hapi-auth-bearer-simple
Advanced tools
Custom authentication plugin for Hapi using Bearer tokens
hapi Bearer Token Authentication Scheme
The plugin requires validating a token passed in by the bearer authorization header or via the access_token query param. The validation function is something you have to provide to the plugin.
var validateFunction = function (token, callback) {
// Use a real strategy here to check if the token is valid
if (token === 'abc456789') {
callback(null, true, userCredentials);
}
else {
callback(null, false, userCredentials);
}
};
server.register(require('hapi-auth-bearer-simple'), function (err) {
if (err) {
throw err;
}
server.auth.strategy('bearer', 'bearerAuth', {
validateFunction: validateFunction
});
// Add a standard route here as example
server.route({
method: 'GET',
path: '/',
handler: function (request, reply) {
reply({ success: true });
},
config: {
auth: {
strategy: 'bearer',
scope: 'user' // or [ 'user', 'admin' ]
}
}
});
server.start(function (err) {
if (err) {
throw err;
}
server.log([],'Server started at: ' + server.info.uri);
});
});
validateFunction - (required) a token lookup and validation function with the signature function (token, callback)
token - the auth token received from the client.callback - a callback function with the signature function (err, isValid, credentials) where:
err - any error.isValid - true if both the username was found and the password matched, otherwise false.credentials - an object passed back to the plugin and which will become available in the requestobject as request.auth.credentials. Normally credentials are only included when isValidis true.exposeRequest - (optional / advanced) If set to true the validateFunction's this will be set to the request. This can be usefull if you have plugins that expose certain functions/objects on the request object and you want to use them in your validateFunction.FAQs
Custom authentication plugin for Hapi using Bearer tokens
We found that hapi-auth-bearer-simple demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Opengrep continues building momentum with the alpha release of its Playground tool, demonstrating the project's rapid evolution just two months after its initial launch.
Security News
FSF files an amicus brief against Neo4j, defending the AGPL and warning against adding restrictive terms that undermine free software rights.
Research
Security News
Malicious PyPI package ‘set-utils’ steals Ethereum private keys by exfiltrating them through blockchain transactions via the Polygon RPC.