
clientId: '53af466e96ab7635384b71fa'
_tenantId: '53af466e96ab7635384b71fb'
,
plugin: hapiMongooseDbConnector
options:
mongodbUrl: config.services.mongodbUrl
]
server.pack.register pluginConf, (err) ->
throw err if err
server.auth.strategy 'default', 'hapi-auth-anonymous', {}
server.auth.default 'default'
server.start ->
# Do something
module.exports = server
The client id used to identity the oauth app. In a usual setup you create one app when initializing your database for the first time and use that client id. Take a look at the hapi-routes-tenants-setup plugin that exposes a setup route.
An id that specifies which tenant in the identity store backend should be used. In most scenarios this will be a hardcoded (well, taken from the config) value. It must be a mongodb compatible object id (see example above).
The scope that will be assigned to the credentials upon login. This defaults to ['anonymous-access'] and can be either a string or an array. To assign no scope, pass an empty array.
The scope allows you to limit access or functionality in your routes. For example, a route that returns data can only return a subset for users in scope anonymous-access
and additionally
Copyright (c) 2014 Martin Wawrusch
FAQs
Plugin that supports bearer token security using our idenity store.
The npm package hapi-auth-anonymous receives a total of 1 weekly downloads. As such, hapi-auth-anonymous popularity was classified as not popular.
We found that hapi-auth-anonymous demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security Fundamentals
The Socket Threat Research Team uncovers how threat actors weaponize shell techniques across npm, PyPI, and Go ecosystems to maintain persistence and exfiltrate data.
Security News
At VulnCon 2025, NIST scrapped its NVD consortium plans, admitted it can't keep up with CVEs, and outlined automation efforts amid a mounting backlog.
Product
We redesigned our GitHub PR comments to deliver clear, actionable security insights without adding noise to your workflow.