hapi-auth-basic-key
Advanced tools
Fork of hapi-auth-basic that is intended to handle API keys as the username field of HTTP basic auth requests. The password portion of the authorization is available, but not necessary.
Basic authentication requires validating a username and password combination. The 'basic' scheme takes the following options:
validateFunc - (required) a user lookup and password validation function with the signature function(request, username, password, callback) where:
request - is the hapi request object of the request which is being authenticated.username - the username (api key) received from the client.password - the password received from the client. Not necessarily required unless you want it to be.callback - a callback function with the signature function(err, isValid, credentials) where:
err - an internal error. If defined will replace default Boom.unauthorized errorisValid - true if both the username was found and the password matched, otherwise false.credentials - a credentials object passed back to the application in request.auth.credentials. Typically, credentials are only
included when isValid is true, but there are cases when the application needs to know who tried to authenticate even when it fails
(e.g. with authentication mode 'try').allowEmptyUsername - (optional) if true, allows making requests with an empty username. Defaults to false.unauthorizedAttributes - (optional) if set, passed directly to Boom.unauthorized if no custom err is defined. Useful for setting realm attribute in WWW-Authenticate header. Defaults to undefined.
const keys = {
super_secret_api_key: {
id: '2133d32a',
name: 'my really cool app'
}
};
const validate = function (request, username, password, callback) {
const key = keys[username];
if (!key) {
return callback(null, false);
}
callback(err, true, key);
};
server.register(require('hapi-auth-basic-key'), (err) => {
server.auth.strategy('simple', 'basic', { validateFunc: validate });
server.route({ method: 'GET', path: '/', config: { auth: 'simple' } });
});
FAQs
Basic api-key-as-username authentication plugin
We found that hapi-auth-basic-key demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
A malicious NuGet package impersonating Sicoob exfiltrated client IDs, PFX passwords, and banking certificates through Sentry telemetry.
Security News
Feross Aboukhadijeh joins TBPN to discuss Socket's $60M Series C, 500%+ ARR growth, AI's impact on open source, and the rise in supply chain attacks.
Security News
OSV withdrew 157 OSV malware reports after automated false positives incorrectly flagged trusted npm and PyPI packages, sending bad records into tools that rely on OSV data.